Re: [RADIATOR] Idle timeout issue
Thanks Michael, I will try that and see if it goes. Cheers, Jennings -Original Message- From: Michael [mailto:ri...@vianet.ca] Sent: Thursday, 19 April 2012 2:57 PM To: Jennings Tuala Cc: Mike Puchol; radiator@open.com.au Subject: Re: [RADIATOR] Idle timeout issue maybe need Idle-Timeout = 0 in your authentication accept reply packet? eg. AddToReplyIfNotExist Idle-Timeout = 0 On 12-04-18 09:24 PM, Jennings Tuala wrote: > Hi Mike, > > I have tried again this time with laptop on continuously, not going to sleep and it still cuts out the connection. I have pasted my radius.cfg for your perusal. > > LogDir /var/log/radius > > DbDir /etc/radiator > > # Use a low trace level in production systems. Increase > > # it to 4 or 5 for debugging, or use the -trace flag to radiusd > > Trace 4 > > AuthPort 1812 > > AcctPort 1813 > > # You will probably want to add other Clients to suit your site, > > # one for each NAS you want to work with > > > > Secret xxx > > DupInterval 0 > > > > > > Secret xxx > > AuthPort 1182 > > AcctPort 1183 > > DupInterval 0 > > > > > > DBSource dbi:mysql:bluezone > > DBUsername root > > DBAuth xxxyyyzzz > > AddQuery insert into SUBSCRIBERS (USERNAME, \ > > NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, \ > > FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE, DNIS) > > values ('%n', '%N', \ > > %{NAS-Port}, �%{Acct-Session-Id}�, %{Timestamp},\ > > �%{Framed-IP-Address}�, �%{NAS-Port-Type}�, \ > > �%{Service-Type}�, �%{Called-Station-Id}�) > > > > > > > > DBSource dbi:mysql:bluezone > > DBUsername root > > DBAuth xxxyyyzzz > > # Only one Session per user at a time > > DefaultSimultaneousUse 1 > > # Let the user IN if they have any time left, set > > # the Session-Timeout to the time left > > AuthSelect select PASSWORD, SESSIONTIMEOUT from SUBSCRIBERS where USERNAME=%0 and SESSIONTIMEOUT > 0 > > AuthColumnDef 0, User-Password, check > > AuthColumnDef 1, Session-Timeout, reply > > # Adjust the time left when they log out > > AccountingStopsOnly > > AcctSQLStatement update SUBSCRIBERS set SESSIONTIMEOUT=SESSIONTIMEOUT-0%{Acct-Session-Time} where USERNAME='%n' > > AccountingTable SUBSCRIBERS > > > > > > Thanks and look forward to your response. > > Cheers, > > Jennings > > *From:*Mike Puchol [mailto:puc...@me.com <mailto:puc...@me.com>] > *Sent:* Saturday, 14 April 2012 2:42 AM > *To:* Jennings Tuala > *Cc:* radiator@open.com.au <mailto:radiator@open.com.au> > *Subject:* Re: [RADIATOR] Idle timeout issue > > Acct terminate cause is User-Request, meaning the hotspot received a session end instruction from the device, eg. logoff URL, or a disassociation which the hotspot translates as User-Request (eg. laptop going to sleep). There is no Session-Timeout or Idle-Timeout in the logs that would correspond to what you describe. > > > On Apr 13, 2012, at 3:26 PM, Jennings Tuala mailto:jtu...@blueskysamoa.com>> wrote: > > Hi there, > > I�m having some issues with idle timeouts in radiator. Users are suddenly being disconnected after say 25 minutes of inactivity. This never used to happen before so I attached a trace 4 debug for you to have a look at. Would greatly appreciate your assistance please. > > Thanks, > > Jay > > Tue Apr 10 15:48:32 2012: DEBUG: Packet dump: > > *** Received from 110.5.112.85 port 32817 > > Code: Access-Request > > Identifier: 29 > > Authentic: <137><202><239><165><163>W<22><229>Xfg<168>&<144><174><216> > > Attributes: > > User-Name = "6100510" > > User-Password = @[<4>=<161><221><154>u<141><0><143><5><1><165>_<250> > > NAS-IP-Address = 110.5.112.85 > > Service-Type = Login-User > > Framed-IP-Addre
Re: [RADIATOR] Idle timeout issue
maybe need Idle-Timeout = 0 in your authentication accept reply packet? eg. AddToReplyIfNotExist Idle-Timeout = 0 On 12-04-18 09:24 PM, Jennings Tuala wrote: > Hi Mike, > > I have tried again this time with laptop on continuously, not going to sleep > and it still cuts out the connection. I have pasted my radius.cfg for your > perusal. > > LogDir /var/log/radius > > DbDir /etc/radiator > > # Use a low trace level in production systems. Increase > > # it to 4 or 5 for debugging, or use the -trace flag to radiusd > > Trace 4 > > AuthPort 1812 > > AcctPort 1813 > > # You will probably want to add other Clients to suit your site, > > # one for each NAS