On Wed, 21 Mar 2012 08:52:14 -0400 Alan DeKok <aland@deployingradius.com> wrote:
Mutheu wrote:
I am a bit new to freeradius and I am trying to create a setup where an active session is re-authenticated everyminute and a user is kicked if no enough credit.
That's usually not a good idea. The timeframe for reauthentications should be 10 minutes at least.
More Details: Using 'norestcounter' with mysql works very well without the above. Now I would like to implement this idea : http://computing-tips.net/M0n0wall_Captive_Portal_Logout_URL/#onlinestore).
NAS supports a feature for "reauthentication every minute".
That's good.
The problem is that, if I turn it on, freeradius responds:
Sending delayed reject for request 2 Sending Access-Reject of id 234 to 10.250.78.200 port 64881 Reply-Message := "\r\nYou are already logged in - access denied\r\n\n"
Activated the option for ensuring no 'simoultenious use' via mysql.
Which means you activated one feature which prevents the other one from working.
Don't do that.
What am I missing in the freeradius config?
Probably nothing. Your NAS isn't sending the same session information the second time around. So FreeRADIUS thinks that the user is now logging in twice, and is rejecting it.
What are the session-information fields requirred to identify the session as ongoing but not new? I could find out from the NAS mailling if they can push it in thier next release.
As always, look at the debug output to see what's going on.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Mutheu <mutheu@lavabit.com>