How to insert/modify attribute "Session-Timeout" in a Auth-Reply?
Hello~ My freeradius is a proxy server. I want to insert the attribute "Session-Timeout" with value "900" in each auth-reply packet. How can I make it work ? Thanks a lot ...
Re: Session-Timeout
On Sun, 19 Oct 2003, Doron Shmaryahu wrote: > Hi, > > I am using freeradius with mysql and dialupadmin. I have deleted the > timeouts for users in the admin.conf file in dialup admin. I still seem > to have users being disconnected after 2hrs with Session-Timeout as the > cause. How could I remedy this ?? The admin.conf has nothing to do with the user information in the database. You should change the user attributes for things to work ok. > > Thanks > > Doron Shmaryahu > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Session-Timeout
Hi, I am using freeradius with mysql and dialupadmin. I have deleted the timeouts for users in the admin.conf file in dialup admin. I still seem to have users being disconnected after 2hrs with Session-Timeout as the cause. How could I remedy this ?? Thanks Doron Shmaryahu
Re: Session-Timeout
Am Don, 2003-10-16 um 08.20 schrieb Matt: > How do I set a session and a Idle timeout with radius? Can I just add it to > my default setup below? > > Matt > > DEFAULT Auth-Type := Local > Service-Type = Framed-User, > Framed-Protocol = PPP, > Framed-Routing = Broadcast-Listen, > Fall-Through = 1 Just add: Session-Timeout = 1200 Idle-Timeout = 300 Both attributes take integer values. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Session-Timeout
How do I set a session and a Idle timeout with radius? Can I just add it to my default setup below? Matt DEFAULT Auth-Type := Local Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Routing = Broadcast-Listen, Fall-Through = 1 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Session Timeout
On Fri, 25 Jul 2003, Alex Chen wrote:
> After digging into the rlm_counter code, I finally find out what went wrong.
> If there is a setting of 'allowed-servicetype' in the counter configuration,
> when the counter module will check for the 'Service-Type' in the accounting
> request when accounting stops. If there is no 'Service-Type' attribute in
> the
> request, the module simply returns RLM_MODULE_NOOP, and nothing is done.
>
> After tracing through the code, I double checked the comments in
> radiusd.conf and
> got the following brief description:
>
> # The allowed-servicetype attribute can be used to only take
> # into account specific sessions. For example if a user first
> # logs in through a login menu and then selects ppp there will
> # be two sessions. One for Login-User and one for Framed-User
> # service type. We only need to take into account the second one.
>
> This may be clear to people always know much about the behavior. For newbie
> like
> me it does not really bring a bell.
>
> I think more explanation of the configuration elements for counter will be
> great,
> or add some debug message in rlm_counter.c like:
>
> if((proto_vp = pairfind(request->packet->vps, PW_SERVICE_TYPE)) == NULL)
> {
> DEBUG2("rlm_counter: Service-Type is not set in the request, returns
> 'noop'\n");
> return RLM_MODULE_NOOP;
Ok I 've added a few more debug statements, Thanks
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Session Timeout
After digging into the rlm_counter code, I finally find out what went wrong.
If there is a setting of 'allowed-servicetype' in the counter configuration,
when the counter module will check for the 'Service-Type' in the accounting
request when accounting stops. If there is no 'Service-Type' attribute in
the
request, the module simply returns RLM_MODULE_NOOP, and nothing is done.
After tracing through the code, I double checked the comments in
radiusd.conf and
got the following brief description:
# The allowed-servicetype attribute can be used to only take
# into account specific sessions. For example if a user first
# logs in through a login menu and then selects ppp there will
# be two sessions. One for Login-User and one for Framed-User
# service type. We only need to take into account the second one.
This may be clear to people always know much about the behavior. For newbie
like
me it does not really bring a bell.
I think more explanation of the configuration elements for counter will be
great,
or add some debug message in rlm_counter.c like:
if((proto_vp = pairfind(request->packet->vps, PW_SERVICE_TYPE)) == NULL)
{
DEBUG2("rlm_counter: Service-Type is not set in the request, returns
'noop'\n");
return RLM_MODULE_NOOP;
}
> -Original Message-
> From: Alex Chen [mailto:[EMAIL PROTECTED]
> Sent: Friday, July 25, 2003 4:42 PM
> To: '[EMAIL PROTECTED]'
> Subject: RE: Session Timeout
>
>
> I did read the whole thing. I did not include settings of
> other sections because
> I thought they took too much space in the mail,
> but I did uncomment the 'daily' stanza in the accounting section.
>
> Currently I have:
>
> module {
> ...
> counter daily {
> filename = ${raddbdir}/db.daily
> key = User-Name
> count-attribute = Acct-Session-Time
> reset = daily
> counter-name = Daily-Session-Time
> check-name = Max-Daily-Session
> allowed-servicetype = Outbound-User
> cache-size = 5000
> }
>
> }
>
> instantiate {
> expr
> daily
> }
>
> authorize {
> preprocess
> sql
> files
> daily
> }
>
> accounting {
> acct_unique
> sql
> detail
> daily
> radutmp
> }
>
> And I have the following setting in 'users'
> Alex Max-Daily-Session := 30
> DEFAULT Max-Daily-Session := 20
>
> This is the log I get from radisud
>
> =
> rad_recv: Access-Request packet from host 192.168.1.100:2100,
> id=40, length=68
> User-Name = "Alex"
> User-Password = "alextest"
> NAS-IP-Address = 192.168.1.100
> NAS-Port = 1
> NAS-Port-Type = Ethernet
> NAS-Port-Id = "1234"
> modcall: entering group authorize
>
> rlm_counter: Entering module authorize code
> rlm_counter: Key = User-Name, string value = Alex
> rlm_counter: Check VP name = Max-Daily-Session, value = 30
> rlm_counter: Set user_counter to 0
> rlm_counter: Search for key_datum.dptr 'Alex'
> rlm_counter: gdbm_fetch returns count_datum.dptr == NULL
> rlm_counter: Counter attribute = 'Acct-Session-Time'
> rlm_counter: create reply item Session-Timeout, value = 30
> rlm_counter: (Check item - counter) is greater than zero
> rlm_counter: Authorized user Alex, check_item=30, counter=0
> rlm_counter: Sent Reply-Item for user Alex,
> Type=Session-Timeout, value=30
> modcall[authorize]: module "daily" returns ok
> modcall: group authorize returns ok
> auth: type Crypt
> Sending Access-Accept of id 40 to 192.168.1.100:2100
> Service-Type := Outbound-User
> Class := 0x566973612050726570616964
> Session-Timeout = 30
> Finished request 0
> =
>
>
> ( The extra rlm_counter messages are from the DEBUG2
> statements I sprinkled in
> rlm_counter.c to see the code flow.)
>
> So far so good. I then sent in account start/stop requests
>
> =
> rad_recv: Accounting-Request packet from host
> 192.168.1.100:2101, id=41, length=61
> User-Name = "Alex"
> Acct-Status-Type = Start
> NAS-IP-Address = 192.168.1.100
> NAS-Port = 1
> NAS-Port-Type = Ethernet
> Acct-Session-Id = "100"
> NAS-Port-Id = "1234"
> modcall: entering group accounting
>
> rlm_counter: We only run on Accounting-Stop packets.
>
> modcall: group accounting returns ok
> Sending Accounting-Response of id 41 to 192.168.1.100:2101
> Finished reque
RE: Session Timeout
I did read the whole thing. I did not include settings of other sections
because
I thought they took too much space in the mail,
but I did uncomment the 'daily' stanza in the accounting section.
Currently I have:
module {
...
counter daily {
filename = ${raddbdir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
allowed-servicetype = Outbound-User
cache-size = 5000
}
}
instantiate {
expr
daily
}
authorize {
preprocess
sql
files
daily
}
accounting {
acct_unique
sql
detail
daily
radutmp
}
And I have the following setting in 'users'
AlexMax-Daily-Session := 30
DEFAULT Max-Daily-Session := 20
This is the log I get from radisud
=
rad_recv: Access-Request packet from host 192.168.1.100:2100, id=40,
length=68
User-Name = "Alex"
User-Password = "alextest"
NAS-IP-Address = 192.168.1.100
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1234"
modcall: entering group authorize
rlm_counter: Entering module authorize code
rlm_counter: Key = User-Name, string value = Alex
rlm_counter: Check VP name = Max-Daily-Session, value = 30
rlm_counter: Set user_counter to 0
rlm_counter: Search for key_datum.dptr 'Alex'
rlm_counter: gdbm_fetch returns count_datum.dptr == NULL
rlm_counter: Counter attribute = 'Acct-Session-Time'
rlm_counter: create reply item Session-Timeout, value = 30
rlm_counter: (Check item - counter) is greater than zero
rlm_counter: Authorized user Alex, check_item=30, counter=0
rlm_counter: Sent Reply-Item for user Alex, Type=Session-Timeout, value=30
modcall[authorize]: module "daily" returns ok
modcall: group authorize returns ok
auth: type Crypt
Sending Access-Accept of id 40 to 192.168.1.100:2100
Service-Type := Outbound-User
Class := 0x566973612050726570616964
Session-Timeout = 30
Finished request 0
=
( The extra rlm_counter messages are from the DEBUG2 statements I sprinkled
in
rlm_counter.c to see the code flow.)
