Zero Session-Timeout
Rohaizam Abu Bakar
haizam at myjaring.net
Wed May 31 05:30:54 CEST 2006
Thanks for the suggestion.. the rlm_perl works.!!. to load session-time
value..
But if no value found... as configured in perl script..
if (!$timeoutvalue){
return RLM_MODULE_REJECT;
}
it will not reject the user.... user will just has NO Session-Timeout..
--haizam
----- Original Message -----
From: "Kostas Kalevras" <kkalev at noc.ntua.gr>
To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Sent: Tuesday, May 30, 2006 7:19 PM
Subject: Re: Zero Session-Timeout
> On Tue, 30 May 2006, Rohaizam Abu Bakar wrote:
>
>> Dear all,
>>
>> Using FB 6.0, FR 1.0.5 (will upgrade soon)
>>
>> I've problem with timeout...
>>
>> I've set in users file as below in order to load timeout value depending
>> on type of connection (ISDN/PSTN)
>>
>> DEFAULT NAS-Port-Type == "Sync", Autz-Type := DIALUP,
>> Auth-Type := DIALUP
>> Session-Timeout =
>> `%{exec:/usr/local/etc/raddb/timeout.pl %U ISDN}`
>>
>> DEFAULT NAS-Port-Type == "Async", Autz-Type := DIALUP,
>> Auth-Type := DIALUP
>> Session-Timeout =
>> `%{exec:/usr/local/etc/raddb/timeout.pl %U PSTN}`value
>>
>> The problem is when "Session-Timeout =0", normally happen when script
>> cannot load value... it will NOT timeout... user till can get connect
>> until manually disconnect...
>
> I think that some access servers cannot handle session-timeout values
> which are very low or zero. In any case if session-timeout is zero you re
> better off sending an access-reject anyway.
> I would suggest moving the script to rlm_perl and just return REJECT in
> case you cannot find a correct value. And also try not sending a
> session-timeout value which is lower than 60 secs.
>
>>
>>
>> Below is the debug log...
>>
>>
>> Login OK: [integ36] (from client INFRANETTEST port 300 cli 55550000)
>> Sending Access-Accept of id 111 to 10.1.1.1:1645
>> Session-Timeout = 0
>> Framed-Compression = Van-Jacobson-TCP-IP
>> Framed-MTU = 1500
>> Framed-Protocol = PPP
>> Service-Type = Framed-User
>> Finished request 89
>> Going to the next request
>> --- Walking the entire request list ---
>> Waking up in 6 seconds...
>> rad_recv: Accounting-Request packet from host 10.1.1.1:1646, id=97,
>> length=131
>> Acct-Session-Id = "000000AE"
>> Framed-Protocol = PPP
>> User-Name = "integ36"
>> Acct-Authentic = RADIUS
>> Acct-Status-Type = Start
>> Calling-Station-Id = "55550000"
>> Called-Station-Id = "2426"
>> NAS-Port-Type = Async
>> Connect-Info = "50667/24000 V90/V44/LAPM"
>> NAS-Port = 300
>> Service-Type = Framed-User
>> NAS-IP-Address = 10.1.1.1
>> Acct-Delay-Time = 0
>>
>> .
>> .
>> .
>> .
>> rad_recv: Accounting-Request packet from host 10.1.1.1:1646, id=98,
>> length=173
>> Acct-Session-Id = "000000AE"
>> Framed-Protocol = PPP
>> Framed-IP-Address = 10.1.1.3
>> User-Name = "integ36"
>> Acct-Authentic = RADIUS
>> Acct-Session-Time = 26
>> Acct-Input-Octets = 8110
>> Acct-Output-Octets = 4998
>> Acct-Input-Packets = 92
>> Acct-Output-Packets = 37
>> Acct-Terminate-Cause = User-Request
>> Acct-Status-Type = Stop
>> Calling-Station-Id = "55550000"
>> Called-Station-Id = "2426"
>> NAS-Port-Type = Async
>> Connect-Info = "50667/24000 V90/V44/LAPM"
>> NAS-Port = 300
>> Service-Type = Framed-User
>> NAS-IP-Address = 10.1.1.1
>> Acct-Delay-Time = 0
>>
>>
>> - List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
> --
> Kostas Kalevras Network Operations Center
> kkalev at noc.ntua.gr National Technical University of Athens, Greece
> Work Phone: +30 210 7721861
> 'Go back to the shadow' Gandalf
> - List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list