Re: Problem with rml_sqlcounter with GigaByte datavolume
Thanks for your reply but I can't find any version 3.x.x of freeRADIUS. Where can I find it ? Nicolas -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problem-with-rml-sqlcounter-with-GigaByte-datavolume-tp4455164p4793455.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with rml_sqlcounter with GigaByte datavolume
On 12 Sep 2011, at 10:20, nfourel wrote: > Thanks for your reply but I can't find any version 3.x.x of freeRADIUS. Where > can I find it ? > http://git.freeradius.org/ 3.x.x is currently in development on the master branch. -Arran Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
NAS IP Address
Hello, I'm using free radius server 2.1.11 on Linux Enterprise Server 6.1. OS: Linux Enterprise Server 6.1 Radius: free radius server 2.1.11 Database: Mysql The WIFI routers we're using are in diffirent private networks, behind the internet gateways. The WIFI router has private IP address, such as 192.168.1.1. For some reason, we need know which Internet IP address, the WIFI router is using to do the authention with the FreeRadius server. The FreeRadius server is on internet. As the business needs, we need save the IP addres(Internet gateway IP address) to MySql database. Can anyone advise how to do so? Thanks! Tom- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: NAS IP Address
On 12 Sep 2011, at 13:58, 2394263740 wrote:
> Hello,
> I'm using free radius server 2.1.11 on Linux Enterprise Server 6.1.
> OS: Linux Enterprise Server 6.1
> Radius: free radius server 2.1.11
> Database: Mysql
>
> The WIFI routers we're using are in diffirent private networks, behind the
> internet gateways. The WIFI router has private IP address, such as
> 192.168.1.1.
>
> For some reason, we need know which Internet IP address, the WIFI router is
> using to do the authention with the FreeRadius server. The FreeRadius server
> is on internet.
>
> As the business needs, we need save the IP addres(Internet gateway IP
> address) to MySql database.
edit the queries in
raddb/sql/mysql/dialup.conf
and add the additional columns to the SQL database.
The original IP address of the NAS may be sent in the NAS-IP-Address attribute,
in which case use the expansion %{NAS-IP-Address} for the value of the new
column.
Arran Cudbard-Bell
a.cudba...@freeradius.org
RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Best Practices - maximum NAS entries in clients.conf
@ everyone We have about 100 NAS entries in our clients.conf file, it makes the file a bear to deal with but the server seems to handle it fine. We will be expanding our infrastructure soon and the number of NAS entries will increase significantly. At what point should we think about putting them into a database for FR to use? Also, I have seen some chatter on the list about dynamic NASs. Am I correct in assuming that if we are using a DB instead of the clients.conf file we can add or remove clients simply by making changes to the correct table, all without having to restart FR? Jake Sallee Godfather of Bandwidth Network Engineer University of Mary Hardin-Baylor 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Best Practices - maximum NAS entries in clients.conf
Sallee, Stephen (Jake) wrote: > We have about 100 NAS entries in our clients.conf file, it makes the file a > bear to deal with but the server seems to handle it fine. We will be > expanding our infrastructure soon and the number of NAS entries will increase > significantly. At what point should we think about putting them into a > database for FR to use? Whenever you get tired of managing them in clients.conf. The server has been tested with 500K clients in clients.conf. It takes a few seconds to start, and a gig or so of RAM, but it works. > Also, I have seen some chatter on the list about dynamic NASs. Am I correct > in assuming that if we are using a DB instead of the clients.conf file we can > add or remove clients simply by making changes to the correct table, all > without having to restart FR? Yes. You can also do this with files. See raddb/dynamic_clients in 2.1.12. (When it comes out) Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Best Practices - maximum NAS entries in clients.conf
On 12 Sep 2011, at 16:04, Sallee, Stephen (Jake) wrote: > @ everyone > > We have about 100 NAS entries in our clients.conf file, it makes the file a > bear to deal with but the server seems to handle it fine. We will be > expanding our infrastructure soon and the number of NAS entries will increase > significantly. At what point should we think about putting them into a > database for FR to use? When it becomes a bear to deal with the clients.conf file :) - I guess memory might be a concern? But i'm sure there are sites out there with client.conf files holding thousands of entries... It's a hash table in C, it's going to be fast. > > Also, I have seen some chatter on the list about dynamic NASs. Am I correct > in assuming that if we are using a DB instead of the clients.conf file we can > add or remove clients simply by making changes to the correct table, all > without having to restart FR? Indeed. You can also set them to expire as well, to clean up old unused entries. -Arran Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Best Practices - maximum NAS entries in clients.conf
> Fone: 254-295-4658 > Phax: 254-295-4221 Nice :) Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Best Practices - maximum NAS entries in clients.conf
If the network your APs are on is physically secure, and you don't need accounting for individual APs, you can use netmasks to define clients in the clients.conf file. - Original Message - From: "Sallee, Stephen (Jake)" To: freeradius-users Cc: Sent: Monday, September 12, 2011 9:04 AM Subject: Best Practices - maximum NAS entries in clients.conf @ everyone We have about 100 NAS entries in our clients.conf file, it makes the file a bear to deal with but the server seems to handle it fine. We will be expanding our infrastructure soon and the number of NAS entries will increase significantly. At what point should we think about putting them into a database for FR to use? Also, I have seen some chatter on the list about dynamic NASs. Am I correct in assuming that if we are using a DB instead of the clients.conf file we can add or remove clients simply by making changes to the correct table, all without having to restart FR? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Unable to Authenticate with SHA Password
Hi All,
I am unable to authenticate the When I send SHA password to the FreeRADIUS.
