Session-Timeout Problem

Selahattin Cilek selahattin_cilek at hotmail.com
Thu Feb 2 17:31:49 CET 2017


"its likely that its eg cached
auth and you are not putting that attribute into cache so a basic
authntication is okay is being returned with no session timeout."

Yes, I have indeed enabled session caching in my eap.conf file:
cache {
      enable = yes
      lifetime = 24
      max_entries = 1024
}

Is that why the second session never terminates? How can I put the 
"Session-Timeout" attribute into the session cache?


On 02.02.2017 17:50, A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
>> I do not want to turn this into a clash of egos, I just want to understand the problem and solve it.
> okay - you were given advice which you've rejected because
> you want to do things your way - fair enough, so you need to follow
> the obvious bit of advice - capture the RADIUS conversation that occurs
> when the reauth is occuring..... its likely that its eg cached
> auth and you are not putting that attribute into cache so a basic
> authntication is okay is being returned with no session timeout.
>
> or its a bug with your NAS...in which case you wont need to
> do anything special if you changed to a different NAS ;-)
>
>> This is what I want to achieve:
>> I want to keep user data and statistics in a MySQL database. I want to enforce quota based on the data received by FreeRADIUS 2.2.8 from any NAS.
> basic stuff. just accounting from NAS to a DB
>
>> The NAS regularly informs FreeRADIUS how much a user has been using the network. FreeRADIUS keeps the data in a MySQL database and regularly checks if the user has reached his quota. When a user reaches his quota, it tells the NAS not to let him use the network. In order to be able to grant or deny access to a user, the NAS is supposed to ask FreeRADIUS at regular intervals what to with the authentication request. The only way the NAS can know about these intervals is through the "Session-Timeout" attribute. At the end of each session, the NAS sends FreeRADIUS a packet that contains data about how much bandwidth the user has consumed. FreeRADIUS commits the to a local MySQL schema, which I have programmed to update some other custom tables through triggers.
> no, you use CoA or the NAS API to control the users...you dont constantly reauth people for this functionality.
>
> then you can drop them as soon as they reach $threshold, rather than up to 10 minutes later
>
> also, if you reauth then its a new session....so you'll get loads of sessions to deal with.
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus




More information about the Freeradius-Users mailing list