Re: Zero Session-Timeout

[Rohaizam Abu Bakar]

Thanks for the suggestion.. the rlm_perl works.!!. to load session-time 
value..

But if no value found... as configured in perl script..

if (!$timeoutvalue){
       return RLM_MODULE_REJECT;
}

it will not reject the user.... user will just has NO Session-Timeout..

--haizam

----- Original Message ----- 
From: "Kostas Kalevras" <[EMAIL PROTECTED]>
To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org>
Sent: Tuesday, May 30, 2006 7:19 PM
Subject: Re: Zero Session-Timeout


On Tue, 30 May 2006, Rohaizam Abu Bakar wrote:

Dear all,

Using FB 6.0, FR 1.0.5 (will upgrade soon)

I've problem with timeout...

I've set in users file as below in order to load timeout value depending 
on type of connection (ISDN/PSTN)

DEFAULT                 NAS-Port-Type == "Sync", Autz-Type := DIALUP, 
Auth-Type := DIALUP
                      Session-Timeout = 
`%{exec:/usr/local/etc/raddb/timeout.pl %U ISDN}`

DEFAULT                 NAS-Port-Type == "Async", Autz-Type := DIALUP, 
Auth-Type := DIALUP
                      Session-Timeout = 
`%{exec:/usr/local/etc/raddb/timeout.pl %U PSTN}`value

The problem is when "Session-Timeout =0", normally happen when script 
cannot load value... it will NOT timeout... user till can get connect 
until manually disconnect...

I think that some access servers cannot handle session-timeout values 
which are very low or zero. In any case if session-timeout is zero you re 
better off sending an access-reject anyway.
I would suggest moving the script to rlm_perl and just return REJECT in 
case you cannot find a correct value. And also try not sending a 
session-timeout value which is lower than 60 secs.



Below is the debug log...


Login OK: [integ36] (from client INFRANETTEST port 300 cli 55550000)
Sending Access-Accept of id 111 to 10.1.1.1:1645
      Session-Timeout = 0
      Framed-Compression = Van-Jacobson-TCP-IP
      Framed-MTU = 1500
      Framed-Protocol = PPP
      Service-Type = Framed-User
Finished request 89
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host 10.1.1.1:1646, id=97, 
length=131
      Acct-Session-Id = "000000AE"
      Framed-Protocol = PPP
      User-Name = "integ36"
      Acct-Authentic = RADIUS
      Acct-Status-Type = Start
      Calling-Station-Id = "55550000"
      Called-Station-Id = "2426"
      NAS-Port-Type = Async
      Connect-Info = "50667/24000 V90/V44/LAPM"
      NAS-Port = 300
      Service-Type = Framed-User
      NAS-IP-Address = 10.1.1.1
      Acct-Delay-Time = 0

.
.
.
.
rad_recv: Accounting-Request packet from host 10.1.1.1:1646, id=98, 
length=173
      Acct-Session-Id = "000000AE"
      Framed-Protocol = PPP
      Framed-IP-Address = 10.1.1.3
      User-Name = "integ36"
      Acct-Authentic = RADIUS
      Acct-Session-Time = 26
      Acct-Input-Octets = 8110
      Acct-Output-Octets = 4998
      Acct-Input-Packets = 92
      Acct-Output-Packets = 37
      Acct-Terminate-Cause = User-Request
      Acct-Status-Type = Stop
      Calling-Station-Id = "55550000"
      Called-Station-Id = "2426"
      NAS-Port-Type = Async
      Connect-Info = "50667/24000 V90/V44/LAPM"
      NAS-Port = 300
      Service-Type = Framed-User
      NAS-IP-Address = 10.1.1.1
      Acct-Delay-Time = 0


- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html