Re: [RADIATOR] Idle timeout issue
Hi Mike,
I have tried again this time with laptop on continuously, not going to
sleep and it still cuts out the connection. I have pasted my radius.cfg for
your perusal.
LogDir /var/log/radius
DbDir /etc/radiator
# Use a low trace level in production systems. Increase
# it to 4 or 5 for debugging, or use the -trace flag to radiusd
Trace 4
AuthPort 1812
AcctPort 1813
# You will probably want to add other Clients to suit your site,
# one for each NAS you want to work with
Client DEFAULT
Secret xxx
DupInterval 0
/Client
Client 1.1.1.1
Secret xxx
AuthPort 1182
AcctPort 1183
DupInterval 0
/Client
SessionDatabase SQL
DBSource dbi:mysql:bluezone
DBUsername root
DBAuth xxxyyyzzz
AddQuery insert into SUBSCRIBERS (USERNAME, \
NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, \
FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE, DNIS)
values ('%n', '%N', \
%{NAS-Port}, �%{Acct-Session-Id}�, %{Timestamp},\
�%{Framed-IP-Address}�, �%{NAS-Port-Type}�, \
�%{Service-Type}�, �%{Called-Station-Id}�)
/SessionDatabase
Handler
AuthBy SQL
DBSource dbi:mysql:bluezone
DBUsername root
DBAuth xxxyyyzzz
# Only one Session per user at a time
DefaultSimultaneousUse 1
# Let the user IN if they have any time
left, set
# the Session-Timeout to the time left
AuthSelect select PASSWORD, SESSIONTIMEOUT
from SUBSCRIBERS where USERNAME=%0 and SESSIONTIMEOUT 0
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, Session-Timeout, reply
# Adjust the time left when they log out
AccountingStopsOnly
AcctSQLStatement update SUBSCRIBERS set
SESSIONTIMEOUT=SESSIONTIMEOUT-0%{Acct-Session-Time} where USERNAME='%n'
AccountingTable SUBSCRIBERS
/AuthBy
/Handler
Thanks and look forward to your response.
Cheers,
Jennings
*From:* Mike Puchol [mailto:puc...@me.com]
*Sent:* Saturday, 14 April 2012 2:42 AM
*To:* Jennings Tuala
*Cc:* radiator@open.com.au
*Subject:* Re: [RADIATOR] Idle timeout issue
Acct terminate cause is User-Request, meaning the hotspot received a
session end instruction from the device, eg. logoff URL, or a
disassociation which the hotspot translates as User-Request (eg. laptop
going to sleep). There is no Session-Timeout or Idle-Timeout in the logs
that would correspond to what you describe.
On Apr 13, 2012, at 3:26 PM, Jennings Tuala jtu...@blueskysamoa.com wrote:
Hi there,
I’m having some issues with idle timeouts in radiator. Users are suddenly
being disconnected after say 25 minutes of inactivity. This never used to
happen before so I attached a trace 4 debug for you to have a look at.
Would greatly appreciate your assistance please.
Thanks,
Jay
Tue Apr 10 15:48:32 2012: DEBUG: Packet dump:
*** Received from 110.5.112.85 port 32817
Code: Access-Request
Identifier: 29
Authentic: 137202239165163W9Xfg168144174216
Attributes:
User-Name = 6100510
User-Password = @[4=161221154u141014351165_250
NAS-IP-Address = 110.5.112.85
Service-Type = Login-User
Framed-IP-Address = 10.17.4.212
Called-Station-Id = 00:90:0B:05:6B:14
Calling-Station-Id = 38:59:f9:80:c8:5d
NAS-Identifier = 110.5.112.85
Acct-Session-Id = 00:90:0B:05:6B:14:13341172017
NAS-Port-Type = Wireless-IEEE-802-11
Tue Apr 10 15:48:32 2012: DEBUG: Handling request with Handler '',
Identifier ''
Tue Apr 10 15:48:32 2012: DEBUG: Deleting session for 6100510,
110.5.112.85,
Tue Apr 10 15:48:32 2012: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER='110.5.112.85' and NASPORT=0':
Tue Apr 10 15:48:32 2012: DEBUG: Handling with Radius::AuthSQL:
Tue Apr 10 15:48:32 2012: DEBUG: Handling with Radius::AuthSQL:
Tue Apr 10 15:48:32 2012: DEBUG: Query is: 'select PASSWORD, SESSIONTIMEOUT
from SUBSCRIBERS where USERNAME='6100510' and SESSIONTIMEOUT 0':
Tue Apr 10 15:48:32 2012: DEBUG: Radius::AuthSQL looks for match with
6100510 [6100510]
Tue Apr 10 15:48:32 2012: DEBUG: Radius::AuthSQL ACCEPT: : 6100510 [6100510]
Tue Apr 10 15:48:32 2012: DEBUG: AuthBy SQL result: ACCEPT,
Tue Apr 10 15:48:32 2012: DEBUG: Access accepted for 6100510
Tue Apr 10 15:48:32 2012: DEBUG: Packet dump:
*** Sending to 110.5.112.85 port 32817
Code: Access-Accept
Identifier: 29
Authentic: 253;226m181
Re: [RADIATOR] Idle timeout issue
maybe need Idle-Timeout = 0 in your authentication accept reply packet?
