> On Wednesday 17 September 2003 8:05 am, Yacine BOUKABA wrote: >> [...] for example if a user is allowed to for 600 sec: >> 1- in the first connection radius will send a session-timeout of 600 to >> the nat, and if the user disconnect after 300 sec, and here the user >> will >> have 300 sec left. >> 2- in the seconde connection the radius will send an updated >> session-timeout of 300 sec to the nat and the user will be disconnected >> after 300 sec. > > Is this a question or a statement? [note, I'm being a bit of a smart-A.. > :) ] > What you listed is exactly how it works, but there are a couple of other > things that have to happen: > > 1) initial logon -- as you indicate, FR will return a session-timeout > response token with the value "600" [seconds] > 2) the NAS should send and accounting START record > 3) at some point [presumably 300 seconds later per your example] the > user > "logs off" -- the NAS needs to send an accounting STOP record > 4) FR will take the info from the STOP record and increment the > counter(s) > you've specified > 5) the next logon for the user will subtract the amount accumulated thus > far > [300] from the "limit" amount [600] and return the result as the session > limit. [again, 300] > > Where this can fall apart: > > -- no start or stop records: without these records, the "counter" > module > won't have anything to count > > -- simultaneous use: the user logs on from 4 workstations one right > after > another -- all 4 will get a 600-second limit, but after the last > workstation > logs out, the accumulated time will be close to 2400 seconds > -- overlapped use: very similar: the user logs on to one workstation, > AND > watches the clock very carefully -- at 590 seconds into the session, the > user > logs on from a second workstation. This second workstation gets 600 > seconds > from THAT point, or nearly 1200 continuous seconds [the third overlap > should > fail as the first "logout" will set the accumulated time to 600...] > > [this particular problem can be mitigated somewhat by using interim > messages > from the NAS] > > -- > Yet another Blog: http://osnut.homelinux.net >
-- Yacine BOUKABA WEBMASTER AUCZONE.COM - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
