Script for logging out user from their session

[Deepak]

Hi,

I am a newbie trying to create a prepaid hotspot and I am using following.

CentOS 5.3
freeradius2-2.1.6
mysql 5.0.45
daloradius-0.9-8
chillispot 1.0 (in dd-wrt)


I have managed to put this all together and it is working fine so far.

Now I wanted to try that if I will give a user 1 hour time (1 hour
prepaid card is sold and assumed that user can consume that within
infinite period of time without expiration), i want to limit that time
strictly. For this I have implemented the "Max-All-Session" Attribute
and so far it is working during login time (not during user session).
So following is the problem:

1) User have 1 hour and if he is continuously logged in more than 1
hour, there is no way he will be automatically logged out.

2) For solution to this, I have implemented the "Session-Timeout" of 1
hour (3600) together with "Max-All-Session". This solution works given
that user is not interrupted (or logged in continuously for 1 hour or
more). This strategy fails when user logs out before 1 hour and logs
in again. Supposing he still have 20 mins total time left, when he
logs back in , his session timeout is again 1 hour so if continues to
use until session timeout, he will end up using more than his time.
This is worse if user logs in multiple time within credited time
period.

In this situation, what I wanted to do is - No matter what, when user
reaches his time limit, he will be logged out from his session (if
logged in)  or not accept login request anymore ("Max-All-Session"
already does this).

3) Now to implement the former condition I did some research and found
out that freeradius is not designed to kick the user however we need
to send the "Packet of Disconnect" to NAS (AP) by some means of
script. It is also assumed (I guess) that we will monitor their
account table and hand pick the user by ourselves and disconnect them
manually. Instead I want to automate this thing.

4) After some research for this automation, I found out about the
"radkill" untility (which is not exactly I wanted) but got some idea
that we can do following step to logout user automatically

(a) Find out about that user session and from which NAS he is logged
in (radwho can be used for this purpose)
(b) Send the packet of disconnect to that NAS for that particular user.


Now before reinventing the wheel, I have been asking a question to
myself for sometime

(a) In the prepaid users scenario, there may be hundreds of users
connected. Isn't that keeping track of each user's time in real time
through some kind of daemon will be CPU intensive task? and overkill
for the server?

(b) Instead of keeping track in eating CPU cycles and memory, I though
it would be nice to use and implement this logic when accounting
packet arrives from chilli to radius (something like database
triggerers). so when accounting packet arrives for any particular
user, radius will check his "Max-All-Session" against used sum of used
sessions and if necessary, send the packet of disconnect to the NAS.
Well the problem is I don't know how to implement this since I am very
new to freeradius and this whole hotspot thing.

(c) Lastly, I am just wondering that somebody must have faced this
problem before and made a solution considering many hotspot solutions
available today. or  am I seriously missing something (since new in
this area), or there are more sleek approach to this problem than what
I am thinking, which is readily available out of the box.

In any case, can somebody guide me where to look for the solution on
what I am trying to implement?

Any suggestions, ideas  most welcome

Thanks and Regards


P.S.: This is a cross post. Sorry I for that but I think this is the
best place to post about this. This is also posted at Chilli forum
http://www.chillispot.info/chilliforum/viewtopic.php?id=363



-- 
==============================
Registered Linux User #460714
Currently Using Fedora 10, CentOS 5.3
==============================