User-accounts do not expire in time...
liran tal
liransgarage at gmail.com
Wed Nov 21 14:29:01 CET 2007
If your NAS is not sending any accounting packets to the server on the usage
for a user how should freeradius know to increment it's counter for
the attribute?
So how about you eliminate all of the possible obvious errors by
telling us which
NAS is it (someone here might have had the same problem) and check these
issues with a sniffer maybe to be sure.
Regards,
Liran.
On Nov 21, 2007 3:14 PM, Evert <evert at poboxes.info> wrote:
> >From this location I have no direct access to the NAS in question at the moment, so that
> will have to wait a bit.
>
> But what about my comment that the user should not get a 'Login OK' but a 'Invalid user
> (rlm_sqlcounter: Maximum never usage time reached)' as soon as 24 hours have passed and he
> tries to log in again...?
> Am I wrong there?
>
>
>
> Regards,
> Evert
>
> liran tal wrote:
> > How about checking Alan's comment on whether your NAS
> > is actually sending accounting information or not?
> >
> >
> > Regards,
> > Liran.
> >
> >
> > On Nov 21, 2007 2:12 PM, Evert <evert at poboxes.info> wrote:
> >> There is indeed a record in the usergroup-table with
> >> UserName= ofjyc5
> >> GroupName= 24hours
> >>
> >> ;-)
> >>
> >>
> >> Regards,
> >> Evert
> >>
> >>
> >>
> >>
> >>
> >> liran tal wrote:
> >>> Hopefully you didn't forget to set the user-group mapping in usergroup
> >>> table, right?
> >>>
> >>>
> >>> Regards,
> >>> Liran.
> >>>
> >>> On Nov 21, 2007 1:01 PM, Evert <evert at poboxes.info> wrote:
> >>>> Alan DeKok wrote:
> >>>>> Evert wrote:
> >>>>>> I have users in my system who are supposed to be able to logon as much as they want, in a
> >>>>>> period of 24 hours starting from their 1st logon.
> >>>>> ...
> >>>>>> however, a user who is a member of the 24hours group is able to log on longer than the
> >>>>>> 24hours period:
> >>>>> Is the server receiving accounting packets?
> >>>>>
> >>>>> The fact that a user received an Access-Accept doesn't mean they
> >>>>> succeeded in logging in. The NAS may have rebooted, they may have hung
> >>>>> up, the Access-Accept could have been lost, etc.
> >>>>>
> >>>>> The server knows (and accounts for) the user logging in only when it
> >>>>> receives an Accounting-Request packet. The accounting packets are also
> >>>>> used to determine how long the user was logged in for.
> >>>> Provided both the server and the NAS have not rebooted in the mean time, shouldn't the
> >>>> server send a 'Maximum never usage time reached', based on the rules in sqlcounter.conf,
> >>>> accounting packets or not?
> >>>>
> >>>> How long the user has been logged on in the 24-hour period is not really relevant in my
> >>>> case. All I need is that when the user tries to log in again > 24 hours after 1st logon
> >>>> (based on AcctStartTime) he gets a 'Maximum never usage time reached'.
> >>>>
> >>>>
> >>>>
> >>>> (I'll have to check on the accounting packets. Not sure about them)
> >>>>
> >>>>
> >>>> Regards,
> >>>> Evert
> >>>>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list