> The more I read about this, the more complicated it gets! >> > > It's quite simple in principle. > > > Dear Phil, the first and third solutions you provided will work great >> but their implementation is not that easy. As you said above, following >> the first approach needs packet monitoring as well, which is not easy to >> implement unless there be a log file/table in freeradius for this >> > > I don't know what this means, I'm afraid. > > > packets. And the value for "acctsessiontime" is 0 until the user >> disconnects and freeradius sets the correct value for this field and >> some other fields in radacct table. >> > > As I said, you need to enable interim accounting. If you do this, the NAS > should send accounting packets at frequent intervals that update > acctsessiontime, amongst other things. > > If your NAS doesn't support interim accounting, you're stuck. > > If it does, you should just need to set the interim interval, either > statically on the NAS or dynamically in the Access-Accept, like so: > > post-auth { > ... > update reply { > # accounting packets every 15 minutes > Acct-Interim-Interval = 900 > } > ... > } > > You also need to ensure the "accounting_update_query{,_**alt}" are > configured in your sql.conf; this is the default. > > > >> I also found that sometimes removing the last accounting record for >> the locked user in the radacct table won't work and you need to set >> "/var/log/freeradius/radutmp" to null, to unlock that user. >> > > Don't use utmp; disable the module if you are using SQL, it's unnecessary > and bug prone. > > > >> I wish there was a table for online users in NAS and we could compare >> online user in NAS and online users in RADIUS and decide what to do. >> > > Some devices do have this. It's vendor-specific, and often accessible via > SNMP. Consult the docs for your NAS. Since this isn't a RADIUS question, > it's best to look elsewhere for this. > > > I am still looking forward for your helpful comments and suggestion on >> this topic. >> > > As above: enable interim accounting. The effects should be obvious if it > works, and the next steps clear. > > >
Hi Phil, thanks for taking the time to attend to this material. i am sure i need to study more to work around the issue. i understand three steps from your guidelines to get rid of this problem, you can respond with just yes or no. * * *A.) *Enable interim accounting * * *B.)* Enable post-auth { update reply { Acct-Interim-Interval = 900 } } C.) *You Said:* You also need to ensure the "accounting_update_query{,_**alt}" are configured in your sql.conf; this is the default. C1.) Unclear to this, i have nothing like this in my sql.conf sql { server = "localhost" database = "mysql" driver = "rlm_sql_mysql" driver = "rlm_sql_${database}" port = 3306 login = "root" password = "xxxxxxxxx" radius_db = "radius" acct_table1 = "radacct" acct_table2 = "radacct" postauth_table = "radpostauth" authcheck_table = "radcheck" authreply_table = "radreply" groupcheck_table = "radgroupcheck" groupreply_table = "radgroupreply" usergroup_table = "radusergroup" deletestalesessions = yes sqltrace = no sqltracefile = ${logdir}/sqltrace.sql num_sql_socks = 5 connect_failure_retry_delay = 60 lifetime = 0 max_queries = 0 readclients = yes read_groups = yes nas_table = "nas" sqltrace = yes $INCLUDE sql/${database}/dialup.conf } *D.) * *You Said:* I also found that sometimes removing the last accounting record for the locked user in the radacct table won't work and you need to set "/var/log/freeradius/radutmp" to null, to unlock that user. *D1.)* I use "radutmp" For Simultaneous-Use tracking. Do you mean it should be disable ? *E.)* Testing I am clear with A&B. I need more help to tell us more about *"C"* what exactly should be added in "sql.conf" and *"D"* how to set null "/var/log/freeradius/radutmp". Please do not think i want you to do all for me, Since you have help us this far please clarify with CD for us to put the fix in place. Thanks Phil Regards --RM
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html