How to solve alive user who actually has loged off

classic Classic list List threaded Threaded
3 messages Options
| Threaded
Open this post in threaded view
|

How to solve alive user who actually has loged off

???-10
Hello everybody,

I am using freeradius-1.0.4.

In my situation, user "testuser" from domain "domain" logged from NAS 192.168.1.68,

After a while,user "testuser" logged out,but the NAS did not send Accout-Stop packet(for some reason) and freeradius still

thought that user "testuser" is alive,but  Actually user "testuser" has logged off.

I have set the Simulate-Use to 1 and now "testuser" can not log in any more from anywhere.

I use radwho and it output as follows:

# ./radwho -R
User-Name = "testuser@domain"
Acct-Session-Id = "02022911"
NAS-IP-Address = 192.168.1.68
NAS-Port = 98335
Service-type = Login-User
Framed-IP-Address = 0.0.0.0
Acct-Session-Time = 4112
Calling-Station-Id = "00d0-5926-e3fb"

I want to do something to make freeradius to believe that user "testuser" is not alive,but do not konw how to do.Is there a way to solve the problem?
Thanks!

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: How to solve alive user who actually has loged off

Paul "TBBle" Hampson
On Mon, Jun 20, 2005 at 06:54:45PM +0800, ??? wrote:
> I want to do something to make freeradius to believe that user
> "testuser" is not alive,but do not konw how to do.Is there a way to
> solve the problem?

Have a look at Simultaneous-Use in the docs directory.


--
Paul "TBBle" Hampson, on an alternate email client.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: How to solve alive user who actually has loged off

Mark Elkins-2
In reply to this post by ???-10
On Mon, 2005-06-20 at 18:54 +0800, ??? wrote:

> Hello everybody,
>
> I am using freeradius-1.0.4.
>
> In my situation, user "testuser" from domain "domain" logged from NAS 192.168.1.68,
>
> After a while,user "testuser" logged out,but the NAS did not send Accout-Stop packet(for some reason) and freeradius still
>
> thought that user "testuser" is alive,but  Actually user "testuser" has logged off.
>
> I have set the Simulate-Use to 1 and now "testuser" can not log in any more from anywhere.
>
> I use radwho and it output as follows:

Rather than just telling you to read the Documentation...I had a problem
with this and feel the documentation could do with some refinement.

First: Look at:- /usr/src/freeradius-1.0.4/doc/Simultaneous-Use

With flat files:

logged-in users are in the 'radutmp' file (something
like /usr/local/var/log/radius/radutmp). 'radwho' prints the file.
If 'checkrad' is set up to run, it should 'snmp' (or however its been
told to run) the NAS where the user was last seen - and if the NAS says
the user is no longer there, clear the radutmp entry and allow login.

With MySQL (which I use):

logged-in users are determined by SQL asking the accounting table for
the user where the 'stoptime' is Zero (ie - no stop record received).
The SQL looks like:
"SELECT COUNT(*) FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}'
AND AcctStopTime = 0"
If 'checkrad' is programmed to run, It runs the SQL:
"SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId,
FramedIPAddress, CallingStationId, FramedPr
otocol FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND
AcctStopTime = 0"
...
which gives it the NAS to go and ask.

Whether you use radutmp or SQL for checking Simultaneous-Use is also
determined by the setting for 'session' in 'radiusd.conf'. Mine looks
like:
session {
        # radutmp    <-- commented out.
        sql
}


--
  .  .     ___. .__      Posix Systems - Sth Africa.  e.164 VOIP ready
 /| /|       / /__       [hidden email]  -  Mark J Elkins, Cisco CCIE
/ |/ |ARK \_/ /__ LKINS  Tel: +27 12 807 0590  Cell: +27 82 601 0496

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html