Session-Timeout Problem

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Thu Feb 2 15:50:28 CET 2017


Hi,
> I do not want to turn this into a clash of egos, I just want to understand the problem and solve it.

okay - you were given advice which you've rejected because
you want to do things your way - fair enough, so you need to follow
the obvious bit of advice - capture the RADIUS conversation that occurs
when the reauth is occuring..... its likely that its eg cached
auth and you are not putting that attribute into cache so a basic
authntication is okay is being returned with no session timeout.

or its a bug with your NAS...in which case you wont need to
do anything special if you changed to a different NAS ;-)

> This is what I want to achieve:
> I want to keep user data and statistics in a MySQL database. I want to enforce quota based on the data received by FreeRADIUS 2.2.8 from any NAS.

basic stuff. just accounting from NAS to a DB

> The NAS regularly informs FreeRADIUS how much a user has been using the network. FreeRADIUS keeps the data in a MySQL database and regularly checks if the user has reached his quota. When a user reaches his quota, it tells the NAS not to let him use the network. In order to be able to grant or deny access to a user, the NAS is supposed to ask FreeRADIUS at regular intervals what to with the authentication request. The only way the NAS can know about these intervals is through the "Session-Timeout" attribute. At the end of each session, the NAS sends FreeRADIUS a packet that contains data about how much bandwidth the user has consumed. FreeRADIUS commits the to a local MySQL schema, which I have programmed to update some other custom tables through triggers.

no, you use CoA or the NAS API to control the users...you dont constantly reauth people for this functionality.

then you can drop them as soon as they reach $threshold, rather than up to 10 minutes later

also, if you reauth then its a new session....so you'll get loads of sessions to deal with.

alan


More information about the Freeradius-Users mailing list