So far so good. I then sent in account start/stop requests
=
rad_recv: Accounting-Request packet from host 192.168.1.100:2101, id=41,
length=61
User-Name = "Alex"
Acct-Status-Type = Start
NAS-IP-Address = 192.168.1.100
NAS-Port = 1
NAS-Port-Type = Ethernet
Acct-Session-Id = "100"
NAS-Port-Id = "1234"
modcall: entering group accounting
rlm_counter: We only run on Accounting-Stop packets.
modcall: group accounting returns ok
Sending Accounting-Response of id 41 to 192.168.1.100:2101
Finished request 1
...
rad_recv: Accounting-Request packet from host 192.168.1.100:2102, id=42,
length=61
User-Name = "Alex"
Acct-Status-Type = Stop
NAS-IP-Address = 192.168.1.100
NAS-Port = 1
NAS-Port-Type = Ethernet
Acct-Session-Id = "100"
Acct-Session-Time = 10
...
modcall: entering group accounting
...
rlm_counter: Packet Unique ID = 'ac378b971733fdb1'
modcall[accounting]: module "daily" returns noop
...
Sending Accounting-Response of id 42 to 192.168.1.100:2102
Finished request 2
...
rad_recv: Access-Request packet from host 192.168.1.100:2103, id=43,
length=68
User-Name = "Alex"
User-Password = "alextest"
NAS-IP-Address = 192.168.1.100
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1234"
modcall: entering group authorize
...
rlm_counter: Entering module authorize code
rlm_counter: Key = User-Name, string value = Alex
rlm_counter: Check VP name = Max-Daily-Session, value = 30
rlm_counter: Set user_counter to 0
rlm_counter: Search for key_datum.dptr 'Alex'
rlm_counter: gdbm_fetch returns count_datum.dptr == NULL
rlm_counter: Counter attribute = 'Acct-Session-Time'
rlm_counter: create reply item Session-Timeout, value = 30
rlm_counter: (Check item - counter) is greater than zero
rlm_counter: Authorized user Alex, check_item=30, counter=0
rlm_counter: Sent Reply-Item for user Alex, Type=Session-Timeout, value=30
modcall[authorize]: module "daily" returns ok
modcall: group authorize returns ok
auth: type Crypt
Sending Access-Accept of id 43 to 192.168.1.100:2103
Service-Type := Outbound-User
Class := 0x566973612050726570616964
Session-Timeout = 30
Finished request 3
=
The Session-Timeout returned from the server for user 'Alex' is always 30.
It seems in request 2 the counter module 'daily' does not do anything and in
requ
Re: Session Timeout
"Alex Chen" <[EMAIL PROTECTED]> wrote:
> 2. Counter uses 'User-Name' as the key and creates a counter for it.
>It looks for a counter attribute, 'Acct-Session-Time', in the accounting
>packets and increments the value of this attribute in its DB by the
>amount specified in the request.
Are you sure? Have you tried running it in debugging mode to see
this happening?
> The example uses Max-Daily-Session, but these is no such attribute name and
> radiusd fails to start if I set it, so I used 'Session-Timeout'.
And you expect it to work?
The instructions an examples in radiusd.conf are there for a
REASON. FOLLOW THEM.
> The setting in radiusd.conf
>
> module {
> ...
> counter daily {
...
You do realise that the 'counter' module will be totally ignored,
unless you also list it in the 'accounting' section"?
Have you read the REST of 'radiusd.conf', to see where else the
counter module should be used?
I fail to understand why you've only read half of 'radiusd.conf',
and why you've done something OTHER than what it says to do. I'm even
more surprised that you're wondering why it doesn't work.
While I understand that the documentation for the server could use
some work, it is MORE than adequate to solve the problem you're trying
to address.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Session Timeout
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of
> Alan DeKok
> Sent: Thursday, July 24, 2003 6:50 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Session Timeout
>
>
> "Alex Chen" <[EMAIL PROTECTED]> wrote:
> > > rlm_counter?
> >
> > How is it used? Where can I find a document about this?
>
> Have you tried reading the configuration files?
>
Using the daily counter in radiusd.conf as an example, here is my
understanding
correct me if I am wrong.
1. The counter module keeps its own DB, i.e. db.daily.
2. Counter uses 'User-Name' as the key and creates a counter for it.
It looks for a counter attribute, 'Acct-Session-Time', in the accounting
packets and increments the value of this attribute in its DB by the
amount specified in the request.
3, When the 'Acct-Session-Time' value reaches the limit specified by
'check-name',
'Max-Daily-Session' in the example, the request will be rejected.
Otherwise, on the user's next login, a 'Session-Timeout' attribute will
contain the remaining value of the 'check-name' attribute, i.e.
'Max-Daily-Session'.
For testing purpose, I want to limit the total session to 20 seconds.
The example uses Max-Daily-Session, but these is no such attribute name and
radiusd
fails to start if I set it, so I used 'Session-Timeout'.
Instead of setting this in 'users' files, I set it in MySQL radcheck table:
mysql> select * from radcheck;
++--+-++
+
| id | UserName | Attribute | op | Value
|
++--+-++
+
| 1 | Alex | Crypt-Password | == | $1$I9cEHQWQ$s1nzERngXkHeG7f.Koj2c.
|
| 2 | Alex | Session-Timeout | := | 20
|
++--+-++
+
2 rows in set (0.00 sec)
mysql>
The setting in radiusd.conf
module {
...
counter daily {
filename = ${raddbdir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Session-Timeout
allowed-servicetype = Outbound-User
cache-size = 5000
}
}
But then I always get 'Session-Timeout = 20' in the reply for the
same user, regardless of how much time is set in 'Acct-Session-Time' when
I sent when stopping the accounting.
The same result happens even if I set it in 'users'.
What am I missing here? Any help is appreciated.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Session Timeout
"Alex Chen" <[EMAIL PROTECTED]> wrote: > > rlm_counter? > > How is it used? Where can I find a document about this? Have you tried reading the configuration files? > I tried to use the 'counter daily' module, but do not know how the format of > /usr/local/etc/raddb/db.daily. Why would you care? > The 'file' command told me that the file is GNU dbm file format. I > am using MySQL, can it read this file? No. Why would you want MySQL to read this file? > Another question: Can the 'accounting_stop_query' SQL statement in the > sql.conf file update two tables at all? No. There was a patch posted a while ago which let the server do this. > In my previous mail, I added another 'UPDATE' statement after the > original one, following the ';' SQL command separator. I got an > error message from the server. If I typed the same command from > 'mysql', it worked fine. Then the 'mysql' tool pre-parses the statements in a way that the 'mysqld' daemon does not. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Session Timeout
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > Alan DeKok > Sent: Tuesday, July 22, 2003 10:44 AM > To: [EMAIL PROTECTED] > Subject: Re: Session Timeout > > > "Alex Chen" <[EMAIL PROTECTED]> wrote: > > I am trying to use Session-Timeout as the way to account for how > > much total time the user is allowed to stay connect, and > > Acct-Session-Time for the time the user spend on a session. Once the > > summation of the Acct-Session-Time for all sessions of a user > > reaches the Session-Timeout, the user is denied service. > > rlm_counter? > > Alan DeKok. > How is it used? Where can I find a document about this? I cannot find one under /usr/local/share/doc/freeradius-0.9.0 or from man page . I tried to use the 'counter daily' module, but do not know how the format of /usr/local/etc/raddb/db.daily. The 'file' command told me that the file is GNU dbm file format. I am using MySQL, can it read this file? Another question: Can the 'accounting_stop_query' SQL statement in the sql.conf file update two tables at all? In my previous mail, I added another 'UPDATE' statement after the original one, following the ';' SQL command separator. I got an error message from the server. If I typed the same command from 'mysql', it worked fine. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Session Timeout
"Alex Chen" <[EMAIL PROTECTED]> wrote: > I am trying to use Session-Timeout as the way to account for how > much total time the user is allowed to stay connect, and > Acct-Session-Time for the time the user spend on a session. Once the > summation of the Acct-Session-Time for all sessions of a user > reaches the Session-Timeout, the user is denied service. rlm_counter? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Session Timeout
I am using MySQL and I do not believe currently MySQL supports triggers.
I am writing my own client and use 'radclient' as a mean to communicate
with the server.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Habib
> Seifzadeh
> Sent: Thursday, March 27, 2003 2:05 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Session Timeout
>
>
>
> Why you don't use triggers? you can add a triger witch
> updates radreply table
> automatically when you update radacct.
> by the way, which client do you use for this schema? and
> which db server? do
> you have any problem with postgresql?
>
>
>
>
> On Tuesday 22 July 2003 04:05 am, Alex Chen wrote:
> > I am trying to use Session-Timeout as the way to account
> for how much total
> > time
> > the user is allowed to stay connect, and Acct-Session-Time
> for the time the
> > user
> > spend on a session. Once the summation of the
> Acct-Session-Time for all
> > sessions
> > of a user reaches the Session-Timeout, the user is denied service.
> >
> > The scheme is like this:
> > radreply has the Session-Timeout attribute. When the user
> is accepted,
> > the value is sent to the client. The Radius client starts
> accounting if
> > the Session-Timeout is > 0. When the user disconnects, the
> Radius client
> > stops the accounting and sends back the new Session-Timeout
> value, which is
> > the difference of the original value minus the time the user spent.
> > I modified the server's SQL accounting_stop_query to update not only
> > 'radacct', but
> > also 'radreply':
> >
> > accounting_stop_query = "UPDATE ${acct_table2} SET
> AcctStopTime = '%S',
> > AcctSessionTime = '%{Acct-Session-Time}',
> > AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets =
> > '%{Acct-Output-Octets}',
> > AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay =
> > '%{Acct-Delay-Time}',
> > ConnectInfo_stop = '%{Connect-Info}'
> > WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName =
> > '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'
> > AND AcctStopTime = 0; UPDATE ${authreply_table} SET Value =
> > %{Session-Timeout} WHERE UserName = '%{SQL-User-Name}'
> > AND Attribute = 'Session-Timeout'"
> >
> > Notice there are two UPDATE statements here.
> >
> > But I got the following error in the debug output:
> >
> > radius_xlat: 'Alex'
> > rlm_sql (sql): sql_set_user escaped user --> 'Alex'
> > radius_xlat: 'UPDATE radacct SET AcctStopTime =
> '2003-07-21 14:57:48',
> > AcctSessionTime = '5', AcctInputOctets = '', AcctOutputOctets = '',
> > AcctTerminateCause = '', AcctStopDelay = '',
> ConnectInfo_stop = '' WHERE
> > AcctSessionId = '1' AND UserName = 'Alex' AND NASIPAddress
> = '192.168.2.1'
> > AND AcctStopTime = 0; UPDATE radreply SET Value = 0 WHERE
> UserName = 'Alex'
> > AND Attribute = 'Session-Timeout''
> > rlm_sql (sql): Reserving sql socket id: 3
> > rlm_sql_mysql: MYSQL check_error: 1064 received
> > rlm_sql (sql): Couldn't update SQL accounting STOP record -
> You have an
> > error in your SQL syntax near '; UPDATE radreply SET Value = 0 WHERE
> > UserName = 'Alex' AND Attribute = 'Session' at line 1
> > rlm_sql (sql): Released sql socket id: 3
> > modcall[accounting]: module "sql" returns fail
> > modcall: group accounting returns fail
> >
> > If I manually type in the second update statement to change the
> > Session-Timeout value in the radreply, it worked fine.
> >
> > What could be the problem?
> >
> > If this does not work as the way I expected, how can I get
> the server to
> > update the total time allowed for the user
> > after each accounting start-stop session from within the server?
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Session Timeout
Why you don't use triggers? you can add a triger witch updates radreply table
automatically when you update radacct.
by the way, which client do you use for this schema? and which db server? do
you have any problem with postgresql?
On Tuesday 22 July 2003 04:05 am, Alex Chen wrote:
> I am trying to use Session-Timeout as the way to account for how much total
> time
> the user is allowed to stay connect, and Acct-Session-Time for the time the
> user
> spend on a session. Once the summation of the Acct-Session-Time for all
> sessions
> of a user reaches the Session-Timeout, the user is denied service.
>
> The scheme is like this:
> radreply has the Session-Timeout attribute. When the user is accepted,
> the value is sent to the client. The Radius client starts accounting if
> the Session-Timeout is > 0. When the user disconnects, the Radius client
> stops the accounting and sends back the new Session-Timeout value, which is
> the difference of the original value minus the time the user spent.
> I modified the server's SQL accounting_stop_query to update not only
> 'radacct', but
> also 'radreply':
>
> accounting_stop_query = "UPDATE ${acct_table2} SET AcctStopTime = '%S',
> AcctSessionTime = '%{Acct-Session-Time}',
> AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets =
> '%{Acct-Output-Octets}',
> AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay =
> '%{Acct-Delay-Time}',
> ConnectInfo_stop = '%{Connect-Info}'
> WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName =
> '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'
> AND AcctStopTime = 0; UPDATE ${authreply_table} SET Value =
> %{Session-Timeout} WHERE UserName = '%{SQL-User-Name}'
> AND Attribute = 'Session-Timeout'"
>
> Notice there are two UPDATE statements here.
>
> But I got the following error in the debug output:
>
> radius_xlat: 'Alex'
> rlm_sql (sql): sql_set_user escaped user --> 'Alex'
> radius_xlat: 'UPDATE radacct SET AcctStopTime = '2003-07-21 14:57:48',
> AcctSessionTime = '5', AcctInputOctets = '', AcctOutputOctets = '',
> AcctTerminateCause = '', AcctStopDelay = '', ConnectInfo_stop = '' WHERE
> AcctSessionId = '1' AND UserName = 'Alex' AND NASIPAddress = '192.168.2.1'
> AND AcctStopTime = 0; UPDATE radreply SET Value = 0 WHERE UserName = 'Alex'
> AND Attribute = 'Session-Timeout''
> rlm_sql (sql): Reserving sql socket id: 3
> rlm_sql_mysql: MYSQL check_error: 1064 received
> rlm_sql (sql): Couldn't update SQL accounting STOP record - You have an
> error in your SQL syntax near '; UPDATE radreply SET Value = 0 WHERE
> UserName = 'Alex' AND Attribute = 'Session' at line 1
> rlm_sql (sql): Released sql socket id: 3
> modcall[accounting]: module "sql" returns fail
> modcall: group accounting returns fail
>
> If I manually type in the second update statement to change the
> Session-Timeout value in the radreply, it worked fine.
>
> What could be the problem?
>
> If this does not work as the way I expected, how can I get the server to
> update the total time allowed for the user
> after each accounting start-stop session from within the server?
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Session Timeout
I am trying to use Session-Timeout as the way to account for how much total
time
the user is allowed to stay connect, and Acct-Session-Time for the time the
user
spend on a session. Once the summation of the Acct-Session-Time for all
sessions
of a user reaches the Session-Timeout, the user is denied service.
The scheme is like this:
radreply has the Session-Timeout attribute. When the user is accepted,
the value is sent to the client. The Radius client starts accounting if the
Session-Timeout is > 0. When the user disconnects, the Radius client stops
the accounting and sends back the new Session-Timeout value, which is the
difference of the original value minus the time the user spent.
I modified the server's SQL accounting_stop_query to update not only
'radacct', but
also 'radreply':
accounting_stop_query = "UPDATE ${acct_table2} SET AcctStopTime = '%S',
AcctSessionTime = '%{Acct-Session-Time}',
AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets =
'%{Acct-Output-Octets}',
AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay =
'%{Acct-Delay-Time}',
ConnectInfo_stop = '%{Connect-Info}'
WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}'
AND NASIPAddress = '%{NAS-IP-Address}'
AND AcctStopTime = 0; UPDATE ${authreply_table} SET Value =
%{Session-Timeout} WHERE UserName = '%{SQL-User-Name}'
AND Attribute = 'Session-Timeout'"
Notice there are two UPDATE statements here.
But I got the following error in the debug output:
radius_xlat: 'Alex'
rlm_sql (sql): sql_set_user escaped user --> 'Alex'
radius_xlat: 'UPDATE radacct SET AcctStopTime = '2003-07-21 14:57:48',
AcctSessionTime = '5', AcctInputOctets = '', AcctOutputOctets = '',
AcctTerminateCause = '', AcctStopDelay = '', ConnectInfo_stop = '' WHERE
AcctSessionId = '1' AND UserName = 'Alex' AND NASIPAddress = '192.168.2.1'
AND AcctStopTime = 0; UPDATE radreply SET Value = 0 WHERE UserName = 'Alex'
AND Attribute = 'Session-Timeout''
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql_mysql: MYSQL check_error: 1064 received
rlm_sql (sql): Couldn't update SQL accounting STOP record - You have an
error in your SQL syntax near '; UPDATE radreply SET Value = 0 WHERE
UserName = 'Alex' AND Attribute = 'Session' at line 1
rlm_sql (sql): Released sql socket id: 3
modcall[accounting]: module "sql" returns fail
modcall: group accounting returns fail
If I manually type in the second update statement to change the
Session-Timeout value in the radreply, it worked fine.
What could be the problem?