eg. AddToReplyIfNotExist Idle-Timeout = 0
On 12-04-18 09:24 PM, Jennings Tuala wrote:
Hi Mike,
I have tried again this time with laptop on continuously, not going to sleep
and it still cuts out the connection. I have pasted my radius.cfg for your
perusal.
LogDir /var/log/radius
DbDir /etc/radiator
# Use a low trace level in production systems. Increase
# it to 4 or 5 for debugging, or use the -trace flag to radiusd
Trace 4
AuthPort 1812
AcctPort 1813
# You will probably want to add other Clients to suit your site,
# one for each NAS you want to work with
Client DEFAULT
Secret xxx
DupInterval 0
/Client
Client 1.1.1.1
Secret xxx
AuthPort 1182
AcctPort 1183
DupInterval 0
/Client
SessionDatabase SQL
DBSource dbi:mysql:bluezone
DBUsername root
DBAuth xxxyyyzzz
AddQuery insert into SUBSCRIBERS (USERNAME, \
NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, \
FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE, DNIS)
values ('%n', '%N', \
%{NAS-Port}, �%{Acct-Session-Id}�, %{Timestamp},\
�%{Framed-IP-Address}�, �%{NAS-Port-Type}�, \
�%{Service-Type}�, �%{Called-Station-Id}�)
/SessionDatabase
Handler
AuthBy SQL
DBSource dbi:mysql:bluezone
DBUsername root
DBAuth xxxyyyzzz
# Only one Session per user at a time
DefaultSimultaneousUse 1
# Let the user IN if they have any time
left, set
# the Session-Timeout to the time left
AuthSelect select PASSWORD, SESSIONTIMEOUT
from SUBSCRIBERS where USERNAME=%0 and SESSIONTIMEOUT 0
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, Session-Timeout, reply
# Adjust the time left when they log out
AccountingStopsOnly
AcctSQLStatement update SUBSCRIBERS set
SESSIONTIMEOUT=SESSIONTIMEOUT-0%{Acct-Session-Time} where USERNAME='%n'
AccountingTable SUBSCRIBERS
/AuthBy
/Handler
Thanks and look forward to your response.
Cheers,
Jennings
*From:*Mike Puchol [mailto:puc...@me.com mailto:puc...@me.com]
*Sent:* Saturday, 14 April 2012 2:42 AM
*To:* Jennings Tuala
*Cc:* radiator@open.com.au mailto:radiator@open.com.au
*Subject:* Re: [RADIATOR] Idle timeout issue
Acct terminate cause is User-Request, meaning the hotspot received a session
end instruction from the device, eg. logoff URL, or a disassociation which
the hotspot translates as User-Request (eg. laptop going to sleep). There is
no Session-Timeout or Idle-Timeout in the logs that would correspond to what
you describe.
On Apr 13, 2012, at 3:26 PM, Jennings Tuala jtu...@blueskysamoa.com
mailto:jtu...@blueskysamoa.com wrote:
Hi there,
I’m having some issues with idle timeouts in radiator. Users are suddenly
being disconnected after say 25 minutes of inactivity. This never used to
happen before so I attached a trace 4 debug for you to have a look at. Would
greatly appreciate your assistance please.
Thanks,
Jay
Tue Apr 10 15:48:32 2012: DEBUG: Packet dump:
*** Received from 110.5.112.85 port 32817
Code: Access-Request
Identifier: 29
Authentic: 137202239165163W9Xfg168144174216
Attributes:
User-Name = 6100510
User-Password =
@[4=161221154u141014351165_250
NAS-IP-Address = 110.5.112.85
Service-Type = Login-User
Framed-IP-Address = 10.17.4.212
Called-Station-Id = 00:90:0B:05:6B:14
Calling-Station-Id = 38:59:f9:80:c8:5d
NAS-Identifier = 110.5.112.85
Acct-Session-Id = 00:90:0B:05:6B:14:13341172017
NAS-Port-Type = Wireless-IEEE-802-11
Tue Apr 10 15:48:32 2012: DEBUG: Handling request with Handler '',
Identifier ''
Tue Apr 10 15:48:32 2012: DEBUG: Deleting session for 6100510,
110.5.112.85,
Tue Apr 10 15:48:32 2012: DEBUG: do query is: 'delete from RADONLINE
where NASIDENTIFIER='110.5.112.85' and NASPORT=0':
Tue Apr 10 15:48:32 2012: DEBUG: Handling with Radius::AuthSQL:
Tue Apr 10 15:48:32 2012: DEBUG: Handling with Radius::AuthSQL:
Tue Apr 10 15:48:32 2012: DEBUG: Query is: 'select PASSWORD,
SESSIONTIMEOUT from SUBSCRIBERS where USERNAME='6100510' and SESSIONTIMEOUT
0':
Tue Apr 10 15:48:32 2012: DEBUG: Radius::AuthSQL
Re: [RADIATOR] Idle timeout issue
Thanks Michael, I will try that and see if it goes.
