Re: (RADIATOR) Session-Timeout PostAuthHook
Hello Herman - What you show below looks fine. BTW - in all of the Radiator code, $p refers to the incoming request packet and $rp refers to the reply packet. Just to avoid confusion I would probably change $p to $rp. See the example hooks in "goodies/hooks.txt". There are also lots of utility routines in Radiator itself and in CPAN that may be useful. BTW - you do not need two "if" statements, you can just do this: my $SessionTimeout = $p->get_attr('Session-Timeout'); if( $SessionTimeout eq 'EM') { . regards Hugh On 20/12/2003, at 3:04 AM, Herman verschooten wrote: Hi, I was looking for a way to dynamically set the session-timeout to the end of the month. Since this does not seem to be standard, I made an attempt to write a PostAuthHook: use Time::Local; # If Session-Timeout=EM then set it to the number of seconds left in this month. sub { my $p = ${$_[1]}; my $SessionTimeout = $p->get_attr('Session-Timeout'); if (defined $SessionTimeout) { if( $SessionTimeout eq 'EM') { my $sec; my $min; my $hour; my $mday; my $mon; my $year; my $wday; my $yday; my $isdst; ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); $mon++; $year+=1900; if($mon eq 12) { $mon = 0; $year++; } my $Timeout = timelocal(0,0,0,1,$mon,$year) -1 - time; $p->change_attr('Session-Timeout',$Timeout); } } } If anybody knows a better way to do this, please let me know. Greetings, Herman verschooten WebVisie bvba Een klare kijk op interne en externe communicatie ___ Oudaan 15 / 332000 Antwerpen http://www.webvisie.net tel 03/206.72.70 fax 03/[EMAIL PROTECTED] NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. - CATool: Private Certificate Authority for Unix and Unix-like systems. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Session-Timeout PostAuthHook
Hi, I was looking for a way to dynamically set the session-timeout to the end of the month. Since this does not seem to be standard, I made an attempt to write a PostAuthHook: use Time::Local; # If Session-Timeout=EM then set it to the number of seconds left in this month. sub{ my $p = ${$_[1]}; my $SessionTimeout = $p->get_attr('Session-Timeout'); if (defined $SessionTimeout) { if( $SessionTimeout eq 'EM') { my $sec; my $min; my $hour; my $mday; my $mon; my $year; my $wday; my $yday; my $isdst; ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); $mon++; $year+=1900; if($mon eq 12) {$mon = 0;$year++; } my $Timeout = timelocal(0,0,0,1,$mon,$year) -1 - time; $p->change_attr('Session-Timeout',$Timeout); } }} If anybody knows a better way to do this, please let me know. Greetings, Herman verschooten WebVisie bvba Een klare kijk op interne en externe communicatie ___ Oudaan 15 / 332000 Antwerpen http://www.webvisie.net tel 03/206.72.70 fax 03/234.93.82 [EMAIL PROTECTED]
Re: (RADIATOR) Session-Timeout getting set too late
Hello Jeff - The first thing you should do is read the radius rfc's and the Radiator reference manual (both contained in the "doc" directory of the distribution). Then you should read the Radiator source code to find out how it works. And we also offer training courses if that is of interest. You should also note that there are two seperate things happening with the radius protocol. The first is the access request/access accept, and it is in the access accept that the Session-Timeout must be returned to the NAS. The second thing that happens after the session has come up is an accounting start is sent, and after the session has completed an accounting stop is sent. With a standard AuthBy SQL clause it is very easy to do what you describe with an AuthColumnDef. BTW - the latest version is Radiator 3.5. regards Hugh On Tuesday, Jan 21, 2003, at 04:26 Australia/Melbourne, Jeff Cave wrote: Two questions: 1. I have had Radiator thrown at me. I have no knowledge of the system and feel like I am in way over my head. Can anyone recommend good reading, courses or other ways to get educated? 