Good afternoon all, We recently retired our old ICRadius servers and installed FreeRadius. We run two radius servers with a third server acting as master for the radius data and as the accounting server. All is working well. Billing has approached me with an issue where they need to disable a user for lack of payment. Previously we simply changed their password through our management system and they were then unable to reconnect. Client calls, pays, we enable them again. Currently we are noticing that because of DSL, and the fact we no longer impose any limits on dialup, it may take weeks before a client is disconnected and finds their password has changed. I have read through the docs, looked into Session-Timeout and SQL counters, but I do not see how to force a client to re authenticate. What am I missing? What config information do I need to provide? What information/manual/how to have I missed? Thanks, DAve -- "Posterity, you will know how much it cost the present generation to preserve your freedom. I hope you will make good use of it. If you do not, I shall repent in heaven that ever I took half the pains to preserve it." John Quincy Adams http://appleseedinfo.org
You can use expiration attribute or you can disconnect user with PoD. http://wiki.freeradius.org/Packet_of_Disconnect DAve wrote:
Good afternoon all,
We recently retired our old ICRadius servers and installed FreeRadius. We run two radius servers with a third server acting as master for the radius data and as the accounting server. All is working well.
Billing has approached me with an issue where they need to disable a user for lack of payment. Previously we simply changed their password through our management system and they were then unable to reconnect. Client calls, pays, we enable them again.
Currently we are noticing that because of DSL, and the fact we no longer impose any limits on dialup, it may take weeks before a client is disconnected and finds their password has changed.
I have read through the docs, looked into Session-Timeout and SQL counters, but I do not see how to force a client to re authenticate. What am I missing? What config information do I need to provide? What information/manual/how to have I missed?
Thanks,
DAve
Marinko Tarlac wrote:
You can use expiration attribute or you can disconnect user with PoD. http://wiki.freeradius.org/Packet_of_Disconnect
Expiration Attribute? I've not seen that in any docs. The POD is useful, I think I can provide a cronjob to query the DB once a day and terminate users as needed. Thank you! DAve
DAve wrote:
Good afternoon all,
We recently retired our old ICRadius servers and installed FreeRadius. We run two radius servers with a third server acting as master for the radius data and as the accounting server. All is working well.
Billing has approached me with an issue where they need to disable a user for lack of payment. Previously we simply changed their password through our management system and they were then unable to reconnect. Client calls, pays, we enable them again.
Currently we are noticing that because of DSL, and the fact we no longer impose any limits on dialup, it may take weeks before a client is disconnected and finds their password has changed.
I have read through the docs, looked into Session-Timeout and SQL counters, but I do not see how to force a client to re authenticate. What am I missing? What config information do I need to provide? What information/manual/how to have I missed?
Thanks,
DAve
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- "Posterity, you will know how much it cost the present generation to preserve your freedom. I hope you will make good use of it. If you do not, I shall repent in heaven that ever I took half the pains to preserve it." John Quincy Adams http://appleseedinfo.org
DAve wrote:
I have read through the docs, looked into Session-Timeout and SQL counters, but I do not see how to force a client to re authenticate. What am I missing? What config information do I need to provide? What information/manual/how to have I missed?
http://freeradius.org/rfc/attributes.html. Click on "Session-Timeout". If you set Session-Timeout to 86400, the NAS *should* drop the connection after one day. This will force them to re-authenticate. Alan DeKok.
Alan DeKok wrote:
DAve wrote:
I have read through the docs, looked into Session-Timeout and SQL counters, but I do not see how to force a client to re authenticate. What am I missing? What config information do I need to provide? What information/manual/how to have I missed?
http://freeradius.org/rfc/attributes.html. Click on "Session-Timeout".
If you set Session-Timeout to 86400, the NAS *should* drop the connection after one day. This will force them to re-authenticate.
Oddly I have that set for our dialup users but I am being told that after changing the password they are staying logged in for over 48 hours. I may need to take this up with Megapop, it is their NAS. DAve -- "Posterity, you will know how much it cost the present generation to preserve your freedom. I hope you will make good use of it. If you do not, I shall repent in heaven that ever I took half the pains to preserve it." John Quincy Adams http://appleseedinfo.org
participants (3)
-
Alan DeKok -
DAve -
Marinko Tarlac