Re: Zero Session-Timeout
Thanks for the suggestion.. the rlm_perl works.!!. to load session-time value.. But if no value found... as configured in perl script.. if (!$timeoutvalue){ return RLM_MODULE_REJECT; } it will not reject the user user will just has NO Session-Timeout.. --haizam - Original Message - From: "Kostas Kalevras" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Sent: Tuesday, May 30, 2006 7:19 PM Subject: Re: Zero Session-Timeout On Tue, 30 May 2006, Rohaizam Abu Bakar wrote: Dear all, Using FB 6.0, FR 1.0.5 (will upgrade soon) I've problem with timeout... I've set in users file as below in order to load timeout value depending on type of connection (ISDN/PSTN) DEFAULT NAS-Port-Type == "Sync", Autz-Type := DIALUP, Auth-Type := DIALUP Session-Timeout = `%{exec:/usr/local/etc/raddb/timeout.pl %U ISDN}` DEFAULT NAS-Port-Type == "Async", Autz-Type := DIALUP, Auth-Type := DIALUP Session-Timeout = `%{exec:/usr/local/etc/raddb/timeout.pl %U PSTN}`value The problem is when "Session-Timeout =0", normally happen when script cannot load value... it will NOT timeout... user till can get connect until manually disconnect... I think that some access servers cannot handle session-timeout values which are very low or zero. In any case if session-timeout is zero you re better off sending an access-reject anyway. I would suggest moving the script to rlm_perl and just return REJECT in case you cannot find a correct value. And also try not sending a session-timeout value which is lower than 60 secs. Below is the debug log... Login OK: [integ36] (from client INFRANETTEST port 300 cli ) Sending Access-Accept of id 111 to 10.1.1.1:1645 Session-Timeout = 0 Framed-Compression = Van-Jacobson-TCP-IP Framed-MTU = 1500 Framed-Protocol = PPP Service-Type = Framed-User Finished request 89 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Accounting-Request packet from host 10.1.1.1:1646, id=97, length=131 Acct-Session-Id = "00AE" Framed-Protocol = PPP User-Name = "integ36" Acct-Authentic = RADIUS Acct-Status-Type = Start Calling-Station-Id = "" Called-Station-Id = "2426" NAS-Port-Type = Async Connect-Info = "50667/24000 V90/V44/LAPM" NAS-Port = 300 Service-Type = Framed-User NAS-IP-Address = 10.1.1.1 Acct-Delay-Time = 0 . . . . rad_recv: Accounting-Request packet from host 10.1.1.1:1646, id=98, length=173 Acct-Session-Id = "00AE" Framed-Protocol = PPP Framed-IP-Address = 10.1.1.3 User-Name = "integ36" Acct-Authentic = RADIUS Acct-Session-Time = 26 Acct-Input-Octets = 8110 Acct-Output-Octets = 4998 Acct-Input-Packets = 92 Acct-Output-Packets = 37 Acct-Terminate-Cause = User-Request Acct-Status-Type = Stop Calling-Station-Id = "" Called-Station-Id = "2426" NAS-Port-Type = Async Connect-Info = "50667/24000 V90/V44/LAPM" NAS-Port = 300 Service-Type = Framed-User NAS-IP-Address = 10.1.1.1 Acct-Delay-Time = 0 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Zero Session-Timeout
On Tue, 30 May 2006, Rohaizam Abu Bakar wrote: Dear all, Using FB 6.0, FR 1.0.5 (will upgrade soon) I've problem with timeout... I've set in users file as below in order to load timeout value depending on type of connection (ISDN/PSTN) DEFAULT NAS-Port-Type == "Sync", Autz-Type := DIALUP, Auth-Type := DIALUP Session-Timeout = `%{exec:/usr/local/etc/raddb/timeout.pl %U ISDN}` DEFAULT NAS-Port-Type == "Async", Autz-Type := DIALUP, Auth-Type := DIALUP Session-Timeout = `%{exec:/usr/local/etc/raddb/timeout.pl %U PSTN}`value The problem is when "Session-Timeout =0", normally happen when script cannot load value... it will NOT timeout... user till can get connect until manually disconnect... I think that some access servers cannot handle session-timeout values which are very low or