limiting sessions

Andrew Long along at escapewire.com
Thu Nov 9 17:00:49 CET 2006


>> Andrew Long <along at escapewire.com> wrote:
>>> I tried Session-Timeout but it doesn't seem to do the job.

>>   So... is it being sent back to the NAS?  If it is, then the NAS is
>> ignoring it.  Go ask your NAS manufacturer for a refund, or for a
>> firmware upgrade that implements RADIUS.

>>   Alan DeKok.

> How would you suggest I verify the session-timeout is actually being
> sent/received?

> Andrew

> radiusd -X

> in the debug mode you can see attributes that are being send back to you
> NAS. If you want to see what comes to NAS - please consult the documentation
> of your NAS !

> Regards,

> E:S

Here is the output from radiusd -X regarding the answer to an
auth-request from one of the properties where I changed
session-timeout to 1800. It does not look to me like the
session-timeout attribute is being sent... any suggestions?

========= sample 1 (main street) ==========

rad_recv: Access-Request packet from host 141.149.128.xx:1024, id=88, length=191
        Acct-Session-Id = "54a4b76f"
        NAS-Port = 3
        NAS-Port-Type = Wireless-802.11
        User-Name = "4aroma70370"
        Calling-Station-Id = "00-14-A5-71-1A-61"
        Called-Station-Id = "00-03-52-02-8C-F9"
        Framed-IP-Address = 192.168.110.101
        CHAP-Password = [removed]
        CHAP-Challenge = [removed]
        NAS-Identifier = "R035-00371"
        NAS-IP-Address = 141.149.128.58
        Framed-MTU = 1496
        Connect-Info = "HTTPS"
        Service-Type = Framed-User
        Message-Authenticator = 0xacd61ed325c0d7c91980dbf8bcf6ccdd
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
  rlm_chap: Setting 'Auth-Type := CHAP'
  modcall[authorize]: module "chap" returns ok for request 1
  modcall[authorize]: module "eap" returns noop for request 1
    rlm_realm: No '@' in User-Name = "4aroma70370", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1
    users: Matched DEFAULT at 177
  modcall[authorize]: module "files" returns ok for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
radius_xlat:  '4aroma70370'
rlm_sql (sql): sql_set_user escaped user --> '4aroma70370'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '4aroma70370' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE usergroup.Username = '4aroma70370' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '4aroma70370' ORDER BY id'
radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = '4aroma70370' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 3
  modcall[authorize]: module "sql" returns ok for request 1
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
  modcall[authorize]: module "noresetcounter" returns noop for request 1
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
  modcall[authorize]: module "dailycounter" returns noop for request 1
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
  modcall[authorize]: module "monthlycounter" returns noop for request 1
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
  modcall[authorize]: module "daypasscounter" returns noop for request 1
modcall: group authorize returns ok for request 1
  rad_check_password:  Found Auth-Type CHAP
auth: type "CHAP"
modcall: entering group Auth-Type for request 1
  rlm_chap: login attempt by "4aroma70370" with CHAP password
  rlm_chap: Using clear text password [removed] for user 4aroma70370 authentication.
  rlm_chap: chap user 4aroma70370 authenticated succesfully
  modcall[authenticate]: module "chap" returns ok for request 1
modcall: group Auth-Type returns ok for request 1
Sending Access-Accept of id 88 to 141.149.128.xx:1024
        Framed-IP-Address = 255.255.255.254
        Framed-MTU = 576
        Service-Type = Framed-User
Finished request 1
Going to the next request
================= end ===============

Andrew




More information about the Freeradius-Users mailing list