Cheers,
Jennings
-Original Message-
From: Michael [mailto:ri...@vianet.ca]
Sent: Thursday, 19 April 2012 2:57 PM
To: Jennings Tuala
Cc: Mike Puchol; radiator@open.com.au
Subject: Re: [RADIATOR] Idle timeout issue
maybe need Idle-Timeout = 0 in your authentication accept reply packet?
eg. AddToReplyIfNotExist Idle-Timeout = 0
On 12-04-18 09:24 PM, Jennings Tuala wrote:
Hi Mike,
I have tried again this time with laptop on continuously, not going to
sleep and it still cuts out the connection. I have pasted my radius.cfg
for your perusal.
LogDir /var/log/radius
DbDir /etc/radiator
# Use a low trace level in production systems. Increase
# it to 4 or 5 for debugging, or use the -trace flag to radiusd
Trace 4
AuthPort 1812
AcctPort 1813
# You will probably want to add other Clients to suit your site,
# one for each NAS you want to work with
Client DEFAULT
Secret xxx
DupInterval 0
/Client
Client 1.1.1.1
Secret xxx
AuthPort 1182
AcctPort 1183
DupInterval 0
/Client
SessionDatabase SQL
DBSource dbi:mysql:bluezone
DBUsername root
DBAuth xxxyyyzzz
AddQuery insert into SUBSCRIBERS (USERNAME, \
NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, \
FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE, DNIS)
values ('%n', '%N', \
%{NAS-Port}, �%{Acct-Session-Id}�, %{Timestamp},\
�%{Framed-IP-Address}�, �%{NAS-Port-Type}�, \
�%{Service-Type}�, �%{Called-Station-Id}�)
/SessionDatabase
Handler
AuthBy SQL
DBSource dbi:mysql:bluezone
DBUsername root
DBAuth xxxyyyzzz
# Only one Session per user at a time
DefaultSimultaneousUse 1
# Let the user IN if they have any time
left, set
# the Session-Timeout to the time left
AuthSelect select PASSWORD,
SESSIONTIMEOUT from SUBSCRIBERS where USERNAME=%0 and SESSIONTIMEOUT 0
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, Session-Timeout, reply
# Adjust the time left when they log
out
AccountingStopsOnly
AcctSQLStatement update SUBSCRIBERS set
SESSIONTIMEOUT=SESSIONTIMEOUT-0%{Acct-Session-Time} where USERNAME='%n'
AccountingTable SUBSCRIBERS
/AuthBy
/Handler
Thanks and look forward to your response.
Cheers,
Jennings
*From:*Mike Puchol [mailto:puc...@me.com mailto:puc...@me.com]
*Sent:* Saturday, 14 April 2012 2:42 AM
*To:* Jennings Tuala
*Cc:* radiator@open.com.au mailto:radiator@open.com.au
*Subject:* Re: [RADIATOR] Idle timeout issue
Acct terminate cause is User-Request, meaning the hotspot received a
session end instruction from the device, eg. logoff URL, or a
disassociation which the hotspot translates as User-Request (eg. laptop
going to sleep). There is no Session-Timeout or Idle-Timeout in the logs
that would correspond to what you describe.
On Apr 13, 2012, at 3:26 PM, Jennings Tuala jtu...@blueskysamoa.com
mailto:jtu...@blueskysamoa.com wrote:
Hi there,
I�m having some issues with idle timeouts in radiator. Users are
suddenly being disconnected after say 25 minutes of inactivity. This never
used to happen before so I attached a trace 4 debug for you to have a look
at. Would greatly appreciate your assistance please.
