Re: Zero Session-Timeout
Thanks for the suggestion.. the rlm_perl works.!!. to load session-time
value..
But if no value found... as configured in perl script..
if (!$timeoutvalue){
return RLM_MODULE_REJECT;
}
it will not reject the user user will just has NO Session-Timeout..
--haizam
- Original Message -
From: "Kostas Kalevras" <[EMAIL PROTECTED]>
To: "FreeRadius users mailing list"
Sent: Tuesday, May 30, 2006 7:19 PM
Subject: Re: Zero Session-Timeout
On Tue, 30 May 2006, Rohaizam Abu Bakar wrote:
Dear all,
Using FB 6.0, FR 1.0.5 (will upgrade soon)
I've problem with timeout...
I've set in users file as below in order to load timeout value depending
on type of connection (ISDN/PSTN)
DEFAULT NAS-Port-Type == "Sync", Autz-Type := DIALUP,
Auth-Type := DIALUP
Session-Timeout =
`%{exec:/usr/local/etc/raddb/timeout.pl %U ISDN}`
DEFAULT NAS-Port-Type == "Async", Autz-Type := DIALUP,
Auth-Type := DIALUP
Session-Timeout =
`%{exec:/usr/local/etc/raddb/timeout.pl %U PSTN}`value
The problem is when "Session-Timeout =0", normally happen when script
cannot load value... it will NOT timeout... user till can get connect
until manually disconnect...
I think that some access servers cannot handle session-timeout values
which are very low or zero. In any case if session-timeout is zero you re
better off sending an access-reject anyway.
I would suggest moving the script to rlm_perl and just return REJECT in
case you cannot find a correct value. And also try not sending a
session-timeout value which is lower than 60 secs.
Below is the debug log...
Login OK: [integ36] (from client INFRANETTEST port 300 cli )
Sending Access-Accept of id 111 to 10.1.1.1:1645
Session-Timeout = 0
Framed-Compression = Van-Jacobson-TCP-IP
Framed-MTU = 1500
Framed-Protocol = PPP
Service-Type = Framed-User
Finished request 89
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host 10.1.1.1:1646, id=97,
length=131
Acct-Session-Id = "00AE"
Framed-Protocol = PPP
User-Name = "integ36"
Acct-Authentic = RADIUS
Acct-Status-Type = Start
Calling-Station-Id = ""
Called-Station-Id = "2426"
NAS-Port-Type = Async
Connect-Info = "50667/24000 V90/V44/LAPM"
NAS-Port = 300
Service-Type = Framed-User
NAS-IP-Address = 10.1.1.1
Acct-Delay-Time = 0
.
.
.
.
rad_recv: Accounting-Request packet from host 10.1.1.1:1646, id=98,
length=173
Acct-Session-Id = "00AE"
Framed-Protocol = PPP
Framed-IP-Address = 10.1.1.3
User-Name = "integ36"
Acct-Authentic = RADIUS
Acct-Session-Time = 26
Acct-Input-Octets = 8110
Acct-Output-Octets = 4998
Acct-Input-Packets = 92
Acct-Output-Packets = 37
Acct-Terminate-Cause = User-Request
Acct-Status-Type = Stop
Calling-Station-Id = ""
Called-Station-Id = "2426"
NAS-Port-Type = Async
Connect-Info = "50667/24000 V90/V44/LAPM"
NAS-Port = 300
Service-Type = Framed-User
NAS-IP-Address = 10.1.1.1
Acct-Delay-Time = 0
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Zero Session-Timeout
On Tue, 30 May 2006, Rohaizam Abu Bakar wrote:
Dear all,
Using FB 6.0, FR 1.0.5 (will upgrade soon)
I've problem with timeout...
I've set in users file as below in order to load timeout value depending on
type of connection (ISDN/PSTN)
DEFAULT NAS-Port-Type == "Sync", Autz-Type := DIALUP,
Auth-Type := DIALUP
Session-Timeout =
`%{exec:/usr/local/etc/raddb/timeout.pl %U ISDN}`
DEFAULT NAS-Port-Type == "Async", Autz-Type := DIALUP,
Auth-Type := DIALUP
Session-Timeout =
`%{exec:/usr/local/etc/raddb/timeout.pl %U PSTN}`value
The problem is when "Session-Timeout =0", normally happen when script cannot
load value... it will NOT timeout... user till can get connect until manually
disconnect...
I think that some access servers cannot handle session-timeout values which are
very low or zero. In any case if session-timeout is zero you re better off
sending an access-reject anyway.
