On 10/15/2013 05:47 PM, Francesc Romà i Frigolé wrote: > When the total session time used for the day as given by the > AcctTotalSinceQuery is exactly the same as Max-Daily-Session in the > authentication request Radiator allows the user to log in. > > Only if the session time exceed the max daily session, even by just one > second, will Radiator complain about max session exceeded.
I would need to see your configuration to say what happens exactly, but most likely this can happen. If the amount of used seconds is 86400, this does not *exceed* one day, yet. > Is this the correct behaviour? I'd expect also to get a session exceeded > error when AcctTotalSinceQuery == Max-Daily-Session. I think it currently does work as documented ' ... If it is exceeded, the user is rejected. ...' says the reference manual for Max-Daily-Session. > This behaviour is causing issues for us because Radiator is returning > an authentication "accept" with a zero session time, which Mikrotik > RouterOS hotspotl interprets as infinite session length, rather than a > session exceeded error. I can see that returning Session-Timeout of 0 with Access-Accept will cause problems in your case. The RADIUS RFC is silent about 0 being a special value, but it appears there are other implementations too which consider 0 to mean inifinity. > Is this a bug or there is something wrong with my settings? Maybe this is a gray area? You could consider e.g., a PostAuthHook to see if Session-Timeout is going to be 0 and then switch the result to reject. Might even be a good time to reject sessions that have only a few seconds left? Thanks, Heikki -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
