Setting and extending Session-timeout
Matej Žerovnik
matej at zunaj.si
Tue May 20 15:06:15 CEST 2014
On 19.5.2014 13:48, Phil Mayers wrote:
> On 19/05/2014 11:52, Matej Žerovnik wrote:
>
>> This should update control record for 'dailycounter' and run it if user
>> signs from Ethernet NAS port type. In case he logs in via wifi, system
>> will skip execution of dailycounter and session-timeout will not be
>> sent. Is my thinking correct?
>
> Yes, I think so.
Ok, will try it on my test installation...
>
>>
>> What if I want to extend session timeout for a certain user?
>> I've had success sending a COA packet with radclient. Is it possible to
>> change it without running radclient?
>
> Not really. If you're extending a session timeout, that's in response to
> an external, non-RADIUS event e.g. administrative configuration, user
> self-service.
>
> FreeRADIUS responds to RADIUS packets.
>
>> Can I create a custom sql table where I insert user name and wanted
>> session length and radius will read that out and send COA to client?
>
> No, definitely not. FreeRADIUS is event-driven in response to radius
> packets.
I guess I could do a little DIY script that reads SQL database, sends
CoA package with radclient and just put everything in cron.
>> Is it possible to somehow get the current set session-timeout for a
>> certain user?
>
> You could log the value you returned in post-auth with linelog or sql.
I think that will work...
>> If not, can I somehow store it in a database on login or update?
>
> Login yes, as above. Update no - as mentioned this is a non-RADIUS event.
I guess I could store it on login and then use the script from above to
update session-timeout field in my sql table. After update, I would send
the CoA package using radclient.
Is there a php radius client available, so that I don't need to call
external programs?
I know all this is not the best solution, but it still seems the best
way to extend sessions for one user on all NAS-es.
The other option would be to update max-session-time and tell user to
reconnect, but I would like for users to be as painless as possible.
Matej
More information about the Freeradius-Users
mailing list