2. The problem I have had thrown at me... I have been asked to set a session timeout based on the amount of time left in a users account. I can hard code a timeout in the realm but I need to set it on a user-to-user basis. The system's code has been heavily modified and a lot of what is in the Radiator manual no longer seems to apply. The Realm handler is a modified AuthSQL file. In the file AuthCOMPNAME, I have added a couple of lines that add a session timeout to the response packet, but it seems that it does not calculate how much time the user has (SQL Procedure: isp_requestauth) until after the ACCESS-ACCEPT packet is sent to the NAS. When I check the log, it appears that isp_requestauth is being run before the ACCESS-ACCEPT packet is sent, this makes sense since isp_requestauth is also where the user's password and filename are verified and Radiator is catching invalid logins (infact it knows it was an invalid login because they had 0 minutes returned). SEQUENCE OF EVENTS: 1. ACCESS-ACCEPT Sent with SESSION-TIMEOUT=0 2. AuthCOMPNAME calculates session-timeout to be ? 3. Accounting-Response Sent with SESSION-TIMEOUT = ? The problem with this is that with the initial timeout of 0, it seems that the timeout is not taking when it is sent in the accounting-response. WANTED SEQUENCE OF EVENTS: 1. AuthCOMPNAME calculates session-timeout to be ? 2. ACCESS-ACCEPT Sent with SESSION-TIMEOUT = ? Does anyone have any suggestions on where/how I should be setting the session-timeout to ensure that the user has their appropriate timeout? THE CONFIG FILE: AcctLogFileName %L/account.log NoDefault DBSource dbi:ODBC:ilink DBUsername xxx DBAuth xxx FailureBackoffTime30 Timeout 10 # Authentication AuthBlock \ isp_requestauth '%U','%P','%{NAS-IP-Address}/%{NAS-Port}','%{Calling_Station_ID}' # Accounting AccountingStopsOnly AcctSQLStatement \ isp_accounting '%U', \ '%g-%i-%f %j:%k:%p', \ %{Acct-Session-Time}, \ '%{Acct-Session-Id}', \ '%{Acct-Terminate-Cause}', \ '%N', \ '%{NAS-Port}', \ '%{Framed-IP-Address}', \ %{Acct-Input-Octets}, \ %{Acct-Output-Octets} Signifigant Bits from AuthCOMPNAME: ^^ #This is the only place that I can find that the response packet is built #I have only added the one line and set it to a global variable $SessTime #I know gobal is probably not the best for this but I'm panicking. sub handle_request { my ($self, $p, $rp, $extra_checks) = @_; my $type = ref($self); $self->log($main::LOG_DEBUG, "Handling with $type (special)"); if ($p->decodedPassword() =~ /'/) { $self->log($main::LOG_DEBUG, "$type rejected because invalid char in password"); return ($main::REJECT, 'Invalid Char in password'); } else { $self->log($main::LOG_DEBUG, "$type accepted char in password"); } # # This is where the timeout gets stuffed into the response packet # $rp->addAttrByNum($Radius::Radius::SESSION_TIMEOUT,$SessTime); # # # return $self->SUPER::handle_request($p, $rp, $extra_checks); } # # Find a the named user by looking in the database, and constructing # User object if we found the named user # $name is the user name we want # $p is the current request we are handling sub findUser { my ($self, $name, $p) = @_; . . . my $q = &Radius::Util::format_special($self->{AuthBlock}, $p); # # I set the global $SessTime in here # my $sth = $self->prepareAnd
Re: (RADIATOR) Session-Timeout options
Hello Brian - You will probably want to write a hook to do this. regards Hugh On Tuesday, Jan 21, 2003, at 13:55 Australia/Melbourne, Brian Morris wrote: Hi All, Is it possible to set a session timeout to the lesser of (say) 4 hours or [TimeRemaining] Where [TimeRemaining] is however much time credit the customer has remaining on teir account. I know you can set it to one OR the other, but how about the lesser of the two? Regards, Brian Morris (In smokey downtown Canberra) === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Session-Timeout options
Hi All, Is it possible to set a session timeout to the lesser of (say) 4 hours or [TimeRemaining] Where [TimeRemaining] is however much time credit the customer has remaining on teir account. I know you can set it to one OR the other, but how about the lesser of the two? Regards, Brian Morris (In smokey downtown Canberra) === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Session-Timeout getting set too late