If this does not work as the way I expected, how can I get the server to
update the total time allowed for the user
after each accounting start-stop session from within the server?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem whith Session-Timeout
> How can I specify "Session-Timeout" parameter passed to NAS server > every time a user is connecting to NAS? in users: USERNAME Auth-Type := Local, User-Password == "PASSWORD" Session-Timeout = ?? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problem whith Session-Timeout
How can I specify "Session-Timeout" parameter passed to NAS server every time a user is connecting to NAS? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with Session-Timeout
On Sun, Jul 13, 2003 at 12:07:51PM +0400, Emel`chenko Alexander wrote: > On Sun, 13 Jul 2003 18:00:15 +1000 > "Paul Hampson" <[EMAIL PROTECTED]> wrote: > > > > > From: Emel`chenko Alexander > > > Sent: Sunday, 13 July 2003 5:48 PM > > > > > why radius does`t send "Session-Timeout" to NAS if > > > > > in acct_users: > > > DEFAULT Acct-Status-Type == Start > > > Exec-Program = "/usr/local/bin/start" > > > > Exec-Program doesn't wait for attributes. You want > > Exec-Program-Wait > > > no, Exec-Program-Wait doesn`t wok > the same H... Alan already told you that a Session-Timeout makes no sense for Accounting pakets... so what? Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Session-Timeout
Emel`chenko Alexander <[EMAIL PROTECTED]> wrote: > why radius does`t send "Session-Timeout" if > > in acct_users: Session-Timeout cannot be used in accounting packets. See the RFC's. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with Session-Timeout
On Sun, 13 Jul 2003 18:00:15 +1000 "Paul Hampson" <[EMAIL PROTECTED]> wrote: > > From: Emel`chenko Alexander > > Sent: Sunday, 13 July 2003 5:48 PM > > > why radius does`t send "Session-Timeout" to NAS if > > > in acct_users: > > DEFAULT Acct-Status-Type == Start > > Exec-Program = "/usr/local/bin/start" > > Exec-Program doesn't wait for attributes. You want > Exec-Program-Wait no, Exec-Program-Wait doesn`t wok the same > = > Paul "TBBle" Hampson > Bubblesworth Pty Ltd (ABN: 51 095 284 361) > [EMAIL PROTECTED] > > This is a one line proof...if we start > sufficiently far to the left. > -- Cambridge University Math Department > - > Random signature generator 3.0 by Paul "TBBle" Hampson > = > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Technical Support Administrator of "NARZAN" Network mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: problem with Session-Timeout
> From: Emel`chenko Alexander > Sent: Sunday, 13 July 2003 5:48 PM > why radius does`t send "Session-Timeout" to NAS if > in acct_users: > DEFAULT Acct-Status-Type == Start > Exec-Program = "/usr/local/bin/start" Exec-Program doesn't wait for attributes. You want Exec-Program-Wait -- = Paul "TBBle" Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul "TBBle" Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problem with Session-Timeout
why radius does`t send "Session-Timeout" to NAS if in acct_users: DEFAULT Acct-Status-Type == Start Exec-Program = "/usr/local/bin/start" in /usr/local/bin/start: #!/bin/bash echo "Session-Timeout = 1"; mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Session-Timeout
why radius does`t send "Session-Timeout" if in acct_users: DEFAULT Acct-Status-Type == Start Exec-Program = "/usr/local/bin/start" in /usr/local/bin/start: #!/bin/bash echo "Session-Timeout = 1"; mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: updating session-timeout attribute in MySql db through Radius
That`s simple: Add another SQL module, that You would use in accounting section. The query on accounting stop would update the Session-Timeout appropriately. Comment out other queries in this added module. All info is in sql.conf - copy that file, modify queries, and include in radiusd.conf that modified file. I haven`t tried it - maybe You don`t need to add another module, just add another query after semicolon. Greetings Marcin Mańk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
re: updating session-timeout attribute in MySql db through Radius
Hello! I'm working on a prepaid public internet access system. And I would like to be able to update the value of the Session-Timeout attribute in the MySQL database through freeRadius, as opposed to just a direct SQL statement to the MySQL server. The reason for wanting to do this is so that if a user only used half of their allotted time, then they would be able to login at another time and still have the other half of their time (stored by the Session-Timeout attribute). Is this possible? Many thanks in advance for any help, Simon. _ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Accounting and Session-Timeout
Title: Message
this
seems to be an extremely popular question (I joined this list to ask this same
question).
Tom
Emerson had replied with an excellent step-by-step procedure, and here it is
(hope you don't mind Tom):
[TOM START]the solution is to
set up a "counter" with "reset=never". I'm doing the same thing
[wireless hotspot, pre-paid "one hour" cards, etc.] and for the most part
the following seems to work for me:
[in
modules] counter lifetime
{
filename =
${raddbdir}/db.lifetime
key =
User-Name
count-attribute =
Acct-Session-Time
reset =
never
counter-name =
lifetime-session-counter
check-name =
lifetime-limit
cache-size =
5000 }
[in
instantiation]
lifetime
[in
authorize]
..
sql
lifetime ..
[in
accounting]
lifetime
[in the SQL database --
radgroupcheck] groupname:
onehour attribute:
lifetime-limit op:
:= value: 3600
[if you are using a "user file"
instead of an SQL database, you would include "lifetime-limit = 3600" in the
check items part of an entry, i.e., the first line of the
entry]
users are associated with the
"onehour" group via an entry in usergroup table, though for a one-element
group check item, you could simply put that item into the radcheck table and
not bother with a group...
BIG HUGE CAVEAT: the current
production version (0.8.1) has a bug with "reset=never" -- it resets when
the program restarts. This is fixed in the CVS/development sources, so
it should be in 0.9 [due to be released in like a couple weeks or less, from
what I hear...]
[TOM
END]
-Original Message-From: Igor Maciel Macaubas
[mailto:[EMAIL PROTECTED] Sent: June 26, 2003 11:10
PMTo: [EMAIL PROTECTED]Subject: Accounting
and Session-Timeout
Hello everybody,
I have here, up and running, a FreeRadius 0.8.1 server
accessing a MySQL database to authenticate my users.
I have a table 'radreply', where I can define a custom
radreply for each user. I'm using this for a quite easy thing: I'm replying with
the default data a Session-Timeout, which is defined for each user.
What's going on: I have an user with the login 'igor', for
example, and I've configured a Session-Timeout of 60 seconds (1 minute). After 1
minute, my RAS disconnects the user 'igor'. But if 'igor' authenticates again,
he'll have 1 minute more.
I guess that I have to launch a database stored procedure or
something like on the STOP event, to calculate the remaining time and write the
right values on the right places.
Does anybody here have another way to do it? Have someone here
ever did that?
Suggestions are welcome.
Regards,Igor--[EMAIL PROTECTED]Andrea Coppini+356 79 ANDREA (263732)[EMAIL PROTECTED]EMPOWER PEOPLE - THE WORLD IN YOUR HANDiWG (iWORLD GROUP) is a global e-mobile company creating, building and growing new businesses. iWG founders are pioneers in creating multi-billion dollar mobile and Internet businesses in Europe, Asia and the US.The Global Partners include the shareholders Bank of America, Deutsche Bank, Hikari Tsushin, McCaw, PaineWebber/UBS, The Dolphins' Trust, Perikles Trust and the iAA Advisory Network.www.iWG.infowww.countryprofiler.com/iWGPrivileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email.
Re: Accounting and Session-Timeout
At 04:09 PM 6/26/2003, you wrote: Hello everybody, I have here, up and running, a FreeRadius 0.8.1 server accessing a MySQL database to authenticate my users. I have a table 'radreply', where I can define a custom radreply for each user. I'm using this for a quite easy thing: I'm replying with the default data a Session-Timeout, which is defined for each user. What's going on: I have an user with the login 'igor', for example, and I've configured a Session-Timeout of 60 seconds (1 minute). After 1 minute, my RAS disconnects the user 'igor'. But if 'igor' authenticates again, he'll have 1 minute more. I guess that I have to launch a database stored procedure or something like on the STOP event, to calculate the remaining time and write the right values on the right places. Does anybody here have another way to do it? Have someone here ever did that? Suggestions are welcome. I think you might want to look at rlm_sqlcounter. There is excellent documentation too, which is found in /path/to/src/radiusd/doc/rlm_sqlcounter. HTH, Chris Brotsos - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting and Session-Timeout
Hello everybody, I have here, up and running, a FreeRadius 0.8.1 server accessing a MySQL database to authenticate my users. I have a table 'radreply', where I can define a custom radreply for each user. I'm using this for a quite easy thing: I'm replying with the default data a Session-Timeout, which is defined for each user. What's going on: I have an user with the login 'igor', for example, and I've configured a Session-Timeout of 60 seconds (1 minute). After 1 minute, my RAS disconnects the user 'igor'. But if 'igor' authenticates again, he'll have 1 minute more. I guess that I have to launch a database stored procedure or something like on the STOP event, to calculate the remaining time and write the right values on the right places. Does anybody here have another way to do it? Have someone here ever did that? Suggestions are welcome. Regards,Igor--[EMAIL PROTECTED]
Re: Session-Timeout