zero. In any case if session-timeout is zero you re better off sending an access-reject anyway. I would suggest moving the script to rlm_perl and just return REJECT in case you cannot find a correct value. And also try not sending a session-timeout value which is lower than 60 secs. Below is the debug log... Login OK: [integ36] (from client INFRANETTEST port 300 cli ) Sending Access-Accept of id 111 to 10.1.1.1:1645 Session-Timeout = 0 Framed-Compression = Van-Jacobson-TCP-IP Framed-MTU = 1500 Framed-Protocol = PPP Service-Type = Framed-User Finished request 89 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Accounting-Request packet from host 10.1.1.1:1646, id=97, length=131 Acct-Session-Id = "00AE" Framed-Protocol = PPP User-Name = "integ36" Acct-Authentic = RADIUS Acct-Status-Type = Start Calling-Station-Id = "" Called-Station-Id = "2426" NAS-Port-Type = Async Connect-Info = "50667/24000 V90/V44/LAPM" NAS-Port = 300 Service-Type = Framed-User NAS-IP-Address = 10.1.1.1 Acct-Delay-Time = 0 . . . . rad_recv: Accounting-Request packet from host 10.1.1.1:1646, id=98, length=173 Acct-Session-Id = "00AE" Framed-Protocol = PPP Framed-IP-Address = 10.1.1.3 User-Name = "integ36" Acct-Authentic = RADIUS Acct-Session-Time = 26 Acct-Input-Octets = 8110 Acct-Output-Octets = 4998 Acct-Input-Packets = 92 Acct-Output-Packets = 37 Acct-Terminate-Cause = User-Request Acct-Status-Type = Stop Calling-Station-Id = "" Called-Station-Id = "2426" NAS-Port-Type = Async Connect-Info = "50667/24000 V90/V44/LAPM" NAS-Port = 300 Service-Type = Framed-User NAS-IP-Address = 10.1.1.1 Acct-Delay-Time = 0 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Zero Session-Timeout
Dear all, Using FB 6.0, FR 1.0.5 (will upgrade soon) I've problem with timeout... I've set in users file as below in order to load timeout value depending on type of connection (ISDN/PSTN) DEFAULT NAS-Port-Type == "Sync", Autz-Type := DIALUP, Auth-Type := DIALUP Session-Timeout = `%{exec:/usr/local/etc/raddb/timeout.pl %U ISDN}` DEFAULT NAS-Port-Type == "Async", Autz-Type := DIALUP, Auth-Type := DIALUP Session-Timeout = `%{exec:/usr/local/etc/raddb/timeout.pl %U PSTN}`value The problem is when "Session-Timeout =0", normally happen when script cannot load value... it will NOT timeout... user till can get connect until manually disconnect... Below is the debug log... Login OK: [integ36] (from client INFRANETTEST port 300 cli ) Sending Access-Accept of id 111 to 10.1.1.1:1645 Session-Timeout = 0 Framed-Compression = Van-Jacobson-TCP-IP Framed-MTU = 1500 Framed-Protocol = PPP Service-Type = Framed-User Finished request 89 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Accounting-Request packet from host 10.1.1.1:1646, id=97, length=131 Acct-Session-Id = "00AE" Framed-Protocol = PPP User-Name = "integ36" Acct-Authentic = RADIUS Acct-Status-Type = Start Calling-Station-Id = "" Called-Station-Id = "2426" NAS-Port-Type = Async Connect-Info = "50667/24000 V90/V44/LAPM" NAS-Port = 300 Service-Type = Framed-User NAS-IP-Address = 10.1.1.1 Acct-Delay-Time = 0 . . . . rad_recv: Accounting-Request packet from host 10.1.1.1:1646, id=98, length=173 Acct-Session-Id = "00AE" Framed-Protocol = PPP Framed-IP-Address = 10.1.1.3 User-Name = "integ36" Acct-Authentic = RADIUS Acct-Session-Time = 26 Acct-Input-Octets = 8110 Acct-Output-Octets = 4998 Acct-Input-Packets = 92 Acct-Output-Packets = 37 Acct-Terminate-Cause = User-Request Acct-Status-Type = Stop Calling-Station-Id = "" Called-Station-Id = "2426" NAS-Port-Type = Async Connect-Info = "50667/24000 V90/V44/LAPM" NAS-Port = 300 Service-Type = Framed-User NAS-IP-Address = 10.1.1.1 Acct-Delay-Time = 0 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html