Thanks.We're an educational institution; so there's no billing. However, we keep a simultaneous login limit and that limit gets bumped because of errors. So I might try a similar hack.
Does use of RadSec reduce the number of lost Stop messages? On 5/10/2018 9:12 PM, Michael wrote:
Eric,This missing Accounting-Stop is also a big problem for me. When using usage billing, it means lost usage/bandwidth calculations. When using max time usage, it's lost time. When using maximum simultaneous, it means new sessions cannot log back in. One here and there is a problem for that individual case, but when I have a VPDN tunnel on the back side of the LNS quit and hundreds of pppoe sessions drop, I seem to have a ton of missing Stop packets. I don't even yet know where they go and I'm not sure what's happening.To battle this problem, i first setup Alive packets to constantly update my active session database. Usage, current time, and other stuff is updated every 30 minutes. I have a scripted process that scans the online data and if a sessions last-updated timestamp gets older than 30 minutes, it is possibly a dead session. The process gathers all dead sessions, snmp queries the lns's to verify that they are in fact gone, and then as Hugh suggested bellow, sends a fake Accounting-Stop using radpwtst containing the last known Acct-IN/OUTput-Octets, a fake Acct-Terminate-Cause=session-lost reason, a calculated current_time - last_updated_time = Acct-Delay-Time, and everything else i need in the Stop. With this delay time, the end result is a Stop packet is produced for current system time - Delay and therefore ends up being as close as you're gonna get with regards to usage and time. The time the session was last known and confirmed to be online.Was quite the complicated process, and very customized, but very necessary. Michael On 05/10/2018 07:11 PM, Hugh Irvine wrote:Hello Eric -You should be able to use the “Delete” button in the “Current sessions” page.See section 10 in the “user_help.pdf” guide in the “doc” directory of the Radmin distribution.Otherwise, yes you could fake up an Accounting-Stop request using “radpwtst” in the Radiator distribution.regards HughOn 10 May 2018, at 22:04, Eric W. Bates <[email protected]> wrote: On 5/9/2018 6:25 PM, Hugh Irvine wrote:Hello Eric - Where do you want to remove stale sessions? RADUSAGE is where accounting data is stored. Current sessions are normally stored in the RADONLINE table. Do you mean remove entries from the RADONLINE table? regards HughI was guessing which table.I occasionally have users on an ASA vpn who sometimes exceed their "maximum simultaneous connection limit" simply because the session stop message was lost. I want to clear those "open" sessions somehow.Create an artificial "stop" record? Delete the original "start" record? Push a button in Radmin? Thanks.On 10 May 2018, at 01:05, Eric W. Bates <[email protected]> wrote: Is there an easy way to close clearly stale user sessions?Do I have to delete the record from RADUSAGE with the matching ACCTSESSIONID?-- Clark 159a, MS 46 508/289-3112 _______________________________________________ radiator mailing list [email protected] http://lists.open.com.au/mailman/listinfo/radiator-- Hugh Irvine [email protected] Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc. Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.-- Clark 159a, MS 46 508/289-3112-- Hugh Irvine [email protected] Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc. Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://lists.open.com.au/mailman/listinfo/radiator
-- Clark 159a, MS 46 508/289-3112
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ radiator mailing list [email protected] http://lists.open.com.au/mailman/listinfo/radiator
