Idle Time-out- Session time-out/ Aacct start-stop packet
Sylvain De Muynck
sylvain.demuynck at tigolao.com
Tue Dec 1 11:24:48 CET 2009
Dear all,
I would like my user to get a session time-out of 20 minutes.
While looking at the debug, I noticed that my users matched the default
entry [12] attrs.accounting.response and get authenticate every 10
minutes
(in fact, this even take over the session time-out attribute that I
could attribute to a specific user) So, basically, I don't know how to
control it.
DEFAULT
Vendor-Specific =* ANY,
Message-Authenticator =* ANY,
Proxy-State =* ANY
I thank that was the file that I could configure to get all my users
re-authenticate after 20 minutes.
Then, I had a look to the attrs file I noticed that the Idle-time out
was of 10 minutes..So, I decided to put the Idle time of 1200 instead of
the regular 600 who was written in this file.
DEFAULT
Service-Type == Framed-User,
Service-Type == Login-User,
Login-Service == Telnet,
Login-Service == Rlogin,
Login-Service == TCP-Clear,
Login-TCP-Port <= 65536,
Framed-IP-Address == 255.255.255.254,
Framed-IP-Netmask == 255.255.255.255,
Framed-Protocol == PPP,
Framed-Protocol == SLIP,
Framed-Compression == Van-Jacobson-TCP-IP,
Framed-MTU >= 576,
Framed-Filter-ID =* ANY,
Reply-Message =* ANY,
Proxy-State =* ANY,
EAP-Message =* ANY,
Message-Authenticator =* ANY,
MS-MPPE-Recv-Key =* ANY,
MS-MPPE-Send-Key =* ANY,
MS-CHAP-MPPE-Keys =* ANY,
State =* ANY,
Session-Timeout <= 28800,
Idle-Timeout <= 1200,
Port-Limit <= 2
Unfortunately, that did not work and now, I am still stuck to figure out
how could I do that.
To sum up this issue, I got Alvarion NAS, from my users, I can see
accounting start and accounting stop packet, every 10 minutes, I got an
accounting packet stop from my users with everytime the same termination
cause = lost-carrier.
Thanks in advance for you help. Let me know if you need more details.
Regards
Sylvain
More information about the Freeradius-Users
mailing list