On Thu, 2003-06-26 at 14:06, Martijn Prummel wrote: > Hey all! > > I use freeradius and added a rlm module of my own and that all works > ok, but I have a really (maybe even stupid) question. sed -e 's/really//' -e 's/even//' > The Session-Timeout attribute seems not to be passed along with the > Auth-Accept packet to the NAS. Should I always used a trick like sed 's/used/use/' Sorry for that ;-) Martijn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Session-Timeout
Hey all! I use freeradius and added a rlm module of my own and that all works ok, but I have a really (maybe even stupid) question. The Session-Timeout attribute seems not to be passed along with the Auth-Accept packet to the NAS. Should I always used a trick like Exec-Program-Wait or something like that to get that attribute passed to the NAS? :-) TIA, Martijn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cisco as5300 session-timeout problem
hi, Thank you for the help, The problem was in the authorization, because I was using aaa authorization network default if-authenticated group radius and when I delete the if-authenticated : aaa authorization network default group radius it works now fine, strange no, but now when a user dialin whith a terminal window , it says that ppp authorization failed. thank you Andrea for the help. Kali > At 13.55 14/10/02, you wrote: >>hi, >> >>I 'am using interface Group-Async , should I replace it by interface >> Dialer ? >> >>Is this what you mean? > > NO. Cisco IOS had a feature that creates virtual-interfaces based on > virtual-templates. Browse the documentation on Cisco's web site at > >http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fdial_c/fnsprt8/index.htm. > You can setup session limit/timeout only if you use a > virtual-interface. > > Once you setup this, you don't need anymore group-async or dialer > interfaces. > > >> > you MUST use the virtual-interface feature of cisco IOS. you can >> setup timeouts only with virtual interface >> > >> > At 11.12 12/10/02, you wrote: >> >>hi, >> >> >> >>I am using freeradius 0.5, and sqlcounter module. >> >>I use the freeradius with a Patton and I got no problem auth, >> >> accounting, and disconnection. >> >> >> >>But when I try iy with the CISCO as5300(IOS 12.2), all the >> accounting >> >> and authentication works fine, but I got just one problem : >> >>the cisco can't disconnect the dialer if they reach there >> >> session-timeout? >> >> >> >>the cisco configuratiogn is: >> >> >> >>aaa new-model >> >>aaa authentication login default group radius >> >>aaa authentication ppp default if-needed group radius >> >>aaa authorization exec default if-authenticated group radius >> >>aaa authorization network default if-authenticated group radius aaa >> accounting delay-start >> >>aaa accounting exec default start-stop group radius >> >>aaa accounting network default start-stop group radius >> >>aaa processes 6 >> >> >> >> >> >>when I use the debug mode in cisco I got: >> >> >> >> User: ciscotesting, line tty 7, service Async >> >> Active time 00:03:12, Idle time 00:00:03 >> >> Timeouts:Absolute Idle Idle >> >> Session Exec >> >> Limits: - - 00:10:00 >> >> Disconnect in: - - - >> >> TTY: Line 7, running PPP on As7 >> >> Location: PPP: x.x.x.x >> >> DS0: (slot/unit/channel)=0/0/14 >> >> Line: Baud rate (TX/RX) is 115200/115200, no parity, 1 stopbits, >> 8 >> >> databits Status: Ready, Active, No Exit Banner, Async Interface >> Active >> >> HW PPP Support Active, Modem Detected >> >> Capabilities: Hardware Flowcontrol In, Hardware Flowcontrol Out >> >> Modem RI is CD, Line usable as async interface >> Modem Autoconfigure, Integrated Modem >> >> Modem State: Ready, Modem Configured >> >> >> >> User: ciscotest, line As7, service PPP >> >> Active time 00:03:02, Idle time 00:00:03 >> >> Timeouts:Absolute Idle >> >> Limits: - - >> >> Disconnect in: - - >> >> PPP: LCP Open, IPCP >> >> IP: Local x.x.x.x, remote x.x.x.x >> >> Counts: 226 packets input, 13485 bytes, 0 no buffer >> >> 0 input errors, 0 CRC, 0 frame, 0 overrun >> >> 207 packets output, 14700 bytes, 0 underruns >> >> 0 output errors, 0 collisions, 0 interface resets >> >> >> >> in the timeouts (limits and disconnect) I got no thing. >> >> >> >>is there any thing to change in the freeradius dictionary? >> >> >> >>thanks >> >> >> >> >> >> >> >>- >> >>List info/subscribe/unsubscribe? See >> >> http://www.freeradius.org/list/users.html >> > >> > >> > --- >> > Where's the ANY key? >> > --- >> > Ing. Andrea Gabellini >> > Email: [EMAIL PROTECTED] >> > Tel: 0549 886111 (Italy) >
Re: cisco as5300 session-timeout problem
At 13.55 14/10/02, you wrote: >hi, > >I 'am using interface Group-Async , should I replace it by interface Dialer ? > >Is this what you mean? NO. Cisco IOS had a feature that creates virtual-interfaces based on virtual-templates. Browse the documentation on Cisco's web site at http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fdial_c/fnsprt8/index.htm. You can setup session limit/timeout only if you use a virtual-interface. Once you setup this, you don't need anymore group-async or dialer interfaces. > > you MUST use the virtual-interface feature of cisco IOS. you can setup > > timeouts only with virtual interface > > > > At 11.12 12/10/02, you wrote: > >>hi, > >> > >>I am using freeradius 0.5, and sqlcounter module. > >>I use the freeradius with a Patton and I got no problem auth, > >> accounting, and disconnection. > >> > >>But when I try iy with the CISCO as5300(IOS 12.2), all the accounting > >> and authentication works fine, but I got just one problem : > >>the cisco can't disconnect the dialer if they reach there > >> session-timeout? > >> > >>the cisco configuratiogn is: > >> > >>aaa new-model > >>aaa authentication login default group radius > >>aaa authentication ppp default if-needed group radius > >>aaa authorization exec default if-authenticated group radius > >>aaa authorization network default if-authenticated group radius > >>aaa accounting delay-start > >>aaa accounting exec default start-stop group radius > >>aaa accounting network default start-stop group radius > >>aaa processes 6 > >> > >> > >>when I use the debug mode in cisco I got: > >> > >> User: ciscotesting, line tty 7, service Async > >> Active time 00:03:12, Idle time 00:00:03 > >> Timeouts:Absolute Idle Idle > >> Session Exec > >> Limits: - - 00:10:00 > >> Disconnect in: - - - > >> TTY: Line 7, running PPP on As7 > >> Location: PPP: x.x.x.x > >> DS0: (slot/unit/channel)=0/0/14 > >> Line: Baud rate (TX/RX) is 115200/115200, no parity, 1 stopbits, 8 > >> databits Status: Ready, Active, No Exit Banner, Async Interface > >> Active > >> HW PPP Support Active, Modem Detected > >> Capabilities: Hardware Flowcontrol In, Hardware Flowcontrol Out > >> Modem RI is CD, Line usable as async interface > >> Modem Autoconfigure, Integrated Modem > >> Modem State: Ready, Modem Configured > >> > >> User: ciscotest, line As7, service PPP > >> Active time 00:03:02, Idle time 00:00:03 > >> Timeouts:Absolute Idle > >> Limits: - - > >> Disconnect in: - - > >> PPP: LCP Open, IPCP > >> IP: Local x.x.x.x, remote x.x.x.x > >> Counts: 226 packets input, 13485 bytes, 0 no buffer > >> 0 input errors, 0 CRC, 0 frame, 0 overrun > >> 207 packets output, 14700 bytes, 0 underruns > >> 0 output errors, 0 collisions, 0 interface resets > >> > >> in the timeouts (limits and disconnect) I got no thing. > >> > >>is there any thing to change in the freeradius dictionary? > >> > >>thanks > >> > >> > >> > >>- > >>List info/subscribe/unsubscribe? See > >> http://www.freeradius.org/list/users.html > > > > > > --- > > Where's the ANY key? > > --- > > Ing. Andrea Gabellini > > Email: [EMAIL PROTECTED] > > Tel: 0549 886111 (Italy) > > Tel. +378 0549 886111 (International) > > > > Intelcom San Marino S.p.A. > > Strada degli Angariari, 3 > > 47891 Rovereta > > Repubblic of San Marino > > > > http://www.omniway.sm http://www.intelcom.sm > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Education is the ability to listen to almost anything without losing your temper. --- Ing. Andrea Gabellini Email: [EMAIL PROTECTED] Tel: 0549 886111 (Italy) Tel. +378 0549 886111 (International) Intelcom San Marino S.p.A. Strada degli Angariari, 3 47891 Rovereta Repubblic of San Marino http://www.omniway.sm http://www.intelcom.sm - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cisco as5300 session-timeout problem
hi, Thank you for the help Andrea, can you give me more precision, what you mean by virtual-interface? thanks. > hi, > > I 'am using interface Group-Async , should I replace it by interface > Dialer ? > > Is this what you mean? > >> you MUST use the virtual-interface feature of cisco IOS. you can setup >> timeouts only with virtual interface >> >> At 11.12 12/10/02, you wrote: >>>hi, >>> >>>I am using freeradius 0.5, and sqlcounter module. >>>I use the freeradius with a Patton and I got no problem auth, >>> accounting, and disconnection. >>> >>>But when I try iy with the CISCO as5300(IOS 12.2), all the accounting >>> and authentication works fine, but I got just one problem : >>>the cisco can't disconnect the dialer if they reach there >>> session-timeout? >>> >>>the cisco configuratiogn is: >>> >>>aaa new-model >>>aaa authentication login default group radius >>>aaa authentication ppp default if-needed group radius >>>aaa authorization exec default if-authenticated group radius >>>aaa authorization network default if-authenticated group radius >>>aaa accounting delay-start >>>aaa accounting exec default start-stop group radius >>>aaa accounting network default start-stop group radius >>>aaa processes 6 >>> >>> >>>when I use the debug mode in cisco I got: >>> >>> User: ciscotesting, line tty 7, service Async >>> Active time 00:03:12, Idle time 00:00:03 >>> Timeouts:Absolute Idle Idle >>> Session Exec >>> Limits: - - 00:10:00 >>> Disconnect in: - - - >>> TTY: Line 7, running PPP on As7 >>> Location: PPP: x.x.x.x >>> DS0: (slot/unit/channel)=0/0/14 >>> Line: Baud rate (TX/RX) is 115200/115200, no parity, 1 stopbits, 8 >>> databits Status: Ready, Active, No Exit Banner, Async Interface >>> Active >>> HW PPP Support Active, Modem Detected >>> Capabilities: Hardware Flowcontrol In, Hardware Flowcontrol Out >>> Modem RI is CD, Line usable as async interface >>> Modem Autoconfigure, Integrated Modem >>> Modem State: Ready, Modem Configured >>> >>> User: ciscotest, line As7, service PPP >>> Active time 00:03:02, Idle time 00:00:03 >>> Timeouts:Absolute Idle >>> Limits: - - >>> Disconnect in: - - >>> PPP: LCP Open, IPCP >>> IP: Local x.x.x.x, remote x.x.x.x >>> Counts: 226 packets input, 13485 bytes, 0 no buffer >>> 0 input errors, 0 CRC, 0 frame, 0 overrun >>> 207 packets output, 14700 bytes, 0 underruns >>> 0 output errors, 0 collisions, 0 interface resets >>> >>> in the timeouts (limits and disconnect) I got no thing. >>> >>>is there any thing to change in the freeradius dictionary? >>> >>>thanks >>> >>> >>> >>>- >>>List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >> >> >> --- >> Where's the ANY key? >> --- >> Ing. Andrea Gabellini >> Email: [EMAIL PROTECTED] >> Tel: 0549 886111 (Italy) >> Tel. +378 0549 886111 (International) >> >> Intelcom San Marino S.p.A. >> Strada degli Angariari, 3 >> 47891 Rovereta >> Repubblic of San Marino >> >> http://www.omniway.sm http://www.intelcom.sm >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cisco as5300 session-timeout problem