Two questions: 1. I have had Radiator thrown at me. I have no knowledge of the system and feel like I am in way over my head. Can anyone recommend good reading, courses or other ways to get educated? 2. The problem I have had thrown at me... I have been asked to set a session timeout based on the amount of time left in a users account. I can hard code a timeout in the realm but I need to set it on a user-to-user basis. The system's code has been heavily modified and a lot of what is in the Radiator manual no longer seems to apply. The Realm handler is a modified AuthSQL file. In the file AuthCOMPNAME, I have added a couple of lines that add a session timeout to the response packet, but it seems that it does not calculate how much time the user has (SQL Procedure: isp_requestauth) until after the ACCESS-ACCEPT packet is sent to the NAS. When I check the log, it appears that isp_requestauth is being run before the ACCESS-ACCEPT packet is sent, this makes sense since isp_requestauth is also where the user's password and filename are verified and Radiator is catching invalid logins (infact it knows it was an invalid login because they had 0 minutes returned). SEQUENCE OF EVENTS: 1. ACCESS-ACCEPT Sent with SESSION-TIMEOUT=0 2. AuthCOMPNAME calculates session-timeout to be ? 3. Accounting-Response Sent with SESSION-TIMEOUT = ? The problem with this is that with the initial timeout of 0, it seems that the timeout is not taking when it is sent in the accounting-response. WANTED SEQUENCE OF EVENTS: 1. AuthCOMPNAME calculates session-timeout to be ? 2. ACCESS-ACCEPT Sent with SESSION-TIMEOUT = ? Does anyone have any suggestions on where/how I should be setting the session-timeout to ensure that the user has their appropriate timeout? THE CONFIG FILE: AcctLogFileName %L/account.log NoDefault DBSource dbi:ODBC:ilink DBUsername xxx DBAuth xxx FailureBackoffTime30 Timeout 10 # Authentication AuthBlock \ isp_requestauth '%U','%P','%{NAS-IP-Address}/%{NAS-Port}','%{Calling_Station_ID}' # Accounting AccountingStopsOnly AcctSQLStatement \ isp_accounting '%U', \ '%g-%i-%f %j:%k:%p', \ %{Acct-Session-Time}, \ '%{Acct-Session-Id}', \ '%{Acct-Terminate-Cause}', \ '%N', \ '%{NAS-Port}', \ '%{Framed-IP-Address}', \ %{Acct-Input-Octets}, \ %{Acct-Output-Octets} Signifigant Bits from AuthCOMPNAME: ^^ #This is the only place that I can find that the response packet is built #I have only added the one line and set it to a global variable $SessTime #I know gobal is probably not the best for this but I'm panicking. sub handle_request { my ($self, $p, $rp, $extra_checks) = @_; my $type = ref($self); $self->log($main::LOG_DEBUG, "Handling with $type (special)"); if ($p->decodedPassword() =~ /'/) { $self->log($main::LOG_DEBUG, "$type rejected because invalid char in password"); return ($main::REJECT, 'Invalid Char in password'); } else { $self->log($main::LOG_DEBUG, "$type accepted char in password"); } # # This is where the timeout gets stuffed into the response packet # $rp->addAttrByNum($Radius::Radius::SESSION_TIMEOUT,$SessTime); # # # return $self->SUPER::handle_request($p, $rp, $extra_checks); } # # Find a the named user by looking in the database, and constructing # User object if we found the named user # $name is the user name we want # $p is the current request we are handling sub findUser { my ($self, $name, $p) = @_; . . . my $q = &Radius::Util::format_special($self->{AuthBlock}, $p); # # I set the global $SessTime in here # my $sth = $self->prepareAndExecute($q); # # # . . . return ($User) } # # Convenience function to prepare and execute a query. # If it fails to execute, complain, and try to reconnect and reexecute. # If it still fails to execute, return undef, else a statement handle sub prepareAndExecute { my ($self, $q) = @_; my ($attempts, $sth, $rc); $sth = $Radius::SqlDb::handles{$self->{dbname}}->prepare($q); $rc = $sth->execute if $sth; my $row = $sth->fetchrow_arrayref; &main::log($main::LOG_DEBUG, "2 rc = @$row[0], balance = @$row[1]\n"); # # Here is where I set SessTime # $SessTime = @$row[1] * 60; # # # return $sth; } === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL
(RADIATOR) Session-Timeout
Hello, I´m trying to configure Time authentication, and use it to send a Session-Timeout="unti Time", but it doesn´t fit my desing. I only have one customer profile, but their account are restricted on this way: - MoTuWeTh1800-0800 (= Mo, Tu, We, Th from 18:00 to 08:00 of the next day). - From Friday 18:00 to Monday 08:00 (= free access on weekend). The way I use to configure this is: Time="Al1400-0800,SaSu0800-1400" The restrictions wok fine, but when I use Session-Timeout="unti Time" during the weekend, the users are disconnect at the end of first time restriction. For example, one use who will connect at Sa10:00, it will be disconnected at Sa1400, instead of Mo0800. Does anybody know a way to get this? Thanks, regards. Gonzalo Bécares Ya.com === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Session-Timeout = "until nnnn" ??
Hello Brian - Could you please send me a copy of your configuration file (no secrets) together with a trace 4 debug from Radiator showing what is happening. I would also like to see the user record that is being used. thanks Hugh On Saturday, August 24, 2002, at 09:22 AM, [EMAIL PROTECTED] wrote: > > Hi Folks, > > I am using Radiator 2.18.2 which, according to the ref manual allows a > reply > parameter like this.. > > Session-Timeout="until 0250" > > Which is supposed to set the session-timeout value to the number of > seconds > between now and 2:50am. > > It doesnt work for me. Rather than upgrading needlessly (everything > else works > perfectly) am I setting it wrong or is it broken in 2.18.2 > > The error in the logfile says : > > There is no value named until 0250 for attribute Session-Timeout. Using > 0. > > > We already set the session-timeout parameter using session-timeout = > 86400 (1 > day) and this works fine. Changing 604800 to "until 0250" (with double > quotes) > breaks it. > > Regards, Brian. > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > > NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Session-Timeout = "until nnnn" ??
> I remember playing with that reply value and I remember making it work.. > have you tried using the value as a time instead of as an integer.. > something like 02:50 instead of 0250? Yep, Also tried single quotes and permutations of 02:50 2:50 0250 and 250 all with the same error as a result. I'm still working on it though. Regards, Brian. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Session-Timeout in Cisco & Ascend
Hello Lull - This is usually a NAS configuration issue. You should check with your vendors, and also check the Radiator FAQ and the mailing list archive. regards Hugh On Mon, 8 Apr 2002 22:20, Lull Paras wrote: > Hi all! > > does Session-Timeout attribute work in Cisco & Ascend > RAS? > > it doesn't seem to work in our current setup. we have > Radiator 2.19 and multiple RAS (Cisco, Ascend, and > Livingston). i have tried testing it on all RAS but > it only works in livingston. when i'm using Cisco & > Ascend, users are not disconnected when the alloted > seconds in the session-timeout reply has elapsed. > > have you encountered the same problem? any help is > appreciated :) > > > TIA, > > Lull > > > > = > > "Kindness and honesty can be expected only from the strong." > > > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Session-Timeout in Cisco & Ascend
Hi all! does Session-Timeout attribute work in Cisco & Ascend RAS? it doesn't seem to work in our current setup. we have Radiator 2.19 and multiple RAS (Cisco, Ascend, and Livingston). i have tried testing it on all RAS but it only works in livingston. when i'm using Cisco & Ascend, users are not disconnected when the alloted seconds in the session-timeout reply has elapsed. have you encountered the same problem? any help is appreciated :) TIA, Lull = "Kindness and honesty can be expected only from the strong." === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Fwd: Me encuentro fuera de la oficina de vacaciones, vuelvo el 18/2/2002.: Re: (RADIATOR) Session-Timeout.