I have configured SHA-Password := "admin123" in the users file.
My Password is admin123 and after SHA messagedigest its
-50-2710713-59-76-1105593-48-89-126-957495-4-108-29-81-48
RADIUS is getting the request but its rejecting it.
Please find the following radius logs,
rad_recv: Access-Request packet from host 172.17.148.152 port 50459, id=0,
length=111
User-Name = "emsadmin"
User-Password =
"-50-2710713-59-76-1105593-48-89-126-957495-4-108-29-81-48"
NAS-Identifier = "sunems8-zone2"
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "emsadmin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry emsadmin at line 204
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password
"-50-2710713-59-76-1105593-48-89-126-957495-4-108-29-81-48"
[pap] Using SHA1 encryption.
[pap] Configured SHA1 password has incorrect length
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> emsadmin
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 0 to 172.17.148.152 port 50459
Waking up in 4.9 seconds.
Cleaning up request 1 ID 0 with timestamp +6002
Ready to process requests.
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Unable-to-Authenticate-with-SHA-Password-tp4794449p4794449.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Best Practices - maximum NAS entries in clients.conf
Yup. One could create a management / auth VLAN of sorts. Set the source port for RADIUS/Auth/etc. to be said VLAN. In theory then you would need only a single network entry in clients conf, and if you wish, reject traffic from any other "unauthorized" nets / IP's. We do something similar as we also have a large number of switches and other NAS type devices. G -Original Message- From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org [mailto:freeradius-users-bounces+ggatten=waddell@lists.freeradius.org] On Behalf Of Bruce Nunn Sent: Monday, September 12, 2011 9:41 AM To: FreeRadius users mailing list Subject: Re: Best Practices - maximum NAS entries in clients.conf If the network your APs are on is physically secure, and you don't need accounting for individual APs, you can use netmasks to define clients in the clients.conf file. - Original Message - From: "Sallee, Stephen (Jake)" To: freeradius-users Cc: Sent: Monday, September 12, 2011 9:04 AM Subject: Best Practices - maximum NAS entries in clients.conf @ everyone We have about 100 NAS entries in our clients.conf file, it makes the file a bear to deal with but the server seems to handle it fine. We will be expanding our infrastructure soon and the number of NAS entries will increase significantly. At what point should we think about putting them into a database for FR to use? Also, I have seen some chatter on the list about dynamic NASs. Am I correct in assuming that if we are using a DB instead of the clients.conf file we can add or remove clients simply by making changes to the correct table, all without having to restart FR? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with rml_sqlcounter with GigaByte datavolume
Many thanks, I am going to try it ! Nicolas -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problem-with-rml-sqlcounter-with-GigaByte-datavolume-tp4455164p4794470.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Best Practices - maximum NAS entries in clients.conf
On 12 Sep 2011, at 16:41, Bruce Nunn wrote: > If the network your APs are on is physically secure, and you don't need > accounting for individual APs, you can use netmasks to define clients in the > clients.conf file. > Why would using a shared, shared secrets or netmasks mess with accounting? But yes, honestly, MD5 has been broken for some time, the only reason to use individual shared secrets is if you're still running something like PAP for Terminal login to the Access Point itself. Using a shared, shared secret does reduce the security of the protocol and increase the probability that the secret could be obtained... and of course if you've got one you've got them all. But if you're just running EAP with a TLS layer, then the only thing it buys you is DDOS protection, and request/response Integrity and thats only useful if the attacker is in a position to play MITM, or flood your server with requests... -Arran Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unable to Authenticate with SHA Password
Rajkumar balaji wrote: > Hi All, > > I am unable to authenticate the When I send SHA password to the FreeRADIUS. > > I have configured SHA-Password := "admin123" in the users file. That's not a SHA password. It's a clear-text password. > My Password is admin123 and after SHA messagedigest its > -50-2710713-59-76-1105593-48-89-126-957495-4-108-29-81-48 I have no idea what that is. SHA returns a hex string. > RADIUS is getting the request but its rejecting it. > > Please find the following radius logs, > > rad_recv: Access-Request packet from host 172.17.148.152 port 50459, id=0, > length=111 > User-Name = "emsadmin" > User-Password = > "-50-2710713-59-76-1105593-48-89-126-957495-4-108-29-81-48" Huh? You have this all completely backwards. Give the clear-text password to "radclient". It should show up in the debug output as User-Password = "admin123". Put the hex version of the SHA has into the "users" file, as: emsadminSHA-Password := 0x123456789abcdef It WILL work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP Authentication bind as user issue
