Reauthenticate Every minute

Mutheu mutheu at lavabit.com
Thu Mar 22 07:04:27 CET 2012




On Wed, 21 Mar 2012 08:52:14 -0400
Alan DeKok <aland at deployingradius.com> wrote:

> Mutheu wrote:
> > I am a bit new to freeradius and I am trying to create a setup where an active session is
> > re-authenticated everyminute and a user is kicked if no enough credit.
> 
>   That's usually not a good idea.  The timeframe for reauthentications
> should be 10 minutes at least.
> 
> > More Details:
> > Using 'norestcounter' with mysql works very well without the above.
> > Now I would like to implement this idea : http://computing-tips.net/M0n0wall_Captive_Portal_Logout_URL/#onlinestore).
> > 
> > NAS supports a feature for "reauthentication every minute".
> 
>   That's good.
> 
> > The problem is that, if I turn it on, freeradius responds:
> > 
> > Sending delayed reject for request 2
> > Sending Access-Reject of id 234 to 10.250.78.200 port 64881
> >         Reply-Message := "\r\nYou are already logged in - access denied\r\n\n"
> > 
> > Activated the option for ensuring no 'simoultenious use' via mysql.
> 
>   Which means you activated one feature which prevents the other one
> from working.
> 
>   Don't do that.
> 
> > What am I missing in the freeradius config?
> 
>   Probably nothing.  Your NAS isn't sending the same session information
> the second time around.  So FreeRADIUS thinks that the user is now
> logging in twice, and is rejecting it.

What are the session-information fields requirred to identify the session as ongoing
but not new? I could find out from the NAS mailling if they can push it in thier next release.
 
>   As always, look at the debug output to see what's going on.
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-- 
Mutheu <mutheu at lavabit.com>


More information about the Freeradius-Users mailing list