User disconnects but stays online in radius

Russell Mike radius.sir at gmail.com
Tue Feb 19 17:09:09 CET 2013 

>    The more I read about this, the more complicated it gets!
>>
>
> It's quite simple in principle.
>
>
>    Dear Phil, the first and third solutions you provided will work great
>> but their implementation is not that easy. As you said above, following
>> the first approach needs packet monitoring as well, which is not easy to
>> implement unless there be a log file/table in freeradius for this
>>
>
> I don't know what this means, I'm afraid.
>
>
>  packets. And the value for "acctsessiontime" is 0 until the user
>> disconnects and freeradius sets the correct value for this field and
>> some other fields in radacct table.
>>
>
> As I said, you need to enable interim accounting. If you do this, the NAS
> should send accounting packets at frequent intervals that update
> acctsessiontime, amongst other things.
>
> If your NAS doesn't support interim accounting, you're stuck.
>
> If it does, you should just need to set the interim interval, either
> statically on the NAS  or dynamically in the Access-Accept, like so:
>
> post-auth {
>   ...
>   update reply {
>     # accounting packets every 15 minutes
>     Acct-Interim-Interval = 900
>   }
>   ...
> }
>
> You also need to ensure the "accounting_update_query{,_**alt}" are
> configured in your sql.conf; this is the default.
>
>
>
>>   I also found that sometimes removing the last accounting record for
>> the locked user in the radacct table won't work and you need to set
>> "/var/log/freeradius/radutmp" to null, to unlock that user.
>>
>
> Don't use utmp; disable the module if you are using SQL, it's unnecessary
> and bug prone.
>
>
>
>>   I wish there was a table for online users in NAS and we could compare
>> online user in NAS and online users in RADIUS and decide what to do.
>>
>
> Some devices do have this. It's vendor-specific, and often accessible via
> SNMP. Consult the docs for your NAS. Since this isn't a RADIUS question,
> it's best to look elsewhere for this.
>
>
>    I am still looking forward for your helpful comments and suggestion on
>> this topic.
>>
>
> As above: enable interim accounting. The effects should be obvious if it
> works, and the next steps clear.
>
>
>


Hi Phil, thanks for taking the time to attend to this material. i am sure i
need to study more to work around the issue.


i understand three steps from your guidelines to get rid of this problem,
you can respond with just yes or no.

*
*
*A.) *Enable interim accounting
*
*
*B.)* Enable
post-auth {
  update reply {
    Acct-Interim-Interval = 900
  }
}

C.) *You Said:* You also need to ensure the "accounting_update_query{,_**alt}"
are configured in your sql.conf; this is the default.

C1.) Unclear to this, i have nothing like this in my sql.conf

sql {
        server = "localhost"
        database = "mysql"
        driver = "rlm_sql_mysql"
        driver = "rlm_sql_${database}"
        port = 3306
        login = "root"
        password = "xxxxxxxxx"
        radius_db = "radius"
        acct_table1 = "radacct"
        acct_table2 = "radacct"
        postauth_table = "radpostauth"
        authcheck_table = "radcheck"
        authreply_table = "radreply"
        groupcheck_table = "radgroupcheck"
        groupreply_table = "radgroupreply"
        usergroup_table = "radusergroup"
        deletestalesessions = yes
        sqltrace = no
        sqltracefile = ${logdir}/sqltrace.sql
        num_sql_socks = 5
        connect_failure_retry_delay = 60
        lifetime = 0
        max_queries = 0
        readclients = yes
        read_groups = yes
        nas_table = "nas"
        sqltrace = yes
        $INCLUDE sql/${database}/dialup.conf
}


*D.) * *You Said:* I also found that sometimes removing the last accounting
record for the locked user in the radacct table won't work and you need to
set "/var/log/freeradius/radutmp" to null, to unlock that user.

*D1.)* I use "radutmp" For Simultaneous-Use tracking. Do you mean it should
be disable ?


*E.)* Testing

I am clear with A&B. I need more help to tell us more about *"C"* what
exactly should be added in "sql.conf"  and *"D"* how to set null
"/var/log/freeradius/radutmp".

Please do not think i want you to do all for me, Since you have help us
this far please clarify with CD for us to put the fix in place.

Thanks Phil

Regards --RM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130219/fd8b3011/attachment.html>

More information about the Freeradius-Users mailing list