Ive already set Auth-Type := LDAP by putting it in the users file.
As for the rest, I have what you suggest...
authenticate {
Auth-Type LDAP {
ldap.netid
}
Dave
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/LDAP-Authentication-bind-as-user-issue-tp4786621p4794846.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Troubleshooting FreeRadius +LDAP
Greetings list users,
I'm trying setup FreeRadius to work with LDAP in a deployment of ClearOS and
have followed this How-To
http://www.clearfoundation.com/docs/howtos/setting_up_freeradius2_to_use_ldap
and this How-To http://deployingradius.com/documents/configuration/pap.html
with success, up to the part of the inital radtest with credentials inserted in
the users file. But when trying to use credentials from the LDAP directory, the
Radius server returns an Access-Reject packet.
Below is the output from the debug mode.
***
login as: root
root@192.168.3.5's password:
Last login: Mon Sep 12 13:31:45 2011 from 192.168.3.2
[root@system ~]# service radiusd stop
Stopping RADIUS server:[ OK ]
[root@system ~]# radiusd -X
FreeRADIUS Version 2.1.7, for host i686-redhat-linux-gnu, built on May 19 2010
at 13:10:59
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clearos-clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/ldap
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/otp
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/clearos-eap.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/control-socket
including configuration file /etc/raddb/sites-enabled/inner-tunnel
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/clearos-inner-tunnel
group = radiusd
user = radiusd
including dictionary file /etc/raddb/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/radius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: Loa
Re: Best Practices - maximum NAS entries in clients.conf
On 9/12/2011 07:21, Arran Cudbard-Bell wrote: On 12 Sep 2011, at 16:04, Sallee, Stephen (Jake) wrote: @ everyone We have about 100 NAS entries in our clients.conf file, it makes the file a bear to deal with but the server seems to handle it fine. We will be expanding our infrastructure soon and the number of NAS entries will increase significantly. At what point should we think about putting them into a database for FR to use? When it becomes a bear to deal with the clients.conf file :) - I guess memory might be a concern? But i'm sure there are sites out there with client.conf files holding thousands of entries... It's a hash table in C, it's going to be fast. Also, I have seen some chatter on the list about dynamic NASs. Am I correct in assuming that if we are using a DB instead of the clients.conf file we can add or remove clients simply by making changes to the correct table, all without having to restart FR? Indeed. You can also set them to expire as well, to clean up old unused entries. -Arran Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Last I heard, you could NOT dynamically add NASs without restarting clients.conf as NAS entries are only read once on startup. Has this changed? Even if this has not changed, the advantages of storing NASs in a table is pretty significant. make changes, call quick restart script, done. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Best Practices - maximum NAS entries in clients.conf
> Last I heard, you could NOT dynamically add NASs without restarting > clients.conf as NAS entries are only read once on startup. Has this changed? Yes, FreeRADIUS will now load clients dynamically from clients or from a database, or an LDAP directory, or off a 5 1/4 floppy, a usb key shaped like a humping dog, or just about any other storage medium. > Even if this has not changed, the advantages of storing NASs in a table is > pretty significant. make changes, call quick restart script, done. Well it has changed. In fact it changed in 08/09. It's now, add client to SQL database, wait client to send packet, wooo client automagically added. You can even remove them using the radiusd control socket without restarting the server. -Arran Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Best Practices - maximum NAS entries in clients.conf
Christ Schlacta wrote: > Last I heard, you could NOT dynamically add NASs without restarting > clients.conf as NAS entries are only read once on startup. Has this > changed? I *did* respond to your message. Please read the messages on this list. > Even if this has not changed, the advantages of storing NASs in a table > is pretty significant. make changes, call quick restart script, done. Uh... no. My message (again) talked about adding clients dynamically. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Best Practices - maximum NAS entries in clients.conf
On Tue, Sep 13, 2011 at 2:42 AM, Alan DeKok wrote:
> Christ Schlacta wrote:
>> Even if this has not changed, the advantages of storing NASs in a table
>> is pretty significant. make changes, call quick restart script, done.
