Unexpected Disconnect Message to NAS
Vladimir Cvetic
vcvetic.vc at gmail.com
Tue Feb 19 11:15:24 CET 2019
Hi Alan,
I did some further investigation with tcpdump.
the session-timeout attribute is only send with the access-challenge from
freeradius. I can't see the session-attribute within the access-accept
packets.
Is that the right behaviour?
On Mon, Feb 18, 2019 at 6:16 PM Vladimir Cvetic <vcvetic.vc at gmail.com>
wrote:
> I can only see access-accept packets from freeradius and this is also the
> only attribute that is stored in the radpostauth table.
> disconnect via coa is already working for the max-daily-session.
>
> I'm confused on how the dailycounter and logintime modules should work.
> But thank you for your patience so far
>
> On Mon, Feb 18, 2019 at 4:42 PM Alan DeKok <aland at deployingradius.com>
> wrote:
>
>> On Feb 18, 2019, at 10:37 AM, Vladimir Cvetic <vcvetic.vc at gmail.com>
>> wrote:
>> > I checked the NAS. The NAS is sending Acct-Status-Type = Interim-Update
>> > packets every 60 seconds and also the radacct table being updated
>> > continuously.
>> > But I can't see freeradius sending disconnect packets to the NAS.
>>
>> Then read the debug log as suggest in the "man" page, web pages, Wiki,
>> and the message you get when you join this list. Among many, many, other
>> places.
>>
>> > Does the login-time actually enforces disconnects or does it only check
>> if
>> > the user is allowed to login at the time specified?
>>
>> Login-Time enforces Session-Timeout. This is documented in the Wiki.
>>
>> > Do I have to add the session-timeout value as an attribute to the
>> > reply-message? If yes, how.
>>
>> You can if you want. But Login-Time and Max-Daily-Session should do
>> that for you.
>>
>> > In case the NAS is ignoring the session-timeout value I'd need to
>>
>> Throw your NAS in the garbage, and by a new NAS.
>>
>> Really.
>>
>> Session-Timeout goes back to 1992 or so. A NAS which doesn't implement
>> it is broken.
>>
>> > disconnect from the freeradius side like I did for the
>> max-daily-session?
>> >
>> > I have the impression that my freeradius is not sending any disconnect
>> > messages at all if I don't force to do so. Should rlm_sqlcounter force
>> > disconnects as well?
>>
>> No.
>>
>> Each module does one thing, and only one thing. If you want to send
>> disconnects, configure the server to send disconnects. See
>> raddb/sites-available/originate-coa for documentation.
>>
>> Alan DeKok.
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list