I would suggest moving the script to rlm_perl and just return REJECT in case you
cannot find a correct value. And also try not sending a session-timeout value
which is lower than 60 secs.
Below is the debug log...
Login OK: [integ36] (from client INFRANETTEST port 300 cli )
Sending Access-Accept of id 111 to 10.1.1.1:1645
Session-Timeout = 0
Framed-Compression = Van-Jacobson-TCP-IP
Framed-MTU = 1500
Framed-Protocol = PPP
Service-Type = Framed-User
Finished request 89
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host 10.1.1.1:1646, id=97,
length=131
Acct-Session-Id = "00AE"
Framed-Protocol = PPP
User-Name = "integ36"
Acct-Authentic = RADIUS
Acct-Status-Type = Start
Calling-Station-Id = ""
Called-Station-Id = "2426"
NAS-Port-Type = Async
Connect-Info = "50667/24000 V90/V44/LAPM"
NAS-Port = 300
Service-Type = Framed-User
NAS-IP-Address = 10.1.1.1
Acct-Delay-Time = 0
.
.
.
.
rad_recv: Accounting-Request packet from host 10.1.1.1:1646, id=98,
length=173
Acct-Session-Id = "00AE"
Framed-Protocol = PPP
Framed-IP-Address = 10.1.1.3
User-Name = "integ36"
Acct-Authentic = RADIUS
Acct-Session-Time = 26
Acct-Input-Octets = 8110
Acct-Output-Octets = 4998
Acct-Input-Packets = 92
Acct-Output-Packets = 37
Acct-Terminate-Cause = User-Request
Acct-Status-Type = Stop
Calling-Station-Id = ""
Called-Station-Id = "2426"
NAS-Port-Type = Async
Connect-Info = "50667/24000 V90/V44/LAPM"
NAS-Port = 300
Service-Type = Framed-User
NAS-IP-Address = 10.1.1.1
Acct-Delay-Time = 0
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Zero Session-Timeout
Dear all,
Using FB 6.0, FR 1.0.5 (will upgrade soon)
I've problem with timeout...
I've set in users file as below in order to load timeout value depending on
type of connection (ISDN/PSTN)
DEFAULT NAS-Port-Type == "Sync", Autz-Type := DIALUP,
Auth-Type := DIALUP
Session-Timeout =
`%{exec:/usr/local/etc/raddb/timeout.pl %U ISDN}`
DEFAULT NAS-Port-Type == "Async", Autz-Type := DIALUP,
Auth-Type := DIALUP
Session-Timeout =
`%{exec:/usr/local/etc/raddb/timeout.pl %U PSTN}`value
The problem is when "Session-Timeout =0", normally happen when script cannot
load value... it will NOT timeout... user till can get connect until
manually disconnect...
Below is the debug log...
Login OK: [integ36] (from client INFRANETTEST port 300 cli )
Sending Access-Accept of id 111 to 10.1.1.1:1645
Session-Timeout = 0
Framed-Compression = Van-Jacobson-TCP-IP
Framed-MTU = 1500
Framed-Protocol = PPP
Service-Type = Framed-User
Finished request 89
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host 10.1.1.1:1646, id=97,
length=131
Acct-Session-Id = "00AE"
Framed-Protocol = PPP
User-Name = "integ36"
Acct-Authentic = RADIUS
Acct-Status-Type = Start
Calling-Station-Id = ""
Called-Station-Id = "2426"
NAS-Port-Type = Async
Connect-Info = "50667/24000 V90/V44/LAPM"
NAS-Port = 300
Service-Type = Framed-User
NAS-IP-Address = 10.1.1.1
Acct-Delay-Time = 0
.
.
.
.
rad_recv: Accounting-Request packet from host 10.1.1.1:1646, id=98,
length=173
Acct-Session-Id = "00AE"
Framed-Protocol = PPP
Framed-IP-Address = 10.1.1.3
User-Name = "integ36"
Acct-Authentic = RADIUS
Acct-Session-Time = 26
Acct-Input-Octets = 8110
Acct-Output-Octets = 4998
Acct-Input-Packets = 92
Acct-Output-Packets = 37
Acct-Terminate-Cause = User-Request
Acct-Status-Type = Stop
Calling-Station-Id = ""
Called-Station-Id = "2426"
NAS-Port-Type = Async
Connect-Info = "50667/24000 V90/V44/LAPM"
NAS-Port = 300
Service-Type = Framed-User
NAS-IP-Address = 10.1.1.1
Acct-Delay-Time = 0
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
