On May 31, 2023, at 1:43 AM, Robert Senger <robert.senger@lists.microscopium.de> wrote:
I did not set a time resolution of one second,
Please read what I wrote. This isn't difficult. The *RADIUS PROTOCOL* has a time resolution of one second. I didn't ask if you set that. I was explaining to you that this is a fundamental limitation of how RADIUS works.
this is done by the sqlcounter module with it's default settings. I was looking for a configuration option like "Min-Session-Timeout" or something like that, but there is none.
Exactly. I gave you an example to set a minimum session timeout.
post-auth { if (&reply:Session-Timeout < 30) { reject } ... }
This looks good, just tried that (in the sites-available/default file), but won't work:
(342) post-auth { (342) if (&reply:Session-Timeout < 30) { (342) ERROR: Failed retrieving values required to evaluate condition
? :)
Read the debug output and think about it. The other debug output you posted shows it setting the Session-Timeout in the "inner-tunnel" virtual server. Which means it's not being set in the "default" virtual server. You can out the example config I posted in the inner-tunnel virtual server, instead of "default". I only suggested to put it in "default", because that's normally where it goes. But if you're running the counter module in the "inner-tunnel" virtual server, then the check for &reply:Session-Timeout needs to go there, too. Alan DeKok.