hi, I 'am using interface Group-Async , should I replace it by interface Dialer ? Is this what you mean? > you MUST use the virtual-interface feature of cisco IOS. you can setup > timeouts only with virtual interface > > At 11.12 12/10/02, you wrote: >>hi, >> >>I am using freeradius 0.5, and sqlcounter module. >>I use the freeradius with a Patton and I got no problem auth, >> accounting, and disconnection. >> >>But when I try iy with the CISCO as5300(IOS 12.2), all the accounting >> and authentication works fine, but I got just one problem : >>the cisco can't disconnect the dialer if they reach there >> session-timeout? >> >>the cisco configuratiogn is: >> >>aaa new-model >>aaa authentication login default group radius >>aaa authentication ppp default if-needed group radius >>aaa authorization exec default if-authenticated group radius >>aaa authorization network default if-authenticated group radius >>aaa accounting delay-start >>aaa accounting exec default start-stop group radius >>aaa accounting network default start-stop group radius >>aaa processes 6 >> >> >>when I use the debug mode in cisco I got: >> >> User: ciscotesting, line tty 7, service Async >> Active time 00:03:12, Idle time 00:00:03 >> Timeouts:Absolute Idle Idle >> Session Exec >> Limits: - - 00:10:00 >> Disconnect in: - - - >> TTY: Line 7, running PPP on As7 >> Location: PPP: x.x.x.x >> DS0: (slot/unit/channel)=0/0/14 >> Line: Baud rate (TX/RX) is 115200/115200, no parity, 1 stopbits, 8 >> databits Status: Ready, Active, No Exit Banner, Async Interface >> Active >> HW PPP Support Active, Modem Detected >> Capabilities: Hardware Flowcontrol In, Hardware Flowcontrol Out >> Modem RI is CD, Line usable as async interface >> Modem Autoconfigure, Integrated Modem >> Modem State: Ready, Modem Configured >> >> User: ciscotest, line As7, service PPP >> Active time 00:03:02, Idle time 00:00:03 >> Timeouts:Absolute Idle >> Limits: - - >> Disconnect in: - - >> PPP: LCP Open, IPCP >> IP: Local x.x.x.x, remote x.x.x.x >> Counts: 226 packets input, 13485 bytes, 0 no buffer >> 0 input errors, 0 CRC, 0 frame, 0 overrun >> 207 packets output, 14700 bytes, 0 underruns >> 0 output errors, 0 collisions, 0 interface resets >> >> in the timeouts (limits and disconnect) I got no thing. >> >>is there any thing to change in the freeradius dictionary? >> >>thanks >> >> >> >>- >>List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html > > > --- > Where's the ANY key? > --- > Ing. Andrea Gabellini > Email: [EMAIL PROTECTED] > Tel: 0549 886111 (Italy) > Tel. +378 0549 886111 (International) > > Intelcom San Marino S.p.A. > Strada degli Angariari, 3 > 47891 Rovereta > Repubblic of San Marino > > http://www.omniway.sm http://www.intelcom.sm > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cisco as5300 session-timeout problem
you MUST use the virtual-interface feature of cisco IOS. you can setup timeouts only with virtual interface At 11.12 12/10/02, you wrote: >hi, > >I am using freeradius 0.5, and sqlcounter module. >I use the freeradius with a Patton and I got no problem auth, accounting, >and disconnection. > >But when I try iy with the CISCO as5300(IOS 12.2), all the accounting and >authentication works fine, but I got just one problem : >the cisco can't disconnect the dialer if they reach there session-timeout? > >the cisco configuratiogn is: > >aaa new-model >aaa authentication login default group radius >aaa authentication ppp default if-needed group radius >aaa authorization exec default if-authenticated group radius >aaa authorization network default if-authenticated group radius >aaa accounting delay-start >aaa accounting exec default start-stop group radius >aaa accounting network default start-stop group radius >aaa processes 6 > > >when I use the debug mode in cisco I got: > > User: ciscotesting, line tty 7, service Async > Active time 00:03:12, Idle time 00:00:03 > Timeouts:Absolute Idle Idle > Session Exec > Limits: - - 00:10:00 > Disconnect in: - - - > TTY: Line 7, running PPP on As7 > Location: PPP: x.x.x.x > DS0: (slot/unit/channel)=0/0/14 > Line: Baud rate (TX/RX) is 115200/115200, no parity, 1 stopbits, 8 databits > Status: Ready, Active, No Exit Banner, Async Interface Active > HW PPP Support Active, Modem Detected > Capabilities: Hardware Flowcontrol In, Hardware Flowcontrol Out > Modem RI is CD, Line usable as async interface > Modem Autoconfigure, Integrated Modem > Modem State: Ready, Modem Configured > > User: ciscotest, line As7, service PPP > Active time 00:03:02, Idle time 00:00:03 > Timeouts:Absolute Idle > Limits: - - > Disconnect in: - - > PPP: LCP Open, IPCP > IP: Local x.x.x.x, remote x.x.x.x > Counts: 226 packets input, 13485 bytes, 0 no buffer > 0 input errors, 0 CRC, 0 frame, 0 overrun > 207 packets output, 14700 bytes, 0 underruns > 0 output errors, 0 collisions, 0 interface resets > > in the timeouts (limits and disconnect) I got no thing. > >is there any thing to change in the freeradius dictionary? > >thanks > > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Where's the ANY key? --- Ing. Andrea Gabellini Email: [EMAIL PROTECTED] Tel: 0549 886111 (Italy) Tel. +378 0549 886111 (International) Intelcom San Marino S.p.A. Strada degli Angariari, 3 47891 Rovereta Repubblic of San Marino http://www.omniway.sm http://www.intelcom.sm - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
cisco as5300 session-timeout problem
hi, I am using freeradius 0.5, and sqlcounter module. I use the freeradius with a Patton and I got no problem auth, accounting, and disconnection. But when I try iy with the CISCO as5300(IOS 12.2), all the accounting and authentication works fine, but I got just one problem : the cisco can't disconnect the dialer if they reach there session-timeout? the cisco configuratiogn is: aaa new-model aaa authentication login default group radius aaa authentication ppp default if-needed group radius aaa authorization exec default if-authenticated group radius aaa authorization network default if-authenticated group radius aaa accounting delay-start aaa accounting exec default start-stop group radius aaa accounting network default start-stop group radius aaa processes 6 when I use the debug mode in cisco I got: User: ciscotesting, line tty 7, service Async Active time 00:03:12, Idle time 00:00:03 Timeouts:Absolute Idle Idle Session Exec Limits: - - 00:10:00 Disconnect in: - - - TTY: Line 7, running PPP on As7 Location: PPP: x.x.x.x DS0: (slot/unit/channel)=0/0/14 Line: Baud rate (TX/RX) is 115200/115200, no parity, 1 stopbits, 8 databits Status: Ready, Active, No Exit Banner, Async Interface Active HW PPP Support Active, Modem Detected Capabilities: Hardware Flowcontrol In, Hardware Flowcontrol Out Modem RI is CD, Line usable as async interface Modem Autoconfigure, Integrated Modem Modem State: Ready, Modem Configured User: ciscotest, line As7, service PPP Active time 00:03:02, Idle time 00:00:03 Timeouts:Absolute Idle Limits: - - Disconnect in: - - PPP: LCP Open, IPCP IP: Local x.x.x.x, remote x.x.x.x Counts: 226 packets input, 13485 bytes, 0 no buffer 0 input errors, 0 CRC, 0 frame, 0 overrun 207 packets output, 14700 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets in the timeouts (limits and disconnect) I got no thing. is there any thing to change in the freeradius dictionary? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Exec-Program-Wait and setting Session-Timeout
Hello freeradius-users, In docs I read that I can set Session-Timeout parameter in Exec-Program-Wait script. I use python script in my case but can't see that Session-Timeout works. I just print to stdout string like this: Session-Timeout = 474 Am I missing something? Thanks in advance. Best regards, Ruslan mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: session-timeout cisco 5800
At 03:17 PM 8/19/2002 +0200, [EMAIL PROTECTED] wrote: >hi, > >how must i configure my cisco and radius to use session-timeout and >max-month-session. > >i use a cisco 5800 with c5800-p4-mz.121-7.bin >and freeradius 0.7 > >here are my configs: > >cisco 5800 >== > >aaa authentication login dialin group radius >aaa authentication ppp dialin local group radius >aaa authorization exec default none >aaa authorization network dialin local group radius if-authenticated >aaa accounting network dialin start-stop group radius > > >radius >== > >adm Auth-Type := local, User-Password == "adm" > Service-Type = Framed-User, > Session-Timeout = 3600, > Fall-Through = Yes > > >it looks like, that the radius don't send the session-timeout attribute. What does radius tell you when you run the server in debug mode? Note that you have 'Fall-Through = Yes', so you may be overwriting/modifying the profile with other entries. Run the server in debug mode and it will tell you exactly what it is doing. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
session-timeout cisco 5800
hi,
how must i configure my cisco and radius to use session-timeout and
max-month-session.
