How do I implement a Cached-Session-Policy and how do I make sure that the Session-Timeout attribute is included? On 02.02.2017 19:31, Selahattin ÇİLEK wrote:
"its likely that its eg cached auth and you are not putting that attribute into cache so a basic authntication is okay is being returned with no session timeout."
Yes, I have indeed enabled session caching in my eap.conf file: cache { enable = yes lifetime = 24 max_entries = 1024 }
Is that why the second session never terminates? How can I put the "Session-Timeout" attribute into the session cache?
On 02.02.2017 17:50, A.L.M.Buxey@lboro.ac.uk wrote:
Hi,
I do not want to turn this into a clash of egos, I just want to understand the problem and solve it. okay - you were given advice which you've rejected because you want to do things your way - fair enough, so you need to follow the obvious bit of advice - capture the RADIUS conversation that occurs when the reauth is occuring..... its likely that its eg cached auth and you are not putting that attribute into cache so a basic authntication is okay is being returned with no session timeout.
or its a bug with your NAS...in which case you wont need to do anything special if you changed to a different NAS ;-)
This is what I want to achieve: I want to keep user data and statistics in a MySQL database. I want to enforce quota based on the data received by FreeRADIUS 2.2.8 from any NAS. basic stuff. just accounting from NAS to a DB
The NAS regularly informs FreeRADIUS how much a user has been using the network. FreeRADIUS keeps the data in a MySQL database and regularly checks if the user has reached his quota. When a user reaches his quota, it tells the NAS not to let him use the network. In order to be able to grant or deny access to a user, the NAS is supposed to ask FreeRADIUS at regular intervals what to with the authentication request. The only way the NAS can know about these intervals is through the "Session-Timeout" attribute. At the end of each session, the NAS sends FreeRADIUS a packet that contains data about how much bandwidth the user has consumed. FreeRADIUS commits the to a local MySQL schema, which I have programmed to update some other custom tables through triggers. no, you use CoA or the NAS API to control the users...you dont constantly reauth people for this functionality.
then you can drop them as soon as they reach $threshold, rather than up to 10 minutes later
also, if you reauth then its a new session....so you'll get loads of sessions to deal with.
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
--- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus