<div dir="ltr"><font face="verdana, sans-serif"><br></font><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div class="im">
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><font face="verdana, sans-serif">
The more I read about this, the more complicated it gets!<br>
</font></blockquote>
<font face="verdana, sans-serif"><br></font></div><font face="verdana, sans-serif">
It's quite simple in principle.</font><div class="im"><font face="verdana, sans-serif"><br>
<br>
</font><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><font face="verdana, sans-serif">
Dear Phil, the first and third solutions you provided will work great<br>
but their implementation is not that easy. As you said above, following<br>
the first approach needs packet monitoring as well, which is not easy to<br>
implement unless there be a log file/table in freeradius for this<br>
</font></blockquote>
<font face="verdana, sans-serif"><br></font></div><font face="verdana, sans-serif">
I don't know what this means, I'm afraid.</font><div class="im"><font face="verdana, sans-serif"><br>
<br>
</font><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><font face="verdana, sans-serif">
packets. And the value for "acctsessiontime" is 0 until the user<br>
disconnects and freeradius sets the correct value for this field and<br>
some other fields in radacct table.<br>
</font></blockquote>
<font face="verdana, sans-serif"><br></font></div><font face="verdana, sans-serif">
As I said, you need to enable interim accounting. If you do this, the NAS should send accounting packets at frequent intervals that update acctsessiontime, amongst other things.<br>
<br>
If your NAS doesn't support interim accounting, you're stuck.<br>
<br>
If it does, you should just need to set the interim interval, either statically on the NAS or dynamically in the Access-Accept, like so:<br>
<br>
post-auth {<br>
...<br>
update reply {<br>
# accounting packets every 15 minutes<br>
Acct-Interim-Interval = 900<br>
}<br>
...<br>
}<br>
<br>
You also need to ensure the "accounting_update_query{,_<u></u>alt}" are configured in your sql.conf; this is the default.</font><div class="im"><font face="verdana, sans-serif"><br>
<br>
</font><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<font face="verdana, sans-serif"><br>
I also found that sometimes removing the last accounting record for<br>
the locked user in the radacct table won't work and you need to set<br>
"/var/log/freeradius/radutmp" to null, to unlock that user.<br>
</font></blockquote>
<font face="verdana, sans-serif"><br></font></div><font face="verdana, sans-serif">
Don't use utmp; disable the module if you are using SQL, it's unnecessary and bug prone.</font><div class="im"><font face="verdana, sans-serif"><br>
<br>
</font><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<font face="verdana, sans-serif"><br>
I wish there was a table for online users in NAS and we could compare<br>
online user in NAS and online users in RADIUS and decide what to do.<br>
</font></blockquote>
<font face="verdana, sans-serif"><br></font></div><font face="verdana, sans-serif">
Some devices do have this. It's vendor-specific, and often accessible via SNMP. Consult the docs for your NAS. Since this isn't a RADIUS question, it's best to look elsewhere for this.</font><div class="im"><font face="verdana, sans-serif"><br>
<br>
</font><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><font face="verdana, sans-serif">
I am still looking forward for your helpful comments and suggestion on<br>
this topic.<br>
</font></blockquote>
<font face="verdana, sans-serif"><br></font></div><font face="verdana, sans-serif">
As above: enable interim accounting. The effects should be obvious if it works, and the next steps clear.</font><div class=""><div class="h5"><font face="verdana, sans-serif"><br><br></font></div></div></blockquote><div>
<font face="verdana, sans-serif"><br></font></div><div><br></div><div><br></div><div style><font face="verdana, sans-serif">Hi Phil, thanks for taking the time to attend to this material. i am sure i need to study more to work around the issue.</font></div>
<div style><font face="verdana, sans-serif"><br></font></div><div style><font face="verdana, sans-serif"><br></font></div><div style><font face="verdana, sans-serif">i understand three steps from your guidelines to get rid of this problem, you can respond with just yes or no.</font></div>
<div style><font face="verdana, sans-serif"><br></font></div><div style><font face="verdana, sans-serif"><b><br></b></font></div><div style><font face="verdana, sans-serif"><b>A.) </b>Enable interim accounting</font></div>
<div style><font face="verdana, sans-serif"><b><br></b></font></div><div style><font face="verdana, sans-serif"><b>B.)</b> Enable </font></div><div style><font face="verdana, sans-serif">post-auth {<br></font><span style="font-family:verdana,sans-serif"> update reply {</span><font face="verdana, sans-serif"><br>
Acct-Interim-Interval = 900<br> }<br></font><span style="font-family:verdana,sans-serif">}</span><font face="verdana, sans-serif"><br></font></div><div style><font face="verdana, sans-serif"><br></font></div><div style>
<font face="verdana, sans-serif">C.) <b>You Said:</b> You also need to ensure the "accounting_update_query{,_<u></u>alt}" are configured in your sql.conf; this is the default.</font></div><div style><font face="verdana, sans-serif"><br>
</font></div><div style><font face="verdana, sans-serif">C1.) Unclear to this, i have nothing like this in my sql.conf </font></div><div style><span style="font-family:verdana,sans-serif"><br></span></div><div style><span style="font-family:verdana,sans-serif">sql {</span><br>
</div><div style><font face="verdana, sans-serif"><div> server = "localhost"</div><div> database = "mysql"</div><div> driver = "rlm_sql_mysql"</div><div> driver = "rlm_sql_${database}"</div>
<div> port = 3306</div><div> login = "root"</div><div> password = "xxxxxxxxx"</div><div> radius_db = "radius"</div><div> acct_table1 = "radacct"</div>
<div> acct_table2 = "radacct"</div><div> postauth_table = "radpostauth"</div><div> authcheck_table = "radcheck"</div><div> authreply_table = "radreply"</div>
<div> groupcheck_table = "radgroupcheck"</div><div> groupreply_table = "radgroupreply"</div><div> usergroup_table = "radusergroup"</div><div> deletestalesessions = yes</div>
<div> sqltrace = no</div><div> sqltracefile = ${logdir}/sqltrace.sql</div><div> num_sql_socks = 5</div><div> connect_failure_retry_delay = 60</div><div> lifetime = 0</div><div> max_queries = 0</div>
<div> readclients = yes</div><div> read_groups = yes</div><div> nas_table = "nas"</div><div> sqltrace = yes</div><div> $INCLUDE sql/${database}/dialup.conf</div><div>}</div><div>
<br></div></font></div><div style><br></div></div><font face="verdana, sans-serif"><b>D.) </b></font> <b>You Said:</b> <font face="verdana, sans-serif"><span style="color:rgb(80,0,80)">I also found that sometimes removing the last accounting record for </span><span style="color:rgb(80,0,80)">the locked user in the radacct table won't work and you need to set </span><span style="color:rgb(80,0,80)">"/var/log/freeradius/radutmp" to null, to unlock that user.</span></font></div>
<div class="gmail_extra"><br></div><div class="gmail_extra" style><font face="verdana, sans-serif"><b>D1.)</b> I use "radutmp" For Simultaneous-Use tracking. Do you mean it should be disable ?</font></div><div class="gmail_extra">
<br></div><div class="gmail_extra"><br></div><div class="gmail_extra" style><font face="verdana, sans-serif"><b>E.)</b> Testing </font></div><div class="gmail_extra" style><font face="verdana, sans-serif"><br></font></div>
<div class="gmail_extra" style><span style="color:rgb(80,0,80);font-family:verdana,sans-serif">I am clear with A&B. </span><font face="verdana, sans-serif">I need more help to tell us more about <b>"C"</b> what </font><span style="font-family:verdana,sans-serif">exactly </span><span style="font-family:verdana,sans-serif">should be added in "sql.conf" and <b>"D"</b> how to set null </span><span style="font-family:verdana,sans-serif;color:rgb(80,0,80)">"/var/log/freeradius/radutmp". </span></div>
<div class="gmail_extra" style><br></div><div class="gmail_extra" style><font face="verdana, sans-serif">Please do not think i want you to do all for me, Since you have help us this far please clarify with CD for us to put the fix in place.</font></div>
<div class="gmail_extra" style><font face="verdana, sans-serif"><br></font></div><div class="gmail_extra" style><font face="verdana, sans-serif">Thanks Phil</font></div><div class="gmail_extra" style><font face="verdana, sans-serif"><br>
</font></div><div class="gmail_extra" style><font face="verdana, sans-serif">Regards --RM</font></div><div class="gmail_extra" style><font face="verdana, sans-serif"><br></font></div><div class="gmail_extra" style><font face="verdana, sans-serif"> </font></div>
</div>