Re: help - simultaneous accounting
On 2012/10/09 02:21 AM, 劉君羿 wrote: I am using *Chillispot* on my NAS. But it doesn't seem to support CoA. Can you suggest other AP controllers? By the way, I though concurrent accounting was a feature that should be supported. I wonder why it's not supported by the major AAA protocols. Afaik chillispot (coova chilli) DOES support coa. Look for 'coaport' in the config file. With chillispot you can also disconnect the user in the accounting-reply packet. i.e. instead of sending a coa, you can reply to the accounting update packets in a way that will disconnect the user. e.g. Set the remaining time left to 1 second. Look at 'acctupdate' in the chillispot config. Cheers, -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 Before acting on this email or opening any attachments you should read Cape PC Service's email disclaimer at: http://www.pcservices.co.za/disclaimer.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help - simultaneous accounting
I am using *Chillispot* on my NAS. But it doesn't seem to support CoA. Can you suggest other AP controllers? By the way, I though concurrent accounting was a feature that should be supported. I wonder why it's not supported by the major AAA protocols. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help - simultaneous accounting
On Tue, Oct 9, 2012 at 7:21 AM, 劉君羿 trantor@gmail.com wrote: I am using Chillispot on my NAS. But it doesn't seem to support CoA. Really? How did you determine that? Can you suggest other AP controllers? http://lmgtfy.com/?q=chillispot%20coa%20disconnect See top result -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help - simultaneous accounting
Sorry, my fault.. I just take a look at ChilliSpot radius.h, and there's code about coa. Thank you! 2012/10/9 Fajar A. Nugraha l...@fajar.net On Tue, Oct 9, 2012 at 7:21 AM, 劉君羿 trantor@gmail.com wrote: I am using Chillispot on my NAS. But it doesn't seem to support CoA. Really? How did you determine that? Can you suggest other AP controllers? http://lmgtfy.com/?q=chillispot%20coa%20disconnect See top result -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
help - simultaneous accounting
I want to allow simultaneous use of accounts. However, *RFC 2866 *says that the* Acct-Session-Time* can only be present in Accounting-Request records where the Acct-Status-Type is set to Stop [Page 17] Does this mean that RADIUS protocol can not manage simultaneous use of an account? For example, an account with *Session-Timeout *2 hours is shared by two users. User1 login first and use the account for 1 hour, user2 then login (user1 still accessing the account), then user2 turns out two have *2 hours*, which is wrong and is because that user1 not yet send Acct-Session-Time to the server. If RADIUS is not suit for the scenario above, should I try other protocols such as DIAMETER and TACACS+? Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help - simultaneous accounting
On Sat, Oct 6, 2012 at 2:38 PM, 劉君羿 trantor@gmail.com wrote: I want to allow simultaneous use of accounts. However, RFC 2866 says that the Acct-Session-Time can only be present in Accounting-Request records where the Acct-Status-Type is set to Stop [Page 17] Look for Interim Accounting Updates. Probably on rfc 2869. Does this mean that RADIUS protocol can not manage simultaneous use of an account? For example, an account with Session-Timeout 2 hours is shared by two users. User1 login first and use the account for 1 hour, user2 then login (user1 still accessing the account), then user2 turns out two have 2 hours, which is wrong and is because that user1 not yet send Acct-Session-Time to the server. It's possible, but not easy. Short version is you need to check all the accounting records for that user, both stopped, and running (updated by interim updates), and calculate whether the limit is already reached. Storing accounting records in db will make this easier. When it does, you need to send disconnect request packet to the NAS (and not all NAS might support that). All the necessary building blocks are there, but you need to create the necessary config yourself. See man unlang for starters, in particular look for coa, disconnect, and Obtaining results from databases -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help - simultaneous accounting
劉君羿 wrote: I want to allow simultaneous use of accounts. However, *RFC 2866 *says that the* Acct-Session-Time* can only be present in Accounting-Request records where the Acct-Status-Type is set to Stop [Page 17] Does this mean that RADIUS protocol can not manage simultaneous use of an account? It means that RADIUS does accounting for each session individually. For example, an account with *Session-Timeout *2 hours is shared by two users. User1 login first and use the account for 1 hour, user2 then login (user1 still accessing the account), then user2 turns out two have *2 hours*, which is wrong and is because that user1 not yet send Acct-Session-Time to the server. This is really a problem for the NAS. If the NAS doesn't send interim updates, then you can't do what you want. If RADIUS is not suit for the scenario above, should I try other protocols such as DIAMETER and TACACS+? The other protocols will be just like RADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