Thanks,
Jay
Tue Apr 10 15:48:32 2012: DEBUG: Packet dump:
*** Received from 110.5.112.85 port 32817
Code: Access-Request
Identifier: 29
Authentic:
137202239165163W9Xfg168144174216
Attributes:
User-Name = 6100510
User-Password =
@[4=161221154u141014351165_250
NAS-IP-Address = 110.5.112.85
Service-Type = Login-User
Framed-IP-Address = 10.17.4.212
Called-Station-Id = 00:90:0B:05:6B:14
Calling-Station-Id = 38:59:f9:80:c8:5d
NAS-Identifier = 110.5.112.85
Acct-Session-Id = 00:90:0B:05:6B:14:13341172017
NAS-Port-Type = Wireless-IEEE-802-11
Tue Apr 10 15:48:32 2012: DEBUG: Handling request with Handler '',
Identifier ''
Tue Apr 10 15:48:32 2012: DEBUG: Deleting session for 6100510,
110.5.112.85,
Tue Apr 10 15:48:32 2012: DEBUG: do query is: 'delete from RADONLINE
where NASIDENTIFIER='110.5.112.85' and NASPORT=0':
Tue Apr 10 15:48:32 2012: DEBUG: Handling with Radius::AuthSQL:
Tue Apr 10 15:48:32 2012: DEBUG: Handling
Re: [RADIATOR] Idle timeout issue
On 04/13/2012 05:04 PM, Jennings Tuala wrote: This never used to happen before. Prior to this issue, all sessions would run continuously for the entire provisioned time (which was what we wanted). Eg. A 2 hour pass would have a 2 hour continuous session until it ran out, regardless of whether the laptop went into sleep mode/shutdown/rebooted…etc. I think when the above happens, the NAS (WLAN controller/hotspot or other device) will in practice always disconnect the user and send Accounting-Request with Acct-Status-Type = Stop. This issue just cropped up recently. I read somewhere that the mysql database might be sending a kill switch but I’m not sure as I’m a mysql novice. I have however checked my database and can’t see anything regarding idle timeout or session timeout, but then again, I could be looking in the wrong place. L There is a possibility to disconnect user with RADIUS, see http://tools.ietf.org/html/rfc5176 for more. However, this must be configured and done with radpwtst (or similar tool) or from a Hook from Radiator. So you would definitely know if this is happening. In my opinion the Accounting stops you see is what normally happens when a users leaves the network (client shutdown, reboot, sleep, etc.). Really appreciate your help and response as this is an issue I would love to solve before we launch our hotspot service. See goodies/blocktime.txt for an option. The idea is to use accounting stops to subtract from time available for the user. When the users logs in again, the returned Sesstion-Timeout reflects what's currently left. Note: if you want to try this, add 'HandleAcctStatusTypes Stop' to the AuthBy to make sure possible accounting alives are not processed here. Thanks! Heikki -- Heikki Vatiainen h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Idle timeout issue
Acct terminate cause is User-Request, meaning the hotspot received a session
end instruction from the device, eg. logoff URL, or a disassociation which the
hotspot translates as User-Request (eg. laptop going to sleep). There is no
Session-Timeout or Idle-Timeout in the logs that would correspond to what you
describe.
On Apr 13, 2012, at 3:26 PM, Jennings Tuala jtu...@blueskysamoa.com wrote:
Hi there,
I’m having some issues with idle timeouts in radiator. Users are suddenly
being disconnected after say 25 minutes of inactivity. This never used to
happen before so I attached a trace 4 debug for you to have a look at. Would
greatly appreciate your assistance please.
Thanks,
Jay
Tue Apr 10 15:48:32 2012: DEBUG: Packet dump:
*** Received from 110.5.112.85 port 32817
Code: Access-Request
Identifier: 29
Authentic: 137202239165163W9Xfg168144174216
Attributes:
User-Name = 6100510
User-Password = @[4=161221154u141014351165_250
NAS-IP-Address = 110.5.112.85
Service-Type = Login-User
Framed-IP-Address = 10.17.4.212
Called-Station-Id = 00:90:0B:05:6B:14
Calling-Station-Id = 38:59:f9:80:c8:5d
NAS-Identifier = 110.5.112.85
Acct-Session-Id = 00:90:0B:05:6B:14:13341172017
NAS-Port-Type = Wireless-IEEE-802-11
Tue Apr 10 15:48:32 2012: DEBUG: Handling request with Handler '', Identifier
''
Tue Apr 10 15:48:32 2012: DEBUG: Deleting session for 6100510, 110.5.112.85,
Tue Apr 10 15:48:32 2012: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER='110.5.112.85' and NASPORT=0':
Tue Apr 10 15:48:32 2012: DEBUG: Handling with Radius::AuthSQL:
Tue Apr 10 15:48:32 2012: DEBUG: Handling with Radius::AuthSQL:
Tue Apr 10 15:48:32 2012: DEBUG: Query is: 'select PASSWORD, SESSIONTIMEOUT
from SUBSCRIBERS where USERNAME='6100510' and SESSIONTIMEOUT 0':
Tue Apr 10 15:48:32 2012: DEBUG: Radius::AuthSQL looks for match with 6100510
[6100510]
Tue Apr 10 15:48:32 2012: DEBUG: Radius::AuthSQL ACCEPT: : 6100510 [6100510]
Tue Apr 10 15:48:32 2012: DEBUG: AuthBy SQL result: ACCEPT,
Tue Apr 10 15:48:32 2012: DEBUG: Access accepted for 6100510
Tue Apr 10 15:48:32 2012: DEBUG: Packet dump:
*** Sending to 110.5.112.85 port 32817
Code: Access-Accept
Identifier: 29
Authentic: 253;226m181{}V28250198209179151176224
Attributes:
Session-Timeout = 86400
Tue Apr 10 15:48:32 2012: DEBUG: Packet dump:
*** Received from 110.5.112.85 port 32817
Code: Accounting-Request
Identifier: 30
Authentic: {211=c;_160152Z1322210RE2533
Attributes:
User-Name = 6100510
Acct-Status-Type = Start
Acct-Session-Id = 00:90:0B:05:6B:14:13341172017
Acct-Authentic = Local
NAS-Identifier = 110.5.112.85
NAS-IP-Address = 110.5.112.85
Calling-Station-Id = 38:59:f9:80:c8:5d
Called-Station-Id = 00:90:0B:05:6B:14
Framed-IP-Address = 10.17.4.212
NAS-Port-Type = Wireless-IEEE-802-11
Tue Apr 10 15:48:32 2012: DEBUG: Handling request with Handler '', Identifier
''
Tue Apr 10 15:48:32 2012: DEBUG: Adding session for 6100510, 110.5.112.85,
Tue Apr 10 15:48:32 2012: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER='110.5.112.85' and NASPORT=00':
Tue Apr 10 15:48:32 2012: DEBUG: do query is: 'insert into SUBSCRIBERS
(USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS,
NASPORTTYPE, SERVICETYPE, DNIS)':
Tue Apr 10 15:48:32 2012: ERR: do failed for 'insert into SUBSCRIBERS
(USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS,
NASPORTTYPE, SERVICETYPE, DNIS)': You have an error in your SQL syntax; check
the manual that corresponds to your MySQL server version for the right
syntax to use near '' at line 1
Tue Apr 10 15:48:32 2012: ERR: do failed for 'insert into SUBSCRIBERS
(USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS,
NASPORTTYPE, SERVICETYPE, DNIS)': You have an error in your SQL syntax; check
the manual that corresponds to your MySQL server version for the right
syntax to use near '' at line 1
Tue Apr 10 15:48:32 2012: DEBUG: Handling with Radius::AuthSQL:
Tue Apr 10 15:48:32 2012: DEBUG: Handling accounting with Radius::AuthSQL
Tue Apr 10 15:48:32 2012: DEBUG: AuthBy SQL result: ACCEPT,
Tue Apr 10 15:48:32 2012: DEBUG: Accounting accepted
Tue Apr 10 15:48:32 2012: DEBUG: Packet dump:
*** Sending to 110.5.112.85 port 32817
Code: Accounting-Response
Identifier: 30
Authentic: 1594g16154,Pq29169L159251160242
Attributes:
Tue Apr 10 16:14:18 2012: DEBUG: Packet dump:
*** Received from 110.5.112.85 port 32817
Code: Accounting-Request
Identifier: 29
Authentic: 1533B}f158172Pb3019213924623h148
Attributes:
User-Name = 6100510
Acct-Status-Type
Re: [RADIATOR] Idle timeout issue
Hi Mike,
This never used to happen before. Prior to this issue, all sessions would
run continuously for the entire provisioned time (which was what we
wanted). Eg. A 2 hour pass would have a 2 hour continuous session until it
ran out, regardless of whether the laptop went into sleep
mode/shutdown/rebooted…etc.
This issue just cropped up recently. I read somewhere that the mysql
database might be sending a kill switch but I’m not sure as I’m a mysql
novice. I have however checked my database and can’t see anything regarding
idle timeout or session timeout, but then again, I could be looking in the
wrong place. L
Really appreciate your help and response as this is an issue I would love
to solve before we launch our hotspot service.
Best regards,
Jay
*From:* Mike Puchol [mailto:puc...@me.com]
*Sent:* Saturday, 14 April 2012 2:42 AM
*To:* Jennings Tuala
*Cc:* radiator@open.com.au
*Subject:* Re: [RADIATOR] Idle timeout issue
Acct terminate cause is User-Request, meaning the hotspot received a
session end instruction from the device, eg. logoff URL, or a
disassociation which the hotspot translates as User-Request (eg. laptop
going to sleep). There is no Session-Timeout or Idle-Timeout in the logs
that would correspond to what you describe.
On Apr 13, 2012, at 3:26 PM, Jennings Tuala jtu...@blueskysamoa.com wrote:
Hi there,
I’m having some issues with idle timeouts in radiator. Users are suddenly
being disconnected after say 25 minutes of inactivity. This never used to
happen before so I attached a trace 4 debug for you to have a look at.