i use a cisco 5800 with c5800-p4-mz.121-7.bin
and freeradius 0.7
here are my configs:
cisco 5800
==
aaa authentication login dialin group radius
aaa authentication ppp dialin local group radius
aaa authorization exec default none
aaa authorization network dialin local group radius if-authenticated
aaa accounting network dialin start-stop group radius
radius
==
adm Auth-Type := local, User-Password == "adm"
Service-Type = Framed-User,
Session-Timeout = 3600,
Fall-Through = Yes
it looks like, that the radius don't send the session-timeout attribute.
deb radius
Aug 19 15:09:54.807: RADIUS: Initial Transmit Serial1/0/0:22 id 25
195.35.2.66:
1817, Accounting-Request, len 140
Aug 19 15:09:54.807: Attribute 4 6 D4DF6501
Aug 19 15:09:54.807: Attribute 5 6 4E36
Aug 19 15:09:54.807: Attribute 26 22 000902105365
Aug 19 15:09:54.807: Attribute 61 6 0002
Aug 19 15:09:54.807: Attribute 1 16 73736130
Aug 19 15:09:54.807: Attribute 30 12 32353733
Aug 19 15:09:54.807: Attribute 31 12 39323037
Aug 19 15:09:54.807: Attribute 40 6 0001
Aug 19 15:09:54.807: Attribute 45 6 0001
Aug 19 15:09:54.807: Attribute 6 6 0002
Aug 19 15:09:54.807: Attribute 44 10 30303030
Aug 19 15:09:54.807: Attribute 7 6 0001
Aug 19 15:09:54.807: Attribute 41 6
Aug 19 15:09:54.807: RADIUS: Using NAS default peer
Aug 19 15:09:54.807: RADIUS: Authorize IP address 0.0.0.0
thanks hans
--
Dipl. Inform Guido Hans Krause mailto:[EMAIL PROTECTED]
EDV-Beratung http://www.admin4linux.de
Choriner Str. 23, D-10435 Berlin Phone: +49.30/4481493
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Please HELP ME..can do Session TimeOut for Replace sql counter ?,
Gumilar Satriawan <[EMAIL PROTECTED]> wrote: > Alternatifely use Rlm_sqlcounter, But It intend not > for each user account balance but For Each Group > Defined in daily, weekly, etc.., 9 ( I have to > modified in long time ). I need For each users > can have Account Balance (Time Duration) and then > RADIUS system can Forcing disconnect POrtslave modem > if their used time expire ( may be use > PW_SESSION_TIME or ??? ) Have you looked at rlm_counter? It does exactly what you want. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Please HELP ME..can do Session TimeOut for Replace sql counter ?,
Hi all, Guru.. I am configuring FreeRadius Server 07 and Portslave 2001-01-19 for internet prepaid in my campuss My problem is difficult disconnect users while their login to RADIUS. I have Idea to count for each session time use Session Time Out While user Logging on, But I am not sure it will working fine.. Alternatifely use Rlm_sqlcounter, But It intend not for each user account balance but For Each Group Defined in daily, weekly, etc.., 9 ( I have to modified in long time ). I need For each users can have Account Balance (Time Duration) and then RADIUS system can Forcing disconnect POrtslave modem if their used time expire ( may be use PW_SESSION_TIME or ??? ) Thank In Advanced Gumilar Satriawan __ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Please HELP ME..can do Session TimeOut for Replace sql counter ?,
Hi all, My Guru.. I am configuring FreeRadius Server 06 and Portslave 2001-01-19 for internet prepaid.. My problem is difficult disconnect users while their login to RADIUS. I have Idea to count for each session time use Session Time Out While user Logging on, But I am not sure it will working fine.. Alternatifely use Rlm_sqlcounter, But It intend not for each user account balance but For Each Group Defined in daily, weekly, etc.., 9 ( I have to modified in long time )I need For each users can have Account Balance ( Time Duration) and then system RADIUS can Forcing disconnect POrtslave modem if User account expired.. Please Help Me.. GURUs, mainly for Mr.Alan and Mr. Chris ... Thank In Advanced Gumilar Satriawan __ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No Session-Timeout
Hi. I have some problems. I use RADIUS server which is suppored with Windows 2000 advanced server. I set Session-Timeout value on the RADIUS server and did RADIUS authentication. But RADIUS server does not send Session-Timeout attribute to client. Access-Request message attributes and Access-Accept message attributes are as follows; Access-Request message attributes NAS-IP-Address = [172.22.2.2] NAS-Port = 0 Service-Type = 2 (Framed) Framed-MTU = 2304 State = "" Called-Station-ID = "00-11-23-43-44-33" Calling-Station-ID = "00-11-23-43-44-32" NAS-Identifier = "ddd" NAS-Port-Type = 19 (Unknown port type) Unknown attribute 87 Unknown attribute 79 User-Name = "test" Unknown attribute 80 Access-Accept message attributes Class = "*.? The above attributes were captured by a sniffer program. ºÎµ¿»ê ¼¿ÇÁ¸Å¹°µî·Ï¿¡¼ °æ¸Å,ÀÌ»ç°ßÀû ºñ±³±îÁö ÇѲ¨¹ø¿¡ ÇØ°áÇÑ´Ù! (http://land.hanmir.com) Unique & Best, Çѹ̸£ ¾Æ¹ÙŸ! (http://avatar.hanmir.com/) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: not Session-Timeout, but Session-Timeouts
Ruslan A Dautkhanov <[EMAIL PROTECTED]> wrote: > I have tried to use Login-Time, it worked also - FR just > set properly Session-Timeout value every time. > But how can use Session-Time and Login-Time attributes > simultaneously??? Both of them try to add Session-Timeout to > reply VPs. The right choice is to return _MINIMUM_ of > these Session-Timeouts, so user's session will be terminated > automatically when he step over to not permitted time period > (this period seted by Login-Time), _OR_ when his money account > exhausted. Is it possible to return minimum of these? It aleady does that. See 'src/main/auth.c', line 715. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
not Session-Timeout, but Session-Timeouts
Hi all, I have configured my FreeRadius server, so it do AAA for my dialup users. I have tried to use Session-Timeout. It have been used to reject users when they don't have many on their account anymore. It's worked perfectly good. I have tried to use Login-Time, it worked also - FR just set properly Session-Timeout value every time. But how can use Session-Time and Login-Time attributes simultaneously??? Both of them try to add Session-Timeout to reply VPs. The right choice is to return _MINIMUM_ of these Session-Timeouts, so user's session will be terminated automatically when he step over to not permitted time period (this period seted by Login-Time), _OR_ when his money account exhausted. Is it possible to return minimum of these? Thanks, Ruslan A Dautkhanov - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: session timeout attribute
Hi, the problem is that when i use app_Debitcad.2.0.2.2.tcl , after authentication time which returns the values of h323-retun-code and h323-credit-amount and h323-credit-time my execution program goes to the state of not recieveing tel number without any delay.Also the section of reading credit numbers and time don't work. Regards, Hooman --- Rodrigo Gonzalez <[EMAIL PROTECTED]> wrote: > If you explain which error you had maybe someone could help you > > - Original Message - > From: "Hooman Amini" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, May 29, 2002 10:11 AM > Subject: Re: session timeout attribute > > > > I have tried cisco debitcard.tcl but i has some error in using credit > amount > > that's why i am looking for an automatic session timeout attribute to > purge my > > session automatically. > > > > --- Rodrigo Gonzalez <[EMAIL PROTECTED]> wrote: > > > h323-credit-time > > > it depends on tcl if it use the return value or not, check your tcl > before > > > using it > > > > > > - Original Message ----- > > > From: "Hooman Amini" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Wednesday, May 29, 2002 9:14 AM > > > Subject: session timeout attribute > > > > > > > > > > Hi, > > > > I have used freeradius for our prepaid calling card system.I am > looking > > > for an > > > > attribute to timeout our voip ivr sessions like session-timout. > checking > > > > session-timeout i have got no result. > > > > > > > > any idea? > > > > > > > > Hooman > > > > --- "Giovanni P. Tirloni" <[EMAIL PROTECTED]> wrote: > > > > > * Stefan Immel ([EMAIL PROTECTED]) wrote: > > > > > > Our radius just died again, this time without an sig 11: > > > > > > > > > > > > >Wed May 29 11:49:53 2002 : Error: Trying to look up name of > unknown > > > client > > > > > 8.193.44.64. > > > > > > >Wed May 29 11:49:53 2002 : Error: Accounting-Request packet sent > to a > > > > > non-accounting port from cl > > > > > > >ient UNKNOWN-CLIENT:0 - ID 2 : IGNORED > > > > > > > > > > > > After that it was dead. No sig 11, no core file. > > > > > > > > > > Hi, > > > > > > > > > > SIG11 usually means hardware problems but since this time you say > it > > > died > > > > > from no aparent reason and without core dumping I don't know. Are > you > > > seeing > > > > > this behaviour with other apps on your system ? > > > > > > > > > > - Giovanni > > > > > > > > > > - > > > > > List info/subscribe/unsubscribe? See > > > > http://www.freeradius.org/list/users.html > > > > > > > > > > > > __ > > > > Do You Yahoo!? > > > > Yahoo! - Official partner of 2002 FIFA World Cup > > > > http://fifaworldcup.yahoo.com > > > > > > > > - > > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > > > > > > > > > > - > > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > __ > > Do You Yahoo!? > > Yahoo! - Official partner of 2002 FIFA World Cup > > http://fifaworldcup.yahoo.com > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: session timeout attribute
