Script for logging out user from their session

Deepak d88pak at gmail.com
Sat Aug 1 16:26:12 CEST 2009


On Sat, Aug 1, 2009 at 10:06 PM, Ivan Kalik<tnt at kalik.net> wrote:
>> I am a newbie trying to create a prepaid hotspot and I am using following.
>>
>> CentOS 5.3
>> freeradius2-2.1.6
>> mysql 5.0.45
>> daloradius-0.9-8
>> chillispot 1.0 (in dd-wrt)
>>
>>
>> Now I wanted to try that if I will give a user 1 hour time (1 hour
>> prepaid card is sold and assumed that user can consume that within
>> infinite period of time without expiration), i want to limit that time
>> strictly. For this I have implemented the "Max-All-Session" Attribute
>> and so far it is working during login time (not during user session).
>> So following is the problem:
>>
>> 1) User have 1 hour and if he is continuously logged in more than 1
>> hour, there is no way he will be automatically logged out.
>
> You have not implemented the counter correctly or your NAS doesn't support
> Session-Timeout.
>
>> 2) For solution to this, I have implemented the "Session-Timeout" of 1
>> hour (3600) together with "Max-All-Session".
>
> Which is poitless.
>
>> This solution works given
>> that user is not interrupted (or logged in continuously for 1 hour or
>> more). This strategy fails when user logs out before 1 hour and logs
>> in again. Supposing he still have 20 mins total time left, when he
>> logs back in , his session timeout is again 1 hour so if continues to
>> use until session timeout, he will end up using more than his time.
>> This is worse if user logs in multiple time within credited time
>> period.
>
> OK, so Session-Timeout works. Then you haven't implemented the counter
> properly. Post the debug.
>
>> In this situation, what I wanted to do is - No matter what, when user
>> reaches his time limit, he will be logged out from his session (if
>> logged in)  or not accept login request anymore ("Max-All-Session"
>> already does this).
>
> Yes, but it looks like you are overriding Session-Timeout set by the
> couter with the fixed value.
>
>> 3) Now to implement the former condition I did some research and found
>> out that freeradius is not designed to kick the user however we need
>> to send the "Packet of Disconnect" to NAS (AP) by some means of
>> script. It is also assumed (I guess) that we will monitor their
>> account table and hand pick the user by ourselves and disconnect them
>> manually. Instead I want to automate this thing.
>
> Just forget that.
>
>> 4) After some research for this automation, I found out about the
>> "radkill" untility (which is not exactly I wanted) but got some idea
>> that we can do following step to logout user automatically
>>
>> (a) Find out about that user session and from which NAS he is logged
>> in (radwho can be used for this purpose)
>> (b) Send the packet of disconnect to that NAS for that particular user.
>
> You don't need any of that. Just set up counter properly.
>
>> Now before reinventing the wheel, I have been asking a question to
>> myself for sometime
>>
>> (a) In the prepaid users scenario, there may be hundreds of users
>> connected. Isn't that keeping track of each user's time in real time
>> through some kind of daemon will be CPU intensive task? and overkill
>> for the server?
>
> Not at all, since the server doesn't do that. NAS generates accounting.
>
>> (b) Instead of keeping track in eating CPU cycles and memory, I though
>> it would be nice to use and implement this logic when accounting
>> packet arrives from chilli to radius (something like database
>> triggerers). so when accounting packet arrives for any particular
>> user, radius will check his "Max-All-Session" against used sum of used
>> sessions and if necessary, send the packet of disconnect to the NAS.
>> Well the problem is I don't know how to implement this since I am very
>> new to freeradius and this whole hotspot thing.
>
> No need. By passing Session-Timeout at login time NAS will disconnect the
> user when the time comes.
>
>> (c) Lastly, I am just wondering that somebody must have faced this
>> problem before and made a solution considering many hotspot solutions
>> available today. or  am I seriously missing something (since new in
>> this area), or there are more sleek approach to this problem than what
>> I am thinking, which is readily available out of the box.
>
> You have messed up counter implementation. Post the debug and lets see
> what is going on with it.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>


Right after posing this message, I was just browsing the chillispot
forum (http://www.chillispot.info/chilliforum/viewtopic.php?id=329)
and found that there is bug in the SQL statement in noreset counter
and followed the link to previous discussion of this matter
(http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg50930.html)
and corrected the statement

which was previously:
====================
"SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}'"
====================

to now this:
====================
"SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{%k}'"
====================

and it is solved now.

I tried to search for previous discussion from nabble but didn't show
up this particular dicussion. I have been desperately looking for the
answer for about 2 days. Now only after posting a long nonsense post,
I found the answer right away (few minutes after post).

I don't know if the bug is in the this particular rpm or it is still
there in the source. I hope this is corrected already.

Anyway thanks for your valuable time to listen to me. :-)

Regards and good day!


-- 
==============================
Registered Linux User #460714
Currently Using Fedora 10, CentOS 5.3
==============================




More information about the Freeradius-Users mailing list