-- Forwarded Message -- Subject: Me encuentro fuera de la oficina de vacaciones, vuelvo el 18/2/2002.: Re: (RADIATOR) Session-Timeout. Date: Sat, 2 Feb 2002 11:44:15 +1100 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Hello Rick - You would use an AuthBy FILE with DEFAULT entries. # define DEFAULT's for different times DEFAULT Time = "...", Auth-Type = .. Session-Timeout = ., DEFAULT Time = "...", Auth-Type = .. Session-Timeout = ., Have a look at sections 13.1.6 and 13.1.13 in the Radiator 2.19 reference manual (included in the distribution in the file "doc/ref.html"). regards Hugh On Sat, 2 Feb 2002 11:25, Ricky Chilcott wrote: > Hello, > > How could I accomplish the following with session timout. > > 1.No timeout between 00:00 and 10:00 and a 4 hour timeout all other > times. > > 2.No timeout between 00:00 and 10:00 , 4 Hour timeout between 10:00 and > 19:00 and 2 Hour timeout between 19:00 and 00:00. > > Thanks > > Rick > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Session-Timeout.
Hello Rick - You would use an AuthBy FILE with DEFAULT entries. # define DEFAULT's for different times DEFAULT Time = "...", Auth-Type = .. Session-Timeout = ., DEFAULT Time = "...", Auth-Type = .. Session-Timeout = ., Have a look at sections 13.1.6 and 13.1.13 in the Radiator 2.19 reference manual (included in the distribution in the file "doc/ref.html"). regards Hugh On Sat, 2 Feb 2002 11:25, Ricky Chilcott wrote: > Hello, > > How could I accomplish the following with session timout. > > 1.No timeout between 00:00 and 10:00 and a 4 hour timeout all other > times. > > 2.No timeout between 00:00 and 10:00 , 4 Hour timeout between 10:00 and > 19:00 and 2 Hour timeout between 19:00 and 00:00. > > Thanks > > Rick > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Session-Timeout.
Hello, How could I accomplish the following with session timout. 1.No timeout between 00:00 and 10:00 and a 4 hour timeout all other times. 2.No timeout between 00:00 and 10:00 , 4 Hour timeout between 10:00 and 19:00 and 2 Hour timeout between 19:00 and 00:00. Thanks Rick === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Session-Timeout Maximum Value
Hi Brian - I think you will find the NAS falls over before you do. :-/ cheers Hugh On Thu, 24 Jan 2002 10:14, Brian Morris wrote: > Hehehe ... > > According to the RFC, the value (in seconds) is a 32bit unsigned integer! > This equates conservatively (30 bits) to a tad over 34 years :-)) > > Even with all other things being suitable for an accurate test, I don't > think I have enough time to live to fully test the true upper limit of this > parameter! > > Cheers, Brian. > > > - Original Message - > From: "Hugh Irvine" <[EMAIL PROTECTED]> > To: "Brian Morris" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Wednesday, January 23, 2002 6:59 PM > Subject: Re: (RADIATOR) Session-Timeout Maximum Value > > > Hello Brian - > > > > Check the RFC for details ("doc/rfc2865.txt"). > > > > However you are correct in that the only real way to be sure is to do > > some experiments with your NAS (we have seen problems with large > > numbers). > > > > regards > > > > Hugh > > > > On Wed, 23 Jan 2002 15:34, Brian Morris wrote: > > > Hi all, > > > > > > Session-Timeout is defined as an integer in the dictionary file. Does > > > anyone know what the maximum value that can be set for this is? > > > > > > I guess it would be dependant on individual NAS implementations for an > > > integer, but has anyone had any success with setting it to a high value > > (eg > > > > : 604800 - the number of seconds in a week)? I am thinking that this > > will > > > > work but would I be pushing my luck to set it at 18 million odd? (~the > > > number of seconds in a month) > > > > > > The reason is that we have some VISP ports on an AS5300 that we can not > > > directly control to manually disconnect a user, therefore we would like > > to > > > > ensure that they do not login for what we consider to be "way too > > > long". > > > > > > Thanks and regards, Brian. > > > > > > === > > > Archive at http://www.open.com.au/archives/radiator/ > > > Announcements on [EMAIL PROTECTED] > > > To unsubscribe, email '[EMAIL PROTECTED]' with > > > 'unsubscribe radiator' in the body of the message. > > > > -- > > Radiator: the most portable, flexible and configurable RADIUS server > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > > - > > Nets: internetwork inventory and management - graphical, extensible, > > flexible with hardware, software, platform and database independence. > > === > > Archive at http://www.open.com.au/archives/radiator/ > > Announcements on [EMAIL PROTECTED] > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Session-Timeout Maximum Value
Hehehe ... According to the RFC, the value (in seconds) is a 32bit unsigned integer! This equates conservatively (30 bits) to a tad over 34 years :-)) Even with all other things being suitable for an accurate test, I don't think I have enough time to live to fully test the true upper limit of this parameter! Cheers, Brian. - Original Message - From: "Hugh Irvine" <[EMAIL PROTECTED]> To: "Brian Morris" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, January 23, 2002 6:59 PM Subject: Re: (RADIATOR) Session-Timeout Maximum Value > > Hello Brian - > > Check the RFC for details ("doc/rfc2865.txt"). > > However you are correct in that the only real way to be sure is to do some > experiments with your NAS (we have seen problems with large numbers). > > regards > > Hugh > > > On Wed, 23 Jan 2002 15:34, Brian Morris wrote: > > Hi all, > > > > Session-Timeout is defined as an integer in the dictionary file. Does > > anyone know what the maximum value that can be set for this is? > > > > I guess it would be dependant on individual NAS implementations for an > > integer, but has anyone had any success with setting it to a high value (eg > > > > : 604800 - the number of seconds in a week)? I am thinking that this will > > > > work but would I be pushing my luck to set it at 18 million odd? (~the > > number of seconds in a month) > > > > The reason is that we have some VISP ports on an AS5300 that we can not > > directly control to manually disconnect a user, therefore we would like to > > ensure that they do not login for what we consider to be "way too long". > > > > Thanks and regards, Brian. > > > > === > > Archive at http://www.open.com.au/archives/radiator/ > > Announcements on [EMAIL PROTECTED] > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) session timeout
Hello Yoga - On Wednesday 19 September 2001 16:59, Yoga Nandiwardhana wrote: > hi all, > how do i make radiator send a "session-timeout" for every authentication > reply? do i need to configure the .pm or should i use a hook instead? > You can simply use an AddToReply in your AuthBy clause. ... AddToReply Session-Timeout = nnn regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) session timeout
hi all, how do i make radiator send a "session-timeout" for every authentication reply? do i need to configure the .pm or should i use a hook instead? thanks yoga === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re[2]: (RADIATOR) Session-timeout