If you explain which error you had maybe someone could help you - Original Message - From: "Hooman Amini" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, May 29, 2002 10:11 AM Subject: Re: session timeout attribute > I have tried cisco debitcard.tcl but i has some error in using credit amount > that's why i am looking for an automatic session timeout attribute to purge my > session automatically. > > --- Rodrigo Gonzalez <[EMAIL PROTECTED]> wrote: > > h323-credit-time > > it depends on tcl if it use the return value or not, check your tcl before > > using it > > > > - Original Message - > > From: "Hooman Amini" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Wednesday, May 29, 2002 9:14 AM > > Subject: session timeout attribute > > > > > > > Hi, > > > I have used freeradius for our prepaid calling card system.I am looking > > for an > > > attribute to timeout our voip ivr sessions like session-timout. checking > > > session-timeout i have got no result. > > > > > > any idea? > > > > > > Hooman > > > --- "Giovanni P. Tirloni" <[EMAIL PROTECTED]> wrote: > > > > * Stefan Immel ([EMAIL PROTECTED]) wrote: > > > > > Our radius just died again, this time without an sig 11: > > > > > > > > > > >Wed May 29 11:49:53 2002 : Error: Trying to look up name of unknown > > client > > > > 8.193.44.64. > > > > > >Wed May 29 11:49:53 2002 : Error: Accounting-Request packet sent to a > > > > non-accounting port from cl > > > > > >ient UNKNOWN-CLIENT:0 - ID 2 : IGNORED > > > > > > > > > > After that it was dead. No sig 11, no core file. > > > > > > > > Hi, > > > > > > > > SIG11 usually means hardware problems but since this time you say it > > died > > > > from no aparent reason and without core dumping I don't know. Are you > > seeing > > > > this behaviour with other apps on your system ? > > > > > > > > - Giovanni > > > > > > > > - > > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > > > > > > __ > > > Do You Yahoo!? > > > Yahoo! - Official partner of 2002 FIFA World Cup > > > http://fifaworldcup.yahoo.com > > > > > > - > > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > __ > Do You Yahoo!? > Yahoo! - Official partner of 2002 FIFA World Cup > http://fifaworldcup.yahoo.com > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: session timeout attribute
I have tried cisco debitcard.tcl but i has some error in using credit amount that's why i am looking for an automatic session timeout attribute to purge my session automatically. --- Rodrigo Gonzalez <[EMAIL PROTECTED]> wrote: > h323-credit-time > it depends on tcl if it use the return value or not, check your tcl before > using it > > - Original Message - > From: "Hooman Amini" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, May 29, 2002 9:14 AM > Subject: session timeout attribute > > > > Hi, > > I have used freeradius for our prepaid calling card system.I am looking > for an > > attribute to timeout our voip ivr sessions like session-timout. checking > > session-timeout i have got no result. > > > > any idea? > > > > Hooman > > --- "Giovanni P. Tirloni" <[EMAIL PROTECTED]> wrote: > > > * Stefan Immel ([EMAIL PROTECTED]) wrote: > > > > Our radius just died again, this time without an sig 11: > > > > > > > > >Wed May 29 11:49:53 2002 : Error: Trying to look up name of unknown > client > > > 8.193.44.64. > > > > >Wed May 29 11:49:53 2002 : Error: Accounting-Request packet sent to a > > > non-accounting port from cl > > > > >ient UNKNOWN-CLIENT:0 - ID 2 : IGNORED > > > > > > > > After that it was dead. No sig 11, no core file. > > > > > > Hi, > > > > > > SIG11 usually means hardware problems but since this time you say it > died > > > from no aparent reason and without core dumping I don't know. Are you > seeing > > > this behaviour with other apps on your system ? > > > > > > - Giovanni > > > > > > - > > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > __ > > Do You Yahoo!? > > Yahoo! - Official partner of 2002 FIFA World Cup > > http://fifaworldcup.yahoo.com > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: session timeout attribute
h323-credit-time it depends on tcl if it use the return value or not, check your tcl before using it - Original Message - From: "Hooman Amini" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, May 29, 2002 9:14 AM Subject: session timeout attribute > Hi, > I have used freeradius for our prepaid calling card system.I am looking for an > attribute to timeout our voip ivr sessions like session-timout. checking > session-timeout i have got no result. > > any idea? > > Hooman > --- "Giovanni P. Tirloni" <[EMAIL PROTECTED]> wrote: > > * Stefan Immel ([EMAIL PROTECTED]) wrote: > > > Our radius just died again, this time without an sig 11: > > > > > > >Wed May 29 11:49:53 2002 : Error: Trying to look up name of unknown client > > 8.193.44.64. > > > >Wed May 29 11:49:53 2002 : Error: Accounting-Request packet sent to a > > non-accounting port from cl > > > >ient UNKNOWN-CLIENT:0 - ID 2 : IGNORED > > > > > > After that it was dead. No sig 11, no core file. > > > > Hi, > > > > SIG11 usually means hardware problems but since this time you say it died > > from no aparent reason and without core dumping I don't know. Are you seeing > > this behaviour with other apps on your system ? > > > > - Giovanni > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > __ > Do You Yahoo!? > Yahoo! - Official partner of 2002 FIFA World Cup > http://fifaworldcup.yahoo.com > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
session timeout attribute
Hi, I have used freeradius for our prepaid calling card system.I am looking for an attribute to timeout our voip ivr sessions like session-timout. checking session-timeout i have got no result. any idea? Hooman --- "Giovanni P. Tirloni" <[EMAIL PROTECTED]> wrote: > * Stefan Immel ([EMAIL PROTECTED]) wrote: > > Our radius just died again, this time without an sig 11: > > > > >Wed May 29 11:49:53 2002 : Error: Trying to look up name of unknown client > 8.193.44.64. > > >Wed May 29 11:49:53 2002 : Error: Accounting-Request packet sent to a > non-accounting port from cl > > >ient UNKNOWN-CLIENT:0 - ID 2 : IGNORED > > > > After that it was dead. No sig 11, no core file. > > Hi, > > SIG11 usually means hardware problems but since this time you say it died > from no aparent reason and without core dumping I don't know. Are you seeing > this behaviour with other apps on your system ? > > - Giovanni > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Session-Timeout
I have had the Session-Timeout counter enabled in both the 'authorize' and 'accounting' sections of the radiusd.conf file, and the 'DEFAULT Daily-Session-Time > 7200, Auth-Type = Reject' line to the users file, however when I turn on debugging, I see that the radius server does not send a Session-Timeout value as part of the authenticate response (as it appears it's supposed to in rlm_counter.c, lines 575-617). I don't even see the debugging messages when I turn on -xx, messages that according to the module are suppsed to be appearing. Am I missing somewhere else where I should be placing a call to this module? Thanks, Eric * Eric Reischer [EMAIL PROTECTED] "The most beautiful thing we can experience is the mysterious."-- Albert Einstein * - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Session TimeOut usage...
Is this the correct way to use Session timeout? To tell portslave when to disconnect the user? Thanks DEFAULT Auth-Type := System Fall-Through = 1 DEFAULT Session-Timeout := 1800 DEFAULT Daily-Session-Time > 1800, Auth-Type := Reject Peter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: attribute session-timeout failed
At 06:25 PM 1/18/2002 +0800, Daniel Yeung wrote: >Hi all > >Does anyone use attribute session-timeout ? >I want to limit login session in 1 hr. >I use CISCO AS-5300 and try attribute session-timeout in users file. >But I failed to make it work. Please help. Sounds like a problem with your cisco. Session-Timeout works just fine in every NAS I run ( Cisco 5300,5400,5800,Portmaster 3,Ascend Max-6000, Max-TNT,APX-1000,APX-8000 ). Try contacting cisco support or a cisco NAS mailing list to figure out why the cisco isn't applying the attribute. -Chris -- \\\|||/// \ Chris Parker-Manager, Development Engineering \ ~ ~ / \ WX *is* Wireless!\ [EMAIL PROTECTED] | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Without C we would have 'obol', 'basi', and 'pasal' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
attribute session-timeout failed
Hi all Does anyone use attribute session-timeout ? I want to limit login session in 1 hr. I use CISCO AS-5300 and try attribute session-timeout in users file. But I failed to make it work. Please help. Best Regards Daniel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How disconnect a user automatically by session-timeout?
Hi, I am using freeradius-0.2 on linux redhat7.1 with cisco 2511 router (ios:11.3) I want set sessoin-timeout for disconnect our users. but it don't work correctly. who done it successfully? what are right steps for configuring it? is it possible i use mysql modules? because i want arrange use it for database logging and web interface outputs. Any helps would be appricated, Thanks in advanced, masroor - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