>
> Uh... no. My message (again) talked about adding clients dynamically.
If I understand raddb/sites-available/dynamic-clients correctly, the
only way to store (well, to retrieve actualy) dynamic clients
definition in SQL is to use "%{sql:" expansion. Is there a way to make
it have some level of redundancy? Last time I check, "%{sql:" can't be
used on "virtual" modules (from instantiate or policy section) which
groups multiple sql instance together using "redundant".
--
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Best Practices - maximum NAS entries in clients.conf
On 9/12/2011 12:41, Arran Cudbard-Bell wrote: Last I heard, you could NOT dynamically add NASs without restarting clients.conf as NAS entries are only read once on startup. Has this changed? Yes, FreeRADIUS will now load clients dynamically from clients or from a database, or an LDAP directory, or off a 5 1/4 floppy, a usb key shaped like a humping dog, or just about any other storage medium. Even if this has not changed, the advantages of storing NASs in a table is pretty significant. make changes, call quick restart script, done. Well it has changed. In fact it changed in 08/09. It's now, add client to SQL database, wait client to send packet, wooo client automagically added. You can even remove them using the radiusd control socket without restarting the server. -Arran Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html I'm very glad to hear about these changes, and may be implementing them in the near future (note to alan DeKok: I'm not the OP. I only responded to this recently.) Also, I own the USB key shaped like a humping dog. It doesn't have any storage space and is just a decorative humping dog for your computer. Unless they've made a new version since I purchased mine. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Custom function to update Session-Timeout
Hi, I am new in this mailing list.
I have similar situation too, I need counting "something" before decide to
send session-timeout to NAS in accounting section. The purpose is disconnect
online-user by updating his current Session-Timeout with lower value.
Unfortunately, its still not working.
My question is, is it possible to send reply Session-Timeout in "accounting
section"?
I put same in accounting section:
update reply {
Session-Timeout := `/path/to/my/super/awesome/sessiontimeout/script
-myarguments`
}
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Custom-function-to-update-Session-Timeout-tp4779813p4796996.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Custom function to update Session-Timeout
Have you tried setting the proper timeout from the auth section?
Session-Timeout :=
`/script/that/returns/minimum/of/1-hour/or/remaining-time` ?
On 9/12/2011 20:52, denzx wrote:
Hi, I am new in this mailing list.
I have similar situation too, I need counting "something" before decide to
send session-timeout to NAS in accounting section. The purpose is disconnect
online-user by updating his current Session-Timeout with lower value.
Unfortunately, its still not working.
My question is, is it possible to send reply Session-Timeout in "accounting
section"?
I put same in accounting section:
update reply {
Session-Timeout := `/path/to/my/super/awesome/sessiontimeout/script
-myarguments`
}
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Custom-function-to-update-Session-Timeout-tp4779813p4796996.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Custom function to update Session-Timeout
On Tue, Sep 13, 2011 at 10:52 AM, denzx wrote: > My question is, is it possible to send reply Session-Timeout in "accounting > section"? >From http://www.ietf.org/rfc/rfc2865.txt " 5.27. Session-Timeout Description This Attribute sets the maximum number of seconds of service to be provided to the user before termination of the session or prompt. This Attribute is available to be sent by the server to the client in an Access-Accept or Access-Challenge. " So no, you shouldn't be able to "send reply Session-Timeout in accounting section" -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