Title: Re[2]: (RADIATOR) Session-timeout Hello Alexey - Well the only other thing I can think of is the IOS version. The attributes are getting to the Cisco: Jun 13 11:21:10.582: RADIUS: Received from id 157 213.242.54.xxx:1645, Access-Accept, len 50 Jun 13 11:21:10.582: Attribute 6 6 0002 Jun 13 11:21:10.582: Attribute 7 6 0001 Jun 13 11:21:10.582: Attribute 9 6 FFFE Jun 13 11:21:10.582: Attribute 27 6 7FD1AF4F Jun 13 11:21:10.582: Attribute 28 6 04B0 Attribute 27 is session timeout and 28 is idle timeout, but why the Cisco is ignoring them I don't know. regards Hugh At 5:44 PM +0600 6/19/01, Alexey Korchagin wrote: Hello Hugh, HI> Hello Alexey - HI> Have you checked this? HI> http://www.open.com.au/radiator/faq.html#59 Of couse. I make my config like config from example. I _understand_ how it's work. But I really can't understand - why attributes lost... It would be clear, if attributes not sending, or not reciving in general. But it's look like bad joke or fantastic action :((( Or I so stupid that don't see something apparent. HI> At 12:13 PM +0600 6/19/01, rc5 wrote: >>Hello, >> >>I never think that it's will be problem. I don't guru in >>Cisco-systems, but all changes in config I make how it's was descript >>into "PPP Per-User Timeouts" (link from Radiator FAQ). >> >>When I make all changes (see cisco.config.txt) I don't get wanted result. >>I see that Radiator send Session-Timeout and Idle-Timeout to Cisco. I >>see that Cisco get it and then lost or hide it. >> >>All traces and debugs - Cisco (cisco.trace.txt), Radiator(trace4.txt), >>Radstock(rad.log.txt) show that attributes exist, but NAS never apply it. >>May be somebody have this problem? >> >> >> >>-- >>Best regards, >>Alexey Korchagin mailto:[EMAIL PROTECTED] >>Attachment converted: Macintosh HD:cisco.trace.txt (TEXT/ttxt) (0001B67E) >>Attachment converted: Macintosh HD:csico.config.txt (TEXT/ttxt) (0001B67F) >>Attachment converted: Macintosh HD:trace4.txt 1 (TEXT/ttxt) (0001B680) >>Attachment converted: Macintosh HD:rad.log.txt (TEXT/ttxt) (0001B681) -- Best regards, Alexey mailto:[EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
Re[2]: (RADIATOR) Session-timeout
Hello Hugh, HI> Hello Alexey - HI> Have you checked this? HI> http://www.open.com.au/radiator/faq.html#59 Of couse. I make my config like config from example. I _understand_ how it's work. But I really can't understand - why attributes lost... It would be clear, if attributes not sending, or not reciving in general. But it's look like bad joke or fantastic action :((( Or I so stupid that don't see something apparent. HI> At 12:13 PM +0600 6/19/01, rc5 wrote: >>Hello, >> >>I never think that it's will be problem. I don't guru in >>Cisco-systems, but all changes in config I make how it's was descript >>into "PPP Per-User Timeouts" (link from Radiator FAQ). >> >>When I make all changes (see cisco.config.txt) I don't get wanted result. >>I see that Radiator send Session-Timeout and Idle-Timeout to Cisco. I >>see that Cisco get it and then lost or hide it. >> >>All traces and debugs - Cisco (cisco.trace.txt), Radiator(trace4.txt), >>Radstock(rad.log.txt) show that attributes exist, but NAS never apply it. >>May be somebody have this problem? >> >> >> >>-- >>Best regards, >>Alexey Korchagin mailto:[EMAIL PROTECTED] >>Attachment converted: Macintosh HD:cisco.trace.txt (TEXT/ttxt) (0001B67E) >>Attachment converted: Macintosh HD:csico.config.txt (TEXT/ttxt) (0001B67F) >>Attachment converted: Macintosh HD:trace4.txt 1 (TEXT/ttxt) (0001B680) >>Attachment converted: Macintosh HD:rad.log.txt (TEXT/ttxt) (0001B681) -- Best regards, Alexeymailto:[EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Session-timeout