Would greatly appreciate your assistance please.
Thanks,
Jay
Tue Apr 10 15:48:32 2012: DEBUG: Packet dump:
*** Received from 110.5.112.85 port 32817
Code: Access-Request
Identifier: 29
Authentic: 137202239165163W9Xfg168144174216
Attributes:
User-Name = 6100510
User-Password = @[4=161221154u141014351165_250
NAS-IP-Address = 110.5.112.85
Service-Type = Login-User
Framed-IP-Address = 10.17.4.212
Called-Station-Id = 00:90:0B:05:6B:14
Calling-Station-Id = 38:59:f9:80:c8:5d
NAS-Identifier = 110.5.112.85
Acct-Session-Id = 00:90:0B:05:6B:14:13341172017
NAS-Port-Type = Wireless-IEEE-802-11
Tue Apr 10 15:48:32 2012: DEBUG: Handling request with Handler '',
Identifier ''
Tue Apr 10 15:48:32 2012: DEBUG: Deleting session for 6100510,
110.5.112.85,
Tue Apr 10 15:48:32 2012: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER='110.5.112.85' and NASPORT=0':
Tue Apr 10 15:48:32 2012: DEBUG: Handling with Radius::AuthSQL:
Tue Apr 10 15:48:32 2012: DEBUG: Handling with Radius::AuthSQL:
Tue Apr 10 15:48:32 2012: DEBUG: Query is: 'select PASSWORD, SESSIONTIMEOUT
from SUBSCRIBERS where USERNAME='6100510' and SESSIONTIMEOUT 0':
Tue Apr 10 15:48:32 2012: DEBUG: Radius::AuthSQL looks for match with
6100510 [6100510]
Tue Apr 10 15:48:32 2012: DEBUG: Radius::AuthSQL ACCEPT: : 6100510 [6100510]
Tue Apr 10 15:48:32 2012: DEBUG: AuthBy SQL result: ACCEPT,
Tue Apr 10 15:48:32 2012: DEBUG: Access accepted for 6100510
Tue Apr 10 15:48:32 2012: DEBUG: Packet dump:
*** Sending to 110.5.112.85 port 32817
Code: Access-Accept
Identifier: 29
Authentic: 253;226m181{}V28250198209179151176224
Attributes:
Session-Timeout = 86400
Tue Apr 10 15:48:32 2012: DEBUG: Packet dump:
*** Received from 110.5.112.85 port 32817
Code: Accounting-Request
Identifier: 30
Authentic: {211=c;_160152Z1322210RE2533
Attributes:
User-Name = 6100510
Acct-Status-Type = Start
Acct-Session-Id = 00:90:0B:05:6B:14:13341172017
Acct-Authentic = Local
NAS-Identifier = 110.5.112.85
NAS-IP-Address = 110.5.112.85
Calling-Station-Id = 38:59:f9:80:c8:5d
Called-Station-Id = 00:90:0B:05:6B:14
Framed-IP-Address = 10.17.4.212
NAS-Port-Type = Wireless-IEEE-802-11
Tue Apr 10 15:48:32 2012: DEBUG: Handling request with Handler '',
Identifier ''
Tue Apr 10 15:48:32 2012: DEBUG: Adding session for 6100510, 110.5.112.85,
Tue Apr 10 15:48:32 2012: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER='110.5.112.85' and NASPORT=00':
Tue Apr 10 15:48:32 2012: DEBUG: do query is: 'insert into SUBSCRIBERS
(USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,
FRAMEDIPADDRESS,
NASPORTTYPE, SERVICETYPE, DNIS)':
Tue Apr 10 15:48:32 2012: ERR: do failed for 'insert into SUBSCRIBERS
(USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,
FRAMEDIPADDRESS,
NASPORTTYPE, SERVICETYPE, DNIS)': You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the right
syntax to use near '' at line 1
Tue Apr 10 15:48:32 2012: ERR: do failed for 'insert into SUBSCRIBERS
(USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,
FRAMEDIPADDRESS,
NASPORTTYPE, SERVICETYPE, DNIS)': You have an error
(RADIATOR) idle-timeout Cisco53/800 (offtopic?)
