Session-Timeout anomalies

Bill Isaacs bill.isaacs at island-wifi.com
Sat Feb 9 01:26:02 CET 2013


On 02/08/2013 09:50 AM, Alan DeKok wrote:
> Bill Isaacs wrote:
>> Ok so the question then is: where the hell is radclient getting the
>> notion that the account has 2366393 seconds left?
>    From the RADIUS server.  This isn't magic.  radclient doesn't invent
> attributes in reply packets.  It receives them from the RADIUS server.
>
>    Well... your question about "where does radclient get that value from"
> is entirely missing the point.  It gets it from the RADIUS server.  I've
> said this.  I have no idea how to convince you it's true.
Alan, you're so much more fun when you're not being myopic.  lol  Of 
course it's getting the answer from the radius server.  You really think 
I don't know that?
>
>    And the *only* way to debug the RADIUS server is to look at the debug
> output.
>
>    And no, your original message did *not* say you had run the server in
> debugging mode.  There's only a reference to creating an account for
> debugging purposes.  There's no "radiusd -X" output.
You're quite right Alan, it didn't.  NOR did I say that it did.  To 
paraphrase you, "You're staring at the first sentence, wondering where 
the debug output is.  That's a mistake".  :D
What I DID say was "I'm researching this anomaly myself in all the 
documentation, but thought it would also be helpful /both to me and to 
others/ to post the problem here." (emphasis added).
What I implied in the ensuing message was that it would be posted here 
once  I tracked the message down, but that posting it and the solution 
in nice digestible pieces for those not familiar at all with radius 
would be helpful to them.  I suspect if you went to decaf and quit 
asking 'why' others don't just do what should be done, you would have 
understood that.
Take a deep breath.  Read between the lines, and realize that if others 
understood radius the way you do, you'd be out of a job (at least on the 
board here).  I'm trying to make this fun, and be worthwhile as a 
thread.  So caaalm down.  ok?  I'll post the debug output along with 
what it reveals as soon as I've worked it all out thoroughly.  Trust me.  :)
> ... why I'm
> getting annoyed.
See "decaf" above.
>
>    If you want to track down the issue to a specific module, update the
> config to do:
>
> 	update reply {
> 		Reply-Message += "A %{reply:Session-Timeout}"
> 	}
>
>    Cut & paste that through various pieces of authorize, post-auth, etc.
>   Change the "A" to "B", "C", etc.  You should see 10-20 Reply-Messages
> in the Access-Accept.  Each with a value for Session-Timeout.  That lets
> you track *what* the value is, and *where* in the config the value is
> coming from.
>
>    Then once you know it's a particular module, you can figure out how to
> fix that module.
Now *there* is a wholly useful piece of information.  Bravo! Sooner or 
later, we'll clear out enough of the rants to expose goodies, no?  :D

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130208/af8aca16/attachment.html>


More information about the Freeradius-Users mailing list