> >> On Wednesday 17 September 2003 8:05 am, Yacine BOUKABA wrote: >>> [...] for example if a user is allowed to for 600 sec: >>> 1- in the first connection radius will send a session-timeout of 600 to >>> the nat, and if the user disconnect after 300 sec, and here the user >>> will >>> have 300 sec left. >>> 2- in the seconde connection the radius will send an updated >>> session-timeout of 300 sec to the nat and the user will be disconnected >>> after 300 sec. >> >> Is this a question or a statement? [note, I'm being a bit of a smart-A.. >> :) ] >> What you listed is exactly how it works, but there are a couple of other >> things that have to happen: >> >> 1) initial logon -- as you indicate, FR will return a session-timeout >> response token with the value "600" [seconds] >> 2) the NAS should send and accounting START record >> 3) at some point [presumably 300 seconds later per your example] the >> user >> "logs off" -- the NAS needs to send an accounting STOP record >> 4) FR will take the info from the STOP record and increment the >> counter(s) >> you've specified >> 5) the next logon for the user will subtract the amount accumulated >> thus >> far >> [300] from the "limit" amount [600] and return the result as the session >> limit. [again, 300] >> >> Where this can fall apart: >> >> -- no start or stop records: without these records, the "counter" >> module >> won't have anything to count >> >> -- simultaneous use: the user logs on from 4 workstations one right >> after >> another -- all 4 will get a 600-second limit, but after the last >> workstation >> logs out, the accumulated time will be close to 2400 seconds >> -- overlapped use: very similar: the user logs on to one workstation, >> AND >> watches the clock very carefully -- at 590 seconds into the session, the >> user >> logs on from a second workstation. This second workstation gets 600 >> seconds >> from THAT point, or nearly 1200 continuous seconds [the third overlap >> should >> fail as the first "logout" will set the accumulated time to 600...] >> >> [this particular problem can be mitigated somewhat by using interim >> messages >> from the NAS] >> >> -- >> Yet another Blog: http://osnut.homelinux.net >> > > > -- > Yacine BOUKABA > WEBMASTER AUCZONE.COM > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
-- Yacine BOUKABA WEBMASTER AUCZONE.COM - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
