Stale Sessions Freeradius 3.0
Ryan Raamsumair
ryan at uwiapartment.com
Thu Sep 6 13:17:30 CEST 2018
Thanks for the swift response
After doing some checks , something is definitely wrong with some of the accesspoints that were recently put in and outfitted with openwrt . The older ones are sending an idle timeout stop accounting session to the radius server to close the account.
Problem is that the fix the for the wifi driver for these new accesspoints may be long in coming ,
my only next option is to adjust the radius server to possibly terminate the session that is already logged on (in radacct) when the same mac address or calling station id tries to authenticate again
I tried including the following code in the queries.conf . but i haven't had any positive results or not sure if it would even work . Possibly because it has to go somewhere within one of the other modules ?
query = "\
UPDATE ${....acct_table1} \
SET \
acctstoptime = FROM_UNIXTIME(\
%{integer:Event-Timestamp}), \
acctsessiontime = '%{integer:Event-Timestamp}' \
- UNIX_TIMESTAMP(acctstarttime), \
acctterminatecause = '%{%{Acct-Terminate-Cause}:-Stale_Session}' \
WHERE acctstoptime IS NULL \
AND callingstationid = ' %{Called-Station-Id}'' \
AND acctstarttime <= FROM_UNIXTIME(\
%{integer:Event-Timestamp})"
Thanks again
On Wed, 09/05/2018 03:35 PM, Alan DeKok <aland at deployingradius.com> wrote:
>
On Sep 5, 2018, at 1:05 PM, Ryan Raamsumair via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> >
> > I previously ran freeradius 2 incident free , having recently upgraded to freeradius 3 . I am bogged down with stale sessions
> > freeradius is already the newest version (3.0.12+dfsg-5+deb9u1).
>
> The newest version is 3.0.17.
>
> > The Nas are linksys accesspoints running on openwrt
> >
> > If the user manually disconnects from the network , and acctstop is updated and the records close properly , but if the person walks away from the network no update is made
>
> Blame the NAS. The NAS (or AP in this case) is supposed to send a stop record when it decides that the user is no longer online.
>
> If the NAS doesn't do this, it's broken.
>
> FreeRADIUS just records what the NAS sends. If the record isn't correct, then blame the NAS. No amount of poking FreeRADIUS will make the NAS send the correct records.
>
> On another note, you sent two complete debug outputs, most of which was for EAP. Not accounting.
>
> If you want us to help debug accounting issues, show the debug output from accounting packets.
>
> You also sent multiple copies of the configuration files. We don't need that. We've already seen those configuration files. They ship with the server. It's a total waste of time to send them to the list.
>
> Please read this page: http://wiki.freeradius.org/list-help
>
> It describes what information we need.
>
> Alan DeKok.
>
>
More information about the Freeradius-Users
mailing list