Re: limiting sessions
* Try to respond just to the list and not me personally. I don't enjoy wading through duplicate messages. Thanks! On Thursday 09 November 2006 11:34, Andrew Long wrote: > also ran > > SELECT > `usergroup`.`UserName`, > `usergroup`.`creationdate`, > `usergroup`.`GroupName` > from usergroup > where username = '4aroma70370'; > > and that also comes up null... > > Does it make sense that radius is not recognizing the usernames as > belonging to the group 'aroma', thus not assigning the group-reply? Yes, because the radius server does what you configure it to do. You should have control over the usergroup table, so it shouldn't be difficult to add the missing records. If you're still stuck, try sending relevant output from all of your sql tables. The actual row data should be good enough, unless you've mangled the table structure to suit local needs. > This is my current thought on this, but I'm not sure why it would > still authorize the request, unless it's not necessary that users be > part of group. It isn't necessary. The cleartext password needed for CHAP was provided by a module (users, sql, ??), so the access request was accepted. Kevin Bonner pgp5lBMh78e4T.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: limiting sessions
On Thursday 09 November 2006 11:00, Andrew Long wrote: > Here is the output from radiusd -X regarding the answer to an > auth-request from one of the properties where I changed > session-timeout to 1800. It does not look to me like the > session-timeout attribute is being sent... any suggestions? Where are you setting Session-Timeout? If it is being added by an sql entry, run the queries shown in your debug output to verify the rows returned from the database are correct. What are the check and reply items for the section that contains the Session-Timeout attribute? Are they matching attributes in the Access-Request packet you sent? Kevin Bonner pgp2Wjcu4U6Qm.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: limiting sessions
Andrew Long wrote: I need to boot users at one property after a specified time period. We have adjusted the "max-daily-session" to "1800" (30 minutes), but users still seem to be staying on. Can someone point me in the right direction. The NAS is a Colubris cn3000. The other attribute we have that may apply is "max-acct-age". I am pretty new to this, so any detail is most appreciated. The NAS should support Session-Timeout, which is the most common method of time-limiting sessions. If not, hit the vendor with a big cluebat, as it's in the RFC. -- James Wakefield, Unix Administrator, Information Technology Services Division Deakin University, Geelong, Victoria 3217 Australia. Phone: 03 5227 8690 International: +61 3 5227 8690 Fax: 03 5227 8866 International: +61 3 5227 8866 E-mail: [EMAIL PROTECTED] Website: http://www.deakin.edu.au - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: limiting sessions
Andrew Long <[EMAIL PROTECTED]> wrote: > I need to boot users at one property after a specified time period. > We have adjusted the "max-daily-session" to "1800" (30 minutes), > but users still seem to be staying on. Can someone point me in the > right direction. The NAS is a Colubris cn3000. Why use Max-Daily-Session? What's wrong with Session-Timeout? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
