I've been checking radacct, and there is a record there for every 'Login OK'.
Isn't the
oldest of those used to figure out when 24 hours have passed?
IMHO the type of NAS and/or sniffing for stuff is not relevant here. It's the
RADIUS
server which keeps on giving 'Login OK' even after the 24-hour period has
passed.
The server runs version 1.1.6 of FreeRADIUS ;-)
Regards,
Evert
liran tal wrote:
> If your NAS is not sending any accounting packets to the server on the usage
> for a user how should freeradius know to increment it's counter for
> the attribute?
>
> So how about you eliminate all of the possible obvious errors by
> telling us which
> NAS is it (someone here might have had the same problem) and check these
> issues with a sniffer maybe to be sure.
>
> Regards,
> Liran.
>
>
> On Nov 21, 2007 3:14 PM, Evert <[EMAIL PROTECTED]> wrote:
>> >From this location I have no direct access to the NAS in question at the
>> >moment, so that
>> will have to wait a bit.
>>
>> But what about my comment that the user should not get a 'Login OK' but a
>> 'Invalid user
>> (rlm_sqlcounter: Maximum never usage time reached)' as soon as 24 hours have
>> passed and he
>> tries to log in again...?
>> Am I wrong there?
>>
>>
>>
>> Regards,
>> Evert
>>
>> liran tal wrote:
>>> How about checking Alan's comment on whether your NAS
>>> is actually sending accounting information or not?
>>>
>>>
>>> Regards,
>>> Liran.
>>>
>>>
>>> On Nov 21, 2007 2:12 PM, Evert <[EMAIL PROTECTED]> wrote:
>>>> There is indeed a record in the usergroup-table with
>>>> UserName= ofjyc5
>>>> GroupName= 24hours
>>>>
>>>> ;-)
>>>>
>>>>
>>>> Regards,
>>>> Evert
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> liran tal wrote:
>>>>> Hopefully you didn't forget to set the user-group mapping in usergroup
>>>>> table, right?
>>>>>
>>>>>
>>>>> Regards,
>>>>> Liran.
>>>>>
>>>>> On Nov 21, 2007 1:01 PM, Evert <[EMAIL PROTECTED]> wrote:
>>>>>> Alan DeKok wrote:
>>>>>>> Evert wrote:
>>>>>>>> I have users in my system who are supposed to be able to logon as much
>>>>>>>> as they want, in a
>>>>>>>> period of 24 hours starting from their 1st logon.
>>>>>>> ...
>>>>>>>> however, a user who is a member of the 24hours group is able to log on
>>>>>>>> longer than the
>>>>>>>> 24hours period:
>>>>>>> Is the server receiving accounting packets?
>>>>>>>
>>>>>>> The fact that a user received an Access-Accept doesn't mean they
>>>>>>> succeeded in logging in. The NAS may have rebooted, they may have hung
>>>>>>> up, the Access-Accept could have been lost, etc.
>>>>>>>
>>>>>>> The server knows (and accounts for) the user logging in only when it
>>>>>>> receives an Accounting-Request packet. The accounting packets are also
>>>>>>> used to determine how long the user was logged in for.
>>>>>> Provided both the server and the NAS have not rebooted in the mean time,
>>>>>> shouldn't the
>>>>>> server send a 'Maximum never usage time reached', based on the rules in
>>>>>> sqlcounter.conf,
>>>>>> accounting packets or not?
>>>>>>
>>>>>> How long the user has been logged on in the 24-hour period is not really
>>>>>> relevant in my
>>>>>> case. All I need is that when the user tries to log in again > 24 hours
>>>>>> after 1st logon
>>>>>> (based on AcctStartTime) he gets a 'Maximum never usage time reached'.
>>>>>>
>>>>>>
>>>>>>
>>>>>> (I'll have to check on the accounting packets. Not sure about them)
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>> Evert
>>>>>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