Hi, hope is not offtopic Maybe someone have problem with disconnect cause - Ascend-Disconnect-Cause = tsIdleTimeout, so cisco have default idle-timeout 120 sec. Below is how-to setup idle time-out on interface or enforce with radius atribute Idle-Timeout = 600. You can enforce idletime-out with somthing this AddToReply Service-Type = Framed-User, \ Framed-Protocol = PPP,\ Framed-IP-Netmask = 255.255.255.255,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP,\ Idle-Timeout = 600 David #---conf. on NAS interface Dialer1 # ISDN call !--- Configuration for rotary group 1. !--- The Dialer interface number (1) must exactly match rotary group number dialer in-band ! -- Enable this dialer interface to be a DDR interface. ! -- This is needed if you want to enforce the idle-timeout. dialer idle-timeout 300 ! -- Idle timeout for incoming calls is 300 seconds (5 minutes). ! -- Users that are idle for more than 300 seconds are dropped.! -- If dialer in-band is used and a dialer idle-timeout is not defined, then ! -- the default idle-timeout of 120 seconds!! (2 minutes) is applied. dialer-group 1 !--- Apply interesting traffic definition from dialer-list 1. ! -- Note: The specified dialer-group number must be the same as the ! -- dialer-list number; in this example, defined to be 1. #(conf t) dialer-list 1 protocol ip permit ! -- any ip trafic ! -- Interesting traffic is defined by dialer-list 1. ! -- This is applied to interface Dialer 1 using dialer-group 1. ! -- Note: The specified dialer-list number must be the same as the !-- dialer-group number interface Group-Async0 # Async call dialer in-band dialer idle-timeout 900 dialer-group 5 ! -- Interesting traffic definition is defined in dialer-list 5 below ! -- Note: The specified dialer-group number must be the same as the ! -- dialer-list number; in this example, defined to be 5. access-list 101 remark Interesting Traffic Definition to be used in dialer-list 5 access-list 101 deny eigrp any any access-list 101 permit ip any any dialer-list 5 protocol ip list 101 !-- Interesting traffic is defined by access-list 101. ::: Aliatel - Nejlepsi spojeni pro vas business - www.aliatel.cz ::: === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Idle-timeout
Title: Message Guys.. Im having problems with idle timeouts... can you give me your opinions? here is hte info.. I have a user with this configuration: [EMAIL PROTECTED] Auth-Type = CheckUser-nasc Service-Type = Framed-User, Framed-Protocol = PPP, Session-Timeout = 14400, Idle-Timeout = 2 so this user has to have a 2 second idle time right? well parameter are been passed to my MAX TNT without prlblems: *** Sending to 200.52.83.195 port 7011 Code: Access-AcceptIdentifier: 108Authentic: 2348L1729R145175G17521180221160165143Attributes: Service-Type = Framed-User Framed-Protocol = PPP Session-Timeout = 14400 Idle-Timeout = 2 Framed-IP-Address = 255.255.255.254 Port-Limit = 1 Framed-IP-Netmask = 255.255.255.255 Class = "52249/415375/10968796/41/NASC" but the user has been idle for more than that: SessionID Line/Chan Slot:Item Tx/Rx Rate Svc Address Username ConnTime IdleTime Dialed# 377082653 1.04.03/023 1:09:81/000 54667/26400 MP 200.66.72.231 [EMAIL PROTECTED] 0:04:59 0:03:24 59856000 end user list 1 active user(s)admin any ideas why the idletimeout is not working? Saludos Anton KrallDirector de TecnologíaInter.net México / Panamá Tel; 5241-7609 Directo Tel: 5241-7600 Conmutador Celular: 0445-105-5160 Mobile ICQ: 4979450 email: [EMAIL PROTECTED] web: http://www.mx.inter.net Outside Mexico:Office: +52(555)241-7609PBX: +52(555)241-7600Mobile: +52(555)105-5160
Re: (RADIATOR) Idle-timeout
-- Forwarded Message -- Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [Levent Sarikaya [EMAIL PROTECTED]] Date: Sun, 3 Mar 2002 00:15:02 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] From [EMAIL PROTECTED] Sun Mar 3 00:15:02 2002 Received: from mailout1.de.colt.net (mailout1.DE.COLT.NET [212.121.128.14]) by server1.open.com.au (8.11.0/8.11.0) with SMTP id g236F1306100 for [EMAIL PROTECTED]; Sun, 3 Mar 2002 00:15:01 -0600 Received: (qmail 3901 invoked from network); 3 Mar 2002 07:47:12 - Received: from h-213.61.188.144.host.de.colt.net (HELO toaster) (213.61.188.144) by mailout1.de.colt.net with SMTP; 3 Mar 2002 07:47:12 - Message-ID: 002401c1c287$bb0190a0$[EMAIL PROTECTED] From: Levent Sarikaya [EMAIL PROTECTED] To: [EMAIL PROTECTED] References: 001d01c1c21e$ccfaf210$[EMAIL PROTECTED] Subject: Re: (RADIATOR) Idle-timeout Date: Sun, 3 Mar 2002 08:41:39 