[PacketFence-users] access duration not working

Sun, 29 Jun 2025 03:29:55 -0700 

  Hello Support Team, I’m encountering an issue where the access duration
setting in PacketFence is not being enforced. I have set access_duration =
2m for user admin2 in the password table. Running SELECT pid,
access_duration, expiration FROM password WHERE pid = 'admin2';

returns:
+--------+-----------------+---------------------+
| pid | access_duration | expiration |
+--------+-----------------+---------------------+
| admin2 | 2m | 2025-07-25 03:16:53 |
+--------+-----------------+---------------------+


confirming that the access duration is correctly set. I also confirmed that
the user exists in the person table by running SELECT * FROM person WHERE
pid = 'admin2';, which shows:
| pid | firstname | lastname | email | sponsor |
|--------|-----------|----------|--------------------------|---------|
| admin2 | Admin2| Admin2    | adm...@gmail.com | admin |
demonstrating the user is properly configured. However, the user remains
connected well beyond the two-minute duration. When I checked for
accounting records using SELECT * FROM radacct WHERE username = 'admin2';,
the result was empty, which suggests that no RADIUS accounting packets are
being received by PacketFence. I verified this by running sudo tcpdump -i
any port 1813 on the server while the user connected and saw no traffic,
confirming that accounting packets are not being sent by the access point.
I also attempted to manually insert a test session into the radacct table
using:
INSERT INTO radacct (acctsessionid, acctuniqueid, username, nasipaddress,
acctstarttime, acctupdatetime, calledstationid, callingstationid,
acctterminatecause, framedipaddress) VALUES ('test-session', 'test-unique',
'admin2', '192.0.2.1', NOW(), NOW(), '00-00-00-00-00-00',
'11-11-11-11-11-11', '', '198.51.100.25');
but even with this, pfcron did not attempt to expire the session. The pfcron
service is running normally (systemctl status pfcron confirms it is
active), but no related log entries appear in
/var/log/packetfence/pfcron.log. I would like clarification on whether
radacct is the correct table used by PacketFence to enforce access
duration, what the minimum accounting fields required are, and whether
there is a way to simulate or force expiration when RADIUS accounting is
not available. Thank you for your assistance.

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users














    











					Reply via email to