you want to work with > > > > Secret xxx > > DupInterval 0 > > > > > > Secret xxx > > AuthPort 1182 > > AcctPort 1183 > > DupInterval 0 > > > > > > DBSource dbi:mysql:bluezone > > DBUsername root > > DBAuth xxxyyyzzz > > AddQuery insert into SUBSCRIBERS (USERNAME, \ > > NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, \ > > FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE, DNIS) > > values ('%n', '%N', \ > > %{NAS-Port}, �%{Acct-Session-Id}�, %{Timestamp},\ > > �%{Framed-IP-Address}�, �%{NAS-Port-Type}�, \ > > �%{Service-Type}�, �%{Called-Station-Id}�) > > > > > > > > DBSource dbi:mysql:bluezone > > DBUsername root > > DBAuth xxxyyyzzz > > # Only one Session per user at a time > > DefaultSimultaneousUse 1 > > # Let the user IN if they have any time > left, set > > # the Session-Timeout to the time left > > AuthSelect select PASSWORD, SESSIONTIMEOUT > from SUBSCRIBERS where USERNAME=%0 and SESSIONTIMEOUT > 0 > > AuthColumnDef 0, User-Password, check > > AuthColumnDef 1, Session-Timeout, reply > > # Adjust the time left when they log out > > AccountingStopsOnly > > AcctSQLStatement update SUBSCRIBERS set > SESSIONTIMEOUT=SESSIONTIMEOUT-0%{Acct-Session-Time} where USERNAME='%n' > > AccountingTable SUBSCRIBERS > > > > > > Thanks and look forward to your response. > > Cheers, > > Jennings > > *From:*Mike Puchol [mailto:puc...@me.com <mailto:puc...@me.com>] > *Sent:* Saturday, 14 April 2012 2:42 AM > *To:* Jennings Tuala > *Cc:* radiator@open.com.au <mailto:radiator@open.com.au> > *Subject:* Re: [RADIATOR] Idle timeout issue > > Acct terminate cause is User-Request, meaning the hotspot received a session > end instruction from the device, eg. logoff URL, or a disassociation which > the hotspot translates as User-Request (eg. laptop going to sleep). There is > no Session-Timeout or Idle-Timeout in the logs that would correspond to what > you describe. > > > On Apr 13, 2012, at 3:26 PM, Jennings Tuala <mailto:jtu...@blueskysamoa.com>> wrote: > > Hi there, > > I’m having some issues with idle timeouts in radiator. Users are suddenly > being disconnected after say 25 minutes of inactivity. This never used to > happen before so I attached a trace 4 debug for you to have a look at. Would > greatly appreciate your assistance please. > > Thanks, > > Jay > > Tue Apr 10 15:48:32 2012: DEBUG: Packet dump: > > *** Received from 110.5.112.85 port 32817 > > Code: Access-Request > > Identifier: 29 > > Authentic: <137><202><239><165><163>W<22><229>Xfg<168>&<144><174><216> > > Attributes: > > User-Name = "6100510" > > User-Password = > @[<4>=<161><221><154>u<141><0><143><5><1><165>_<250> > > NAS-IP-Address = 110.5.112.85 > > Service-Type = Login-User > > Framed-IP-Address = 10.17.4.212 > > Called-Station-Id = "00:90:0B:05:6B:14" > > Calling-Station-Id = "38:59:f9:80:c8:5d" > &
Re: [RADIATOR] Idle timeout issue
Hi Mike, I have tried again this time with laptop on continuously, not going to sleep and it still cuts out the connection. I have pasted my radius.cfg for your perusal. LogDir /var/log/radius DbDir /etc/radiator # Use a low trace level in production systems. Increase # it to 4 or 5 for debugging, or use the -trace flag to radiusd Trace 4 AuthPort 1812 AcctPort 1813 # You will probably want to add other Clients to suit your site, # one for each NAS you want to work with Secret xxx DupInterval 0 Secret xxx AuthPort 1182 AcctPort 1183 DupInterval 0 DBSource dbi:mysql:bluezone DBUsername root DBAuth xxxyyyzzz AddQuery insert into SUBSCRIBERS (USERNAME, \ NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, \ FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE, DNIS) values ('%n', '%N', \ %{NAS-Port}, �%{Acct-Session-Id}�, %{Timestamp},\ �%{Framed-IP-Address}�, �%{NAS-Port-Type}�, \ �%{Service-Type}�, �%{Called-Station-Id}�) DBSource dbi:mysql:bluezone DBUsername root DBAuth xxxyyyzzz # Only one Session per user at a time DefaultSimultaneousUse 1 # Let the user IN if they have any time left, set # the Session-Timeout to the time left AuthSelect select PASSWORD, SESSIONTIMEOUT from SUBSCRIBERS where USERNAME=%0 and SESSIONTIMEOUT > 0 AuthColumnDef 0, User-Password, check AuthColumnDef 1, Session-Timeout, reply # Adjust the time left when they log out AccountingStopsOnly AcctSQLStatement update SUBSCRIBERS set SESSIONTIMEOUT=SESSIONTIMEOUT-0%{Acct-Session-Time} where USERNAME='%n' AccountingTable SUBSCRIBERS Thanks and look forward to your response. Cheers, Jennings *From:* Mike Puchol [mailto:puc...