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_000_001B_01C1C28F.3C4A51E0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600. X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600. This is a multi-part message in MIME format. --=_NextPart_000_001B_01C1C28F.3C4A51E0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Messagemaybe an ascend prob: 1. try another attribute : ascend-idle-timeout=3D2 2. you can also define it on the the nas itself. FYI: ascend handles with idle timer special, if the user is using one = channel its only idle timer, if he is using two or more channels, = especially dynamic multilink, than the idle timer counts the second = channel not the first. solong.Levent - Original Message -=20 From: Anton Krall=20 To: [EMAIL PROTECTED]=20 Cc: [EMAIL PROTECTED]=20 Sent: Saturday, March 02, 2002 8:16 PM Subject: (RADIATOR) Idle-timeout Guys.. Im having problems with idle timeouts... can you give me your = opinions? here is hte info.. I have a user with this configuration: [EMAIL PROTECTED] Auth-Type =3D CheckUser-nasc Service-Type =3D Framed-User, Framed-Protocol =3D PPP, = Session-Timeout =3D 14400, Idle-Timeout =3D 2 so this user has to have a 2 second idle time right? well parameter are been passed to my MAX TNT without prlblems: *** Sending to 200.52.83.195 port 7011 Code: Access-Accept Identifier: 108 Authentic: = 2348L1729R145175G17521180221160165143 Attributes: Service-Type =3D Framed-User Framed-Protocol =3D PPP Session-Timeout =3D 14400 Idle-Timeout =3D 2 Framed-IP-Address =3D 255.255.255.254 Port-Limit =3D 1 Framed-IP-Netmask =3D 255.255.255.255 Class =3D 52249/415375/10968796/41/NASC but the user has been idle for more than that: SessionID Line/Chan Slot:Item Tx/Rx Rate Svc Address = Username ConnTime IdleTime Dialed#=20 377082653 1.04.03/023 1:09:81/000 54667/26400 MP 200.66.72.231 = [EMAIL PROTECTED] 0:04:590:03:2459856000 =20 end user list 1 active user(s) admin=20 any ideas why the idletimeout is not working? Saludos Anton Krall Director de Tecnolog=EDa Inter.net M=E9xico / Panam=E1 Tel; 5241-7609 Directo=20 Tel: 5241-7600 Conmutador Celular: 0445-105-5160 Mobile ICQ: 4979450 email: [EMAIL PROTECTED] web: http://www.mx.inter.net Outside Mexico: Office: +52(555)241-7609 PBX: +52(555)241-7600 Mobile: +52(555)105-5160 --=_NextPart_000_001B_01C1C28F.3C4A51E0 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTMLHEADTITLEMessage/TITLE META http-equiv=3DContent-Type content=3Dtext/html; = charset=3Diso-8859-1 META content=3DMSHTML 6.00.2712.300 name=3DGENERATOR STYLE/STYLE /HEAD BODY bgColor=3D#ff DIVFONT face=3DArial size=3D2maybe an ascend prob:/FONT/DIV DIVFONT face=3DArial size=3D2/FONTnbsp;/DIV DIVFONT face=3DArial size=3D21. try another attribute :=20 ascend-idle-timeout=3D2/FONT/DIV DIVFONT face=3DArial size=3D22. you can also define it on the the = nas=20 itself./FONT/DIV DIVFONT face=3DArial size=3D2FYI: ascend handles with idle timer = special, if the=20 user is using one channel its only idle timer, if he is using two or = more=20 channels, especially dynamic multilink, than the idle timer counts the = second=20 channel not the first./FONT/DIV DIVFONT face=3DArial size=3D2/FONTnbsp;/DIV DIVFONT face=3DArial size=3D2/FONTnbsp;/DIV DIVFONT face=3DArial size=3D2solong.Levent/FONT/DIV BLOCKQUOTE dir=3Dltr=20 style=3DPADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; = BORDER-LEFT: #00 2px solid; MARGIN-RIGHT: 0px DIV style=3DFONT: 10pt arial- Original Message - /DIV DIV=20 style=3DBACKGROUND: #e4e4e4; FONT
(RADIATOR) Idle-Timeout
Hi all, I m using Cisco As5300. Session-out attribute is working fine ... but i m not getting the desired result from Idle-Timeout ... this is user's configuration in user's file ... mushy User-Password = mushy Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Group = 0, Session-Timeout = 900, Idle-Timeout = 300 Is there any changes required in NAS also ... ?? The user is getting Disconnected when session expires but not Idle time expires ... waiting for replies ... regards, Muhammad Mushtaque Network Operations eWorld(Pvt)Ltd. 506, Progressive Plaza, Beaumont Road Civil Lines, Karachi. UAN:92-21-111246246 This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to which they are addressed. This communication represents the originator's personal views and opinions, which do not necessarily reflect those of eWorld (Pvt) Ltd. If you are not the original / intended recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you have received this email in error, we regret the inconvenience and request you to please immediately notify at [EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
