On 10/15/2013 05:47 PM, Francesc Romà i Frigolé wrote:
> When the total session time used for the day as given by the
> AcctTotalSinceQuery is exactly the same as Max-Daily-Session in the
> authentication request Radiator allows the user to log in.
>
> Only if the session time exceed the max daily session, even by just one
> second, will Radiator complain about max session exceeded.
I would need to see your configuration to say what happens exactly, but
most likely this can happen. If the amount of used seconds is 86400,
this does not *exceed* one day, yet.
> Is this the correct behaviour? I'd expect also to get a session exceeded
> error when AcctTotalSinceQuery == Max-Daily-Session.
I think it currently does work as documented ' ... If it is exceeded,
the user is rejected. ...' says the reference manual for Max-Daily-Session.
> This behaviour is causing issues for us because Radiator is returning
> an authentication "accept" with a zero session time, which Mikrotik
> RouterOS hotspotl interprets as infinite session length, rather than a
> session exceeded error.
I can see that returning Session-Timeout of 0 with Access-Accept will
cause problems in your case. The RADIUS RFC is silent about 0 being a
special value, but it appears there are other implementations too which
consider 0 to mean inifinity.
> Is this a bug or there is something wrong with my settings?
Maybe this is a gray area? You could consider e.g., a PostAuthHook to
see if Session-Timeout is going to be 0 and then switch the result to
reject. Might even be a good time to reject sessions that have only a
few seconds left?
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator