Session-Timeout Problem
Selahattin Cilek
selahattin_cilek at hotmail.com
Thu Feb 2 19:12:11 CET 2017
How do I implement a Cached-Session-Policy and how do I make sure that
the Session-Timeout attribute is included?
On 02.02.2017 19:31, Selahattin ÇİLEK wrote:
> "its likely that its eg cached
> auth and you are not putting that attribute into cache so a basic
> authntication is okay is being returned with no session timeout."
>
> Yes, I have indeed enabled session caching in my eap.conf file:
> cache {
> enable = yes
> lifetime = 24
> max_entries = 1024
> }
>
> Is that why the second session never terminates? How can I put the
> "Session-Timeout" attribute into the session cache?
>
>
> On 02.02.2017 17:50, A.L.M.Buxey at lboro.ac.uk wrote:
>> Hi,
>>> I do not want to turn this into a clash of egos, I just want to
>>> understand the problem and solve it.
>> okay - you were given advice which you've rejected because
>> you want to do things your way - fair enough, so you need to follow
>> the obvious bit of advice - capture the RADIUS conversation that occurs
>> when the reauth is occuring..... its likely that its eg cached
>> auth and you are not putting that attribute into cache so a basic
>> authntication is okay is being returned with no session timeout.
>>
>> or its a bug with your NAS...in which case you wont need to
>> do anything special if you changed to a different NAS ;-)
>>
>>> This is what I want to achieve:
>>> I want to keep user data and statistics in a MySQL database. I want
>>> to enforce quota based on the data received by FreeRADIUS 2.2.8 from
>>> any NAS.
>> basic stuff. just accounting from NAS to a DB
>>
>>> The NAS regularly informs FreeRADIUS how much a user has been using
>>> the network. FreeRADIUS keeps the data in a MySQL database and
>>> regularly checks if the user has reached his quota. When a user
>>> reaches his quota, it tells the NAS not to let him use the network.
>>> In order to be able to grant or deny access to a user, the NAS is
>>> supposed to ask FreeRADIUS at regular intervals what to with the
>>> authentication request. The only way the NAS can know about these
>>> intervals is through the "Session-Timeout" attribute. At the end of
>>> each session, the NAS sends FreeRADIUS a packet that contains data
>>> about how much bandwidth the user has consumed. FreeRADIUS commits
>>> the to a local MySQL schema, which I have programmed to update some
>>> other custom tables through triggers.
>> no, you use CoA or the NAS API to control the users...you dont
>> constantly reauth people for this functionality.
>>
>> then you can drop them as soon as they reach $threshold, rather than
>> up to 10 minutes later
>>
>> also, if you reauth then its a new session....so you'll get loads of
>> sessions to deal with.
>>
>> alan
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus
>
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
More information about the Freeradius-Users
mailing list