@me.com] *Sent:* Saturday, 14 April 2012 2:42 AM *To:* Jennings Tuala *Cc:* radiator@open.com.au *Subject:* Re: [RADIATOR] Idle timeout issue Acct terminate cause is User-Request, meaning the hotspot received a session end instruction from the device, eg. logoff URL, or a disassociation which the hotspot translates as User-Request (eg. laptop going to sleep). There is no Session-Timeout or Idle-Timeout in the logs that would correspond to what you describe. On Apr 13, 2012, at 3:26 PM, Jennings Tuala wrote: Hi there, I’m having some issues with idle timeouts in radiator. Users are suddenly being disconnected after say 25 minutes of inactivity. This never used to happen before so I attached a trace 4 debug for you to have a look at. Would greatly appreciate your assistance please. Thanks, Jay Tue Apr 10 15:48:32 2012: DEBUG: Packet dump: *** Received from 110.5.112.85 port 32817 Code: Access-Request Identifier: 29 Authentic: <137><202><239><165><163>W<22><229>Xfg<168>&<144><174><216> Attributes: User-Name = "6100510" User-Password = @[<4>=<161><221><154>u<141><0><143><5><1><165>_<250> NAS-IP-Address = 110.5.112.85 Service-Type = Login-User Framed-IP-Address = 10.17.4.212 Called-Station-Id = "00:90:0B:05:6B:14" Calling-Station-Id = "38:59:f9:80:c8:5d" NAS-Identifier = "110.5.112.85" Acct-Session-Id = "00:90:0B:05:6B:14:13341172017" NAS-Port-Type = Wireless-IEEE-802-11 Tue Apr 10 15:48:32 2012: DEBUG: Handling request with Handler '', Identifier '' Tue Apr 10 15:48:32 2012: DEBUG: Deleting session for 6100510, 110.5.112.85, Tue Apr 10 15:48:32 2012: DEBUG: do query is: 'delete from RADONLINE where NASIDENTIFIER='110.5.112.85' and NASPORT=0': Tue Apr 10 15:48:32 2012: DEBUG: Handling with Radius::AuthSQL: Tue Apr 10 15:48:32 2012: DEBUG: Handling with Radius::AuthSQL: Tue Apr 10 15:48:32 2012: DEBUG: Query is: 'select PASSWORD, SESSIONTIMEOUT from SUBSCRIBERS where USERNAME='6100510' and SESSIONTIMEOUT > 0': Tue Apr 10 15:48:32 2012: DEBUG: Radius::AuthSQL looks for match with 6100510 [6100510] Tue Apr 10 15:48:32 2012: DEBUG: Radius::AuthSQL ACCEPT: : 6100510 [6100510] Tue Apr 10 15:48:32 2012: DEBUG: AuthBy SQL result: ACCEPT, Tue Apr 10 15:48:32 2012
Re: [RADIATOR] Idle timeout issue
On 04/13/2012 05:04 PM, Jennings Tuala wrote: > This never used to happen before. Prior to this issue, all sessions > would run continuously for the entire provisioned time (which was what > we wanted). Eg. A 2 hour pass would have a 2 hour continuous session > until it ran out, regardless of whether the laptop went into sleep > mode/shutdown/rebooted…etc. I think when the above happens, the NAS (WLAN controller/hotspot or other device) will in practice always disconnect the user and send Accounting-Request with Acct-Status-Type = Stop. > This issue just cropped up recently. I read somewhere that the mysql > database might be sending a kill switch but I’m not sure as I’m a mysql > novice. I have however checked my database and can’t see anything > regarding idle timeout or session timeout, but then again, I could be > looking in the wrong place. L There is a possibility to disconnect user with RADIUS, see http://tools.ietf.org/html/rfc5176 for more. However, this must be configured and done with radpwtst (or similar tool) or from a Hook from Radiator. So you would definitely know if this is happening. In my opinion the Accounting stops you see is what normally happens when a users leaves the network (client shutdown, reboot, sleep, etc.). > Really appreciate your help and response as this is an issue I would > love to solve before we launch our hotspot service. See goodies/blocktime.txt for an option. The idea is to use accounting stops to subtract from time available for the user. When the users logs in again, the returned Sesstion-Timeout reflects what's currently left. Note: if you want to try this, add 'HandleAcctStatusTypes Stop' to the AuthBy to make sure possible accounting alives are not processed here. Thanks! Heikki -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Idle timeout issue
Hi Mike, This never used to happen before. Prior to this issue, all sessions would run continuously for the entire provisioned time (which was what we wanted). Eg. A 2 hour pass would have a 2 hour continuous session until it ran out, regardless of whether the laptop went into sleep mode/shutdown/rebooted…etc. This issue just cropped up recently. I read somewhere that the mysql database might be sending a kill switch but I’m not sure as I’m a mysql novice. I have however checked my database and can’t see anything regarding idle timeout or session timeout, but then again, I could be looking in the wrong place. L Really appreciate your help and response as this is an issue I would love to solve before we launch our hotspot service. Best regards, Jay *From:* Mike Puchol [mailto:puc...@me.com] *Sent:* Saturday, 14 April 2012 2:42 AM *To:* Jennings Tuala *Cc:* radiator@open.com.au *Subject:* Re: [RADIATOR] Idle timeout issue Acct terminate cause is User-Request, meaning the hotspot received a session end instruction from the device, eg. logoff URL, or a disassociation which the hotspot translates as User-Request (eg. laptop going to sleep). There is no Session-Timeout or Idle-Timeout in the logs that would correspond to what you describe. On Apr 13, 2012, at 3:26 PM, Jennings Tuala wrote: Hi there, I’m having some issues with idle timeouts in radiator. Users are suddenly being disconnected after say 25 minutes of inactivity. This never used to happen before so I attached a trace 4 debug for you to have a look at. Would greatly appreciate your assistance please. Thanks, Jay Tue Apr 10 15:48:32 2012: DEBUG: Packet dump: *** Received from 110.5.112.85 port 32817 Code: Access-Request Identifier: 29 Authentic: <137><202><239><165><163>W<22><229>Xfg<168>&<144><174><216> Attributes: User-Name = "6100510" User-Password = @[<4>=<161><221><154>u<141><0><143><5><1><165>_<250> NAS-IP-Address = 110.5.112.85 Service-Type = Login-User Framed-IP-Address = 10.17.4.212 Called-Station-Id = "00:90:0B:05:6B:14" Calling-Station-Id = "38:59:f9:80:c8:5d" NAS-Identifier = "110.5.112.85" Acct-Session-Id = "00:90:0B:05:6B:14:13341172017" NAS-Port-Type = Wireless-IEEE-802-11 Tue Apr 10 15:48:32 2012: DEBUG: Handling request with Handler '', Identifier '' Tue Apr 10 15:48:32 2012: DEBUG: Deleting session for 6100510, 110.5.112.85, Tue Apr 10 15:48:32 2012: DEBUG: do query is: 'delete from RADONLINE where NASIDENTIFIER='110.5.112.85' and NASPORT=0': Tue Apr 10 15:48:32 2012: DEBUG: Handling with Radius::AuthSQL: Tue Apr 10 15:48:32 2012: DEBUG: Handling with Radius::AuthSQL: Tue Apr 10 15:48:32 2012: DEBUG: Query is: 'select PASSWORD, SESSIONTIMEOUT from SUBSCRIBERS where USERNAME='6100510' and SESSIONTIMEOUT > 0': Tue Apr 10 15:48:32 2012: DEBUG: Radius::AuthSQL looks for match with 6100510 [6100510] Tue Apr 10 15:48:32 2012: DEBUG: Radius::AuthSQL ACCEPT: : 6100510 [6100510] Tue Apr 10 15:48:32 2012: DEBUG: AuthBy SQL result: ACCEPT, Tue Apr 10 15:48:32 2012: DEBUG: Access accepted for 6100510 Tue Apr 10 15:48:32 2012: DEBUG: Packet dump: *** Sending to 110.5.112.85 port 32817 Code: Access-Accept Identifier: 29 Authentic: <253>;<226>m<181>{}V<28><250><198><209><179><151><176><224> Attributes: Session-Timeout = 86400 Tue Apr 10 15:48:32 2012: DEBUG: Packet dump: *** Received from 110.5.112.85 port 32817 Code: Accounting-Request Identifier: 30 Authentic: {<211>=c;_<160><152>Z<132><22><10>RE<253><3> Attributes: User-Name = "6100510" Acct-Status-Type = Start Acct-Session-Id = "00:90:0B:05:6B:14:13341172017" Acct-Authentic = Local NAS-Identifier = "110.5.112.85" NAS-IP-Address = 110.5.112.85 Calling-Station-Id = "38:59:f9:80:c8:5d" Called-Station-Id = "00:90:0B:05:6B:14" Framed-IP-Address = 10.17.4.212 NAS-Port-Type = Wireless-IEEE-802-11 Tue Apr 10 15:48:32 2012: DEBUG: Handling request with Handler '', Identifier '' Tue Apr 10 15:48:32 2012: DEBUG: Adding session for 6100510, 110.5.112.85, Tue Apr 10 15:48:32 2012: DEBUG: do query is: 'delete from RADONLINE where NASIDENTIFIER='110.5.112.85' and NASPORT=00': Tue Apr 10 15:48:32 2012: DEBUG: do query is: 'insert into SUBSCRIBERS (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE, DN
Re: [RADIATOR] Idle timeout issue
Acct terminate cause is User-Request, meaning the hotspot received a session end instruction from the device, eg. logoff URL, or a disassociation which the hotspot translates as User-Request (eg. laptop going to sleep). There is no Session-Timeout or Idle-Timeout in the logs that would correspond to what you describe. On Apr 13, 2012, at 3:26 PM, Jennings Tuala wrote: > Hi there, > > I’m having some issues with idle timeouts in radiator. Users are suddenly > being disconnected after say 25 minutes of inactivity. This never used to > happen before so I attached a trace 4 debug for you to have a look at. Would > greatly appreciate your assistance please. > > Thanks, > Jay > > > Tue Apr 10 15:48:32 2012: DEBUG: Packet dump: > *** Received from 110.5.112.85 port 32817 > Code: Access-Request > Identifier: 29 > Authentic: <137><202><239><165><163>W<22><229>Xfg<168>&<144><174><216> > Attributes: > User-Name = "6100510" > User-Password = @[<4>=<161><221><154>u<141><0><143><5><1><165>_<250> > NAS-IP-Address = 110.5.112.85 > Service-Type = Login-User > Framed-IP-Address = 10.17.4.212 > Called-Station-Id = "00:90:0B:05:6B:14" > Calling-Station-Id = "38:59:f9:80:c8:5d" > NAS-Identifier = "110.5.112.85" > Acct-Session-Id = "00:90:0B:05:6B:14:13341172017" > NAS-Port-Type = Wireless-IEEE-802-11 > > Tue Apr 10 15:48:32 2012: DEBUG: Handling request with Handler '', Identifier > '' > Tue Apr 10 15:48:32 2012: DEBUG: Deleting session for 6100510, 110.5.112.85, > Tue Apr 10 15:48:32 2012: DEBUG: do query is: 'delete from RADONLINE where > NASIDENTIFIER='110.5.112.85' and NASPORT=0': > Tue Apr 10 15:48:32 2012: DEBUG: Handling with Radius::AuthSQL: > Tue Apr 10 15:48:32 2012: DEBUG: Handling with Radius::AuthSQL: > Tue Apr 10 15:48:32 2012: DEBUG: Query is: 'select PASSWORD, SESSIONTIMEOUT > from SUBSCRIBERS where USERNAME='6100510' and SESSIONTIMEOUT > 0': > Tue Apr 10 15:48:32 2012: DEBUG: Radius::AuthSQL looks for match with 6100510 > [6100510] > Tue Apr 10 15:48:32 2012: DEBUG: Radius::AuthSQL ACCEPT: : 6100510 [6100510] > Tue Apr 10 15:48:32 2012: DEBUG: AuthBy SQL result: ACCEPT, > Tue Apr 10 15:48:32 2012: DEBUG: Access accepted for 6100510 > Tue Apr 10 15:48:32 2012: DEBUG: Packet dump: > *** Sending to 110.5.112.85 port 32817 > Code: Access-Accept > Identifier: 29 > Authentic: <253>;<226>m<181>{}V<28><250><198><209><179><151><176><224> > Attributes: > Session-Timeout = 86400 > > Tue Apr 10 15:48:32 2012: DEBUG: Packet dump: > *** Received from 110.5.112.85 port 32817 > Code: Accounting-Request > Identifier: 30 > Authentic: {<211>=c;_<160><152>Z<132><22><10>RE<253><3> > Attributes: > User-Name = "6100510" > Acct-Status-Type = Start > Acct-Session-Id = "00:90:0B:05:6B:14:13341172017" > Acct-Authentic = Local > NAS-Identifier = "110.5.112.85" > NAS-IP-Address = 110.5.112.85 > Calling-Station-Id = "38:59:f9:80:c8:5d" > Called-Station-Id = "00:90:0B:05:6B:14" > Framed-IP-Address = 10.17.4.212 > NAS-Port-Type = Wireless-IEEE-802-11 > > Tue Apr 10 15:48:32 2012: DEBUG: Handling request with Handler '', Identifier > '' > Tue Apr 10 15:48:32 2012: DEBUG: Adding session for 6100510, 110.5.112.85, > Tue Apr 10 15:48:32 2012: DEBUG: do query is: 'delete from RADONLINE where > NASIDENTIFIER='110.5.112.85' and NASPORT=00': > Tue Apr 10 15:48:32 2012: DEBUG: do query is: 'insert into SUBSCRIBERS > (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, > NASPORTTYPE, SERVICETYPE, DNIS)': > Tue Apr 10 15:48:32 2012: ERR: do failed for 'insert into SUBSCRIBERS > (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, > NASPORTTYPE, SERVICETYPE, DNIS)': You have an error in your SQL syntax; check > the manual that corresponds to your MySQL server version for the right > syntax to use near '' at line 1 > Tue Apr 10 15:48:32 2012: ERR: do failed for 'insert into SUBSCRIBERS > (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, > NASPORTTYPE, SERVICETYPE, DNIS)': You have an error in your SQL syntax; check > the manual that corresponds to your MySQL server version for the right > syntax to use near '' at line 1 > Tue Apr 10 15:48:32 2012: DEBUG: Handling with Radius::AuthSQL: > Tue Apr 10 15:48:32 2012: DEBUG: Handling accounting with Radius::AuthSQL > Tue Apr 10 15:48:32 2012: DEBUG: AuthBy SQL result: ACCEPT, > Tue Apr 10 15:48:32 2012: DEBUG: Accounting accepted > Tue Apr 10 15:48:32 2012: DEBUG: Packet dump: > *** Sending to 110.5.112.85 port 32817 > Code: Accounting-Response > Identifier: 30 > Authentic: <159><4>g<161><5>4,Pq<29><169>L<159><251><160><242> > Attributes: > > > > Tue Apr 10 16:14:18 2012: DEBUG: Packet dump: > *** Recei
[RADIATOR] Idle timeout issue
Hi there, I’m having some issues with idle timeouts in radiator. Users are suddenly being disconnected after say 25 minutes of inactivity. This never used to happen before so I attached a trace 4 debug for you to have a look at. Would greatly appreciate your assistance please. Thanks, Jay Tue Apr 10 15:48:32 2012: DEBUG: Packet dump: *** Received from 110.5.112.85 port 32817 Code: Access-Request Identifier: 29 Authentic: <137><202><239><165><163>W<22><229>Xfg<168>&<144><174><216> Attributes: User-Name = "6100510" User-Password = @[<4>=<161><221><154>u<141><0><143><5><1><165>_<250> NAS-IP-Address = 110.5.112.85 Service-Type = Login-User Framed-IP-Address = 10.17.4.212 Called-Station-Id = "00:90:0B:05:6B:14" Calling-Station-Id = "38:59:f9:80:c8:5d" NAS-Identifier = "110.5.112.85" Acct-Session-Id = "00:90:0B:05:6B:14:13341172017" NAS-Port-Type = Wireless-IEEE-802-11 Tue Apr 10 15:48:32 2012: DEBUG: Handling request with Handler '', Identifier '' Tue Apr 10 15:48:32 2012: DEBUG: Deleting session for 6100510, 110.5.112.85, Tue Apr 10 15:48:32 2012: DEBUG: do query is: 'delete from RADONLINE where NASIDENTIFIER='110.5.112.85' and NASPORT=0': Tue Apr 10 15:48:32 2012: DEBUG: Handling with Radius::AuthSQL: Tue Apr 10 15:48:32 2012: DEBUG: Handling with Radius::AuthSQL: Tue Apr 10 15:48:32 2012: DEBUG: Query is: 'select PASSWORD, SESSIONTIMEOUT from SUBSCRIBERS where USERNAME='6100510' and SESSIONTIMEOUT > 0': Tue Apr 10 15:48:32 2012: DEBUG: Radius::AuthSQL looks for match with 6100510 [6100510] Tue Apr 10 15:48:32 2012: DEBUG: Radius::AuthSQL ACCEPT: : 6100510 [6100510] Tue Apr 10 15:48:32 2012: DEBUG: AuthBy SQL result: ACCEPT, Tue Apr 10 15:48:32 2012: DEBUG: Access accepted for 6100510 Tue Apr 10 15:48:32 2012: DEBUG: Packet dump: *** Sending to 110.5.112.85 port 32817 Code: Access-Accept Identifier: 29 Authentic: <253>;<226>m<181>{}V<28><250><198><209><179><151><176><224> Attributes: Session-Timeout = 86400 Tue Apr 10 15:48:32 2012: DEBUG: Packet dump: *** Received from 110.5.112.85 port 32817 Code: Accounting-Request Identifier: 30 Authentic: {<211>=c;_<160><152>Z<132><22><10>RE<253><3> Attributes: User-Name = "6100510" Acct-Status-Type = Start Acct-Session-Id = "00:90:0B:05:6B:14:13341172017" Acct-Authentic = Local NAS-Identifier = "110.5.112.85" NAS-IP-Address = 110.5.112.85 Calling-Station-Id = "38:59:f9:80:c8:5d" Called-Station-Id = "00:90:0B:05:6B:14" Framed-IP-Address = 10.17.4.212 NAS-Port-Type = Wireless-IEEE-802-11 Tue Apr 10 15:48:32 2012: DEBUG: Handling request with Handler '', Identifier '' Tue Apr 10 15:48:32 2012: DEBUG: Adding session for 6100510, 110.5.112.85, Tue Apr 10 15:48:32 2012: DEBUG: do query is: 'delete from RADONLINE where NASIDENTIFIER='110.5.112.85' and NASPORT=00': Tue Apr 10 15:48:32 2012: DEBUG: do query is: 'insert into SUBSCRIBERS (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE, DNIS)': Tue Apr 10 15:48:32 2012: ERR: do failed for 'insert into SUBSCRIBERS (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE, DNIS)': You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 Tue Apr 10 15:48:32 2012: ERR: do failed for 'insert into SUBSCRIBERS (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE, DNIS)': You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 Tue Apr 10 15:48:32 2012: DEBUG: Handling with Radius::AuthSQL: Tue Apr 10 15:48:32 2012: DEBUG: Handling accounting with Radius::AuthSQL Tue Apr 10 15:48:32 2012: DEBUG: AuthBy SQL result: ACCEPT, Tue Apr 10 15:48:32 2012: DEBUG: Accounting accepted Tue Apr 10 15:48:32 2012: DEBUG: Packet dump: *** Sending to 110.5.112.85 port 32817 Code: Accounting-Response Identifier: 30 Authentic: <159><4>g<161><5>4,Pq<29><169>L<159><251><160><242> Attributes: Tue Apr 10 16:14:18 2012: DEBUG: Packet dump: *** Received from 110.5.112.85 port 32817 Code: Accounting-Request Identifier: 29 Authentic: <153>3B}f<158><172>Pb<30><192><139><246><23>h<148> Attributes: User-Name = "6100510" Acct-Status-Type = Stop Acct-Session-Id = "00:90:0B:05:6B:14:13341172017" Acct-Authentic = RADIUS Acct-Session-Time = 1547 NAS-Identifier = "110.5.112.85" NAS-IP-Address = 110.5.112.85 Acct-Input-Octets = 1069902 Acct-Output-Octets = 93367 Acct-Input-Packets = 1017 Acct-Output-Packets = 1087
(RADIATOR) idle-timeout Cisco53/800 (offtopic?)
Hi, hope is not offtopic Maybe someone have problem with disconnect cause - Ascend-Disconnect-Cause = tsIdleTimeout, so cisco have default idle-timeout 120 sec. Below is how-to setup idle time-out on interface or enforce with radius atribute Idle-Timeout = 600. You can enforce idletime-out with somthing this AddToReply Service-Type = Framed-User, \ Framed-Protocol = PPP,\ Framed-IP-Netmask = 255.255.255.255,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP,\ Idle-Timeout = 600 David #---conf. on NAS interface Dialer1 # ISDN call !--- Configuration for rotary group 1. !--- The Dialer interface number (1) must exactly match rotary group number dialer in-band ! -- Enable this dialer interface to be a DDR interface. ! -- This is needed if you want to enforce the idle-timeout. dialer idle-timeout 300 ! -- Idle timeout for incoming calls is 300 seconds (5 minutes). ! -- Users that are idle for more than 300 seconds are dropped.! -- If dialer in-band is used and a dialer idle-timeout is not defined, then ! -- the default idle-timeout of 120 seconds!! (2 minutes) is applied. dialer-group 1 !--- Apply interesting traffic definition from dialer-list 1. ! -- Note: The specified dialer-group number must be the same as the ! -- dialer-list number; in this example, defined to be "1". #(conf t) dialer-list 1 protocol ip permit ! -- any ip trafic ! -- Interesting traffic is defined by dialer-list 1. ! -- This is applied to interface Dialer 1 using dialer-group 1. ! -- Note: The specified dialer-list number must be the same as the !-- dialer-group number interface Group-Async0 # Async call dialer in-band dialer idle-timeout 900 dialer-group 5 ! -- Interesting traffic definition is defined in dialer-list 5 below ! -- Note: The specified dialer-group number must be the same as the ! -- dialer-list number; in this example, defined to be "5". access-list 101 remark Interesting Traffic Definition to be used in dialer-list 5 access-list 101 deny eigrp any any access-list 101 permit ip any any dialer-list 5 protocol ip list 101 !-- Interesting traffic is defined by access-list 101. ::: Aliatel - Nejlepsi spojeni pro vas business - www.aliatel.cz ::: === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Idle-timeout
-- Forwarded Message -- Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from ["Levent Sarikaya" <[EMAIL PROTECTED]>] Date: Sun, 3 Mar 2002 00:15:02 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] >From [EMAIL PROTECTED] Sun Mar 3 00:15:02 2002 Received: from mailout1.de.colt.net (mailout1.DE.COLT.NET [212.121.128.14]) by server1.open.com.au (8.11.0/8.11.0) with SMTP id g236F1306100 for <[EMAIL PROTECTED]>; Sun, 3 Mar 2002 00:15:01 -0600 Received: (qmail 3901 invoked from network); 3 Mar 2002 07:47:12 - Received: from h-213.61.188.144.host.de.colt.net (HELO toaster) (213.61.188.144) by mailout1.de.colt.net with SMTP; 3 Mar 2002 07:47:12 - Message-ID: <002401c1c287$bb0190a0$[EMAIL PROTECTED]> From: "Levent Sarikaya" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> References: <001d01c1c21e$ccfaf210$[EMAIL PROTECTED]> Subject: Re: (RADIATOR) Idle-timeout Date: Sun, 3 Mar 2002 08:41:39 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_NextPart_000_001B_01C1C28F.3C4A51E0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600. X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600. This is a multi-part message in MIME format. --=_NextPart_000_001B_01C1C28F.3C4A51E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Messagemaybe an ascend prob: 1. try another attribute : ascend-idle-timeout=3D2 2. you can also define it on the the nas itself. FYI: ascend handles with idle timer special, if the user is using one = channel its only idle timer, if he is using two or more channels, = especially dynamic multilink, than the idle timer counts the second = channel not the first. solong.Levent - Original Message -=20 From: Anton Krall=20 To: [EMAIL PROTECTED]=20 Cc: [EMAIL PROTECTED]=20 Sent: Saturday, March 02, 2002 8:16 PM Subject: (RADIATOR) Idle-timeout Guys.. Im having problems with idle timeouts... can you give me your = opinions? here is hte info.. I have a user with this configuration: [EMAIL PROTECTED] Auth-Type =3D CheckUser-nasc Service-Type =3D Framed-User, Framed-Protocol =3D PPP, = Session-Timeout =3D 14400, Idle-Timeout =3D 2 so this user has to have a 2 second idle time right? well parameter are been passed to my MAX TNT without prlblems: *** Sending to 200.52.83.195 port 7011 Code: Access-Accept Identifier: 108 Authentic: = <234><8>L<172><9>R<145><175>G<175><21><180><221><160><165><143> Attributes: Service-Type =3D Framed-User Framed-Protocol =3D PPP Session-Timeout =3D 14400 Idle-Timeout =3D 2 Framed-IP-Address =3D 255.255.255.254 Port-Limit =3D 1 Framed-IP-Netmask =3D 255.255.255.255 Class =3D "52249/415375/10968796/41/NASC" but the user has been idle for more than that: SessionID Line/Chan Slot:Item Tx/Rx Rate Svc Address = Username ConnTime IdleTime Dialed#=20 377082653 1.04.03/023 1:09:81/000 54667/26400 MP 200.66.72.231 = [EMAIL PROTECTED] 0:04:590:03:2459856000 =20 1 active user(s) admin>=20 any ideas why the idletimeout is not working? Saludos Anton Krall Director de Tecnolog=EDa Inter.net M=E9xico / Panam=E1 Tel; 5241-7609 Directo=20 Tel: 5241-7600 Conmutador Celular: 0445-105-5160 Mobile ICQ: 4979450 email: [EMAIL PROTECTED] web: http://www.mx.inter.net Outside Mexico: Office: +52(555)241-7609 PBX: +52(555)241-7600 Mobile: +52(555)105-5160 --=_NextPart_000_001B_01C1C28F.3C4A51E0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Message maybe an ascend prob: 1. try another attribute :=20 ascend-idle-timeout=3D2 2. you can also define it on the the = nas=20 itself. FYI: ascend handles with idle timer = special, if the=20 user is using one channel its only idle timer, if he is using two or = more=20 channels, especially dynamic multilink, than the idle timer counts the = second=20 channel not the first. solong.Levent - Original Message - From:=20 mailto:[EMAIL PROTECTED]";>Anton=20 Krall To: mailto:[EMAIL PROTECTED]";>[EMAIL PROTECTED] Cc: mailto:[EMAIL PROTECTED]";>[EMAIL PROTECTED]= Sent: Saturday, March 02, 2002 = 8:16=20 PM Subject: (RADIATOR) = Idle-timeout Guys.. Im having=20 problems with idle timeouts... can you give me your=20 opinions? here is hte=20 info.. I have a user with this configuration: mailto:[EMAIL PROTECTED]";>[EMAIL PROTECTED] &nbs= p;=20 Auth-Type =3D = CheckUser-nasc =20
(RADIATOR) Idle-timeout
Title: Message Guys.. Im having problems with idle timeouts... can you give me your opinions? here is hte info.. I have a user with this configuration: [EMAIL PROTECTED] Auth-Type = CheckUser-nasc Service-Type = Framed-User, Framed-Protocol = PPP, Session-Timeout = 14400, Idle-Timeout = 2 so this user has to have a 2 second idle time right? well parameter are been passed to my MAX TNT without prlblems: *** Sending to 200.52.83.195 port 7011 Code: Access-AcceptIdentifier: 108Authentic: <234><8>L<172><9>R<145><175>G<175><21><180><221><160><165><143>Attributes: Service-Type = Framed-User Framed-Protocol = PPP Session-Timeout = 14400 Idle-Timeout = 2 Framed-IP-Address = 255.255.255.254 Port-Limit = 1 Framed-IP-Netmask = 255.255.255.255 Class = "52249/415375/10968796/41/NASC" but the user has been idle for more than that: SessionID Line/Chan Slot:Item Tx/Rx Rate Svc Address Username ConnTime IdleTime Dialed# 377082653 1.04.03/023 1:09:81/000 54667/26400 MP 200.66.72.231 [EMAIL PROTECTED] 0:04:59 0:03:24 59856000 1 active user(s)admin> any ideas why the idletimeout is not working? Saludos Anton KrallDirector de TecnologíaInter.net México / Panamá Tel; 5241-7609 Directo Tel: 5241-7600 Conmutador Celular: 0445-105-5160 Mobile ICQ: 4979450 email: [EMAIL PROTECTED] web: http://www.mx.inter.net Outside Mexico:Office: +52(555)241-7609PBX: +52(555)241-7600Mobile: +52(555)105-5160
Re: (RADIATOR) Idle-Timeout
Hello Mushtaque - This is a Cisco NAS issue - you should check with your vendor, or check the Cisco web site for details. regards Hugh On Tue, 25 Dec 2001 22:36, Muhammad Mushtaque wrote: > Hi all, > > I m using Cisco As5300. Session-out attribute is working fine ... but i > m not getting the desired result from Idle-Timeout ... this is user's > configuration in user's file ... > > > mushy User-Password = "mushy" > Service-Type = Framed-User, > Framed-Protocol = PPP, > Framed-Group = 0, > Session-Timeout = 900, > Idle-Timeout = 300 > > Is there any changes required in NAS also ... ?? > The user is getting Disconnected when session expires but not Idle time > expires ... > > waiting for replies ... > > regards, > > Muhammad Mushtaque > Network Operations > eWorld(Pvt)Ltd. > 506, Progressive Plaza, > Beaumont Road Civil Lines, > Karachi. > UAN:92-21-111246246 > > > This email and any files transmitted with it are confidential and are > intended solely for the use of the individual or entity to which they > are addressed. This communication represents the originator's personal > views and opinions, which do not necessarily reflect those of eWorld > (Pvt) Ltd. If you are not the original / intended recipient or the > person responsible for delivering the email to the intended recipient, > be advised that you have received this email in error, and that any > use, dissemination, forwarding, printing, or copying of this email is > strictly prohibited. If you have received this email in error, we > regret the inconvenience and request you to please immediately notify > at [EMAIL PROTECTED] > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Idle-Timeout
Hi all, I m using Cisco As5300. Session-out attribute is working fine ... but i m not getting the desired result from Idle-Timeout ... this is user's configuration in user's file ... mushy User-Password = "mushy" Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Group = 0, Session-Timeout = 900, Idle-Timeout = 300 Is there any changes required in NAS also ... ?? The user is getting Disconnected when session expires but not Idle time expires ... waiting for replies ... regards, Muhammad Mushtaque Network Operations eWorld(Pvt)Ltd. 506, Progressive Plaza, Beaumont Road Civil Lines, Karachi. UAN:92-21-111246246 This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to which they are addressed. This communication represents the originator's personal views and opinions, which do not necessarily reflect those of eWorld (Pvt) Ltd. If you are not the original / intended recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you have received this email in error, we regret the inconvenience and request you to please immediately notify at [EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.