Reauthenticate Every minute
Mutheu
mutheu at lavabit.com
Thu Mar 22 07:04:27 CET 2012
On Wed, 21 Mar 2012 08:52:14 -0400
Alan DeKok <aland at deployingradius.com> wrote:
> Mutheu wrote:
> > I am a bit new to freeradius and I am trying to create a setup where an active session is
> > re-authenticated everyminute and a user is kicked if no enough credit.
>
> That's usually not a good idea. The timeframe for reauthentications
> should be 10 minutes at least.
>
> > More Details:
> > Using 'norestcounter' with mysql works very well without the above.
> > Now I would like to implement this idea : http://computing-tips.net/M0n0wall_Captive_Portal_Logout_URL/#onlinestore).
> >
> > NAS supports a feature for "reauthentication every minute".
>
> That's good.
>
> > The problem is that, if I turn it on, freeradius responds:
> >
> > Sending delayed reject for request 2
> > Sending Access-Reject of id 234 to 10.250.78.200 port 64881
> > Reply-Message := "\r\nYou are already logged in - access denied\r\n\n"
> >
> > Activated the option for ensuring no 'simoultenious use' via mysql.
>
> Which means you activated one feature which prevents the other one
> from working.
>
> Don't do that.
>
> > What am I missing in the freeradius config?
>
> Probably nothing. Your NAS isn't sending the same session information
> the second time around. So FreeRADIUS thinks that the user is now
> logging in twice, and is rejecting it.
What are the session-information fields requirred to identify the session as ongoing
but not new? I could find out from the NAS mailling if they can push it in thier next release.
> As always, look at the debug output to see what's going on.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Mutheu <mutheu at lavabit.com>
More information about the Freeradius-Users
mailing list