Hello Alexey - Have you checked this? http://www.open.com.au/radiator/faq.html#59 regards Hugh At 12:13 PM +0600 6/19/01, rc5 wrote: >Hello, > >I never think that it's will be problem. I don't guru in >Cisco-systems, but all changes in config I make how it's was descript >into "PPP Per-User Timeouts" (link from Radiator FAQ). > >When I make all changes (see cisco.config.txt) I don't get wanted result. >I see that Radiator send Session-Timeout and Idle-Timeout to Cisco. I >see that Cisco get it and then lost or hide it. > >All traces and debugs - Cisco (cisco.trace.txt), Radiator(trace4.txt), >Radstock(rad.log.txt) show that attributes exist, but NAS never apply it. >May be somebody have this problem? > > > >-- >Best regards, >Alexey Korchagin mailto:[EMAIL PROTECTED] >Attachment converted: Macintosh HD:cisco.trace.txt (TEXT/ttxt) (0001B67E) >Attachment converted: Macintosh HD:csico.config.txt (TEXT/ttxt) (0001B67F) >Attachment converted: Macintosh HD:trace4.txt 1 (TEXT/ttxt) (0001B680) >Attachment converted: Macintosh HD:rad.log.txt (TEXT/ttxt) (0001B681) -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Session-timeout
Hello, I never think that it's will be problem. I don't guru in Cisco-systems, but all changes in config I make how it's was descript into "PPP Per-User Timeouts" (link from Radiator FAQ). When I make all changes (see cisco.config.txt) I don't get wanted result. I see that Radiator send Session-Timeout and Idle-Timeout to Cisco. I see that Cisco get it and then lost or hide it. All traces and debugs - Cisco (cisco.trace.txt), Radiator(trace4.txt), Radstock(rad.log.txt) show that attributes exist, but NAS never apply it. May be somebody have this problem? -- Best regards, Alexey Korchagin mailto:[EMAIL PROTECTED] Jun 13 11:21:06.346: TTY12: DSR came up Jun 13 11:21:06.346: tty12: Modem: IDLE->(unknown) Jun 13 11:21:06.346: TTY12: Autoselect started Jun 13 11:21:06.346: TTY12: create timer type 0, 120 seconds Jun 13 11:21:07.310: TTY12: Autoselect sample 7E Jun 13 11:21:07.310: TTY12: Autoselect sample 7EFF Jun 13 11:21:07.310: TTY12: Autoselect sample 7EFF7D Jun 13 11:21:07.310: TTY12: Autoselect sample 7EFF7D23 Jun 13 11:21:07.310: TTY12 Autoselect cmd: ppp negotiate Jun 13 11:21:07.310: TTY12: destroy timer type 0 (OK) Jun 13 11:21:07.314: TTY12: EXEC creation Jun 13 11:21:07.314: TTY12: create timer type 0, 43180 seconds Jun 13 11:21:07.314: TTY12: create timer type 1, 1200 seconds Jun 13 11:21:07.318: TTY12: destroy timer type 1 (OK) Jun 13 11:21:07.318: TTY12: destroy timer type 0 (OK) Jun 13 11:21:07.318: TTY12: create timer type 2, 43200 seconds Jun 13 11:21:07.318: TTY12: create timer type 0, 43200 seconds Jun 13 11:21:10.558: AAA/MEMORY: create_user (0x60FD78E8) user='elcom_w' ruser='' port='Async12' rem_addr='async' authen_type=PAP service=PPP priv=1 Jun 13 11:21:10.558: RADIUS: ustruct sharecount=1 Jun 13 11:21:10.558: RADIUS: Initial Transmit Async12 id 157 213.242.54.xxx:1645, Access-Request, len 77 Jun 13 11:21:10.558: Attribute 4 6 D5F236E1 Jun 13 11:21:10.558: Attribute 5 6 000C Jun 13 11:21:10.558: Attribute 61 6 Jun 13 11:21:10.558: Attribute 1 9 656C636F Jun 13 11:21:10.558: Attribute 2 18 C90B9579 Jun 13 11:21:10.558: Attribute 6 6 0002 Jun 13 11:21:10.558: Attribute 7 6 0001 Jun 13 11:21:10.582: RADIUS: Received from id 157 213.242.54.xxx:1645, Access-Accept, len 50 Jun 13 11:21:10.582: Attribute 6 6 0002 Jun 13 11:21:10.582: Attribute 7 6 0001 Jun 13 11:21:10.582: Attribute 9 6 FFFE Jun 13 11:21:10.582: Attribute 27 6 7FD1AF4F Jun 13 11:21:10.582: Attribute 28 6 04B0 Jun 13 11:21:10.582: RADIUS: saved authorization data for user 60FD78E8 at 6102B914 Jun 13 11:21:10.582: As12 AAA/AUTHOR/LCP (1603074679): found list "default" Jun 13 11:21:10.582: As12 AAA/DISC: 1/"User Request" Jun 13 11:21:10.582: As12 AAA/DISC/EXT: 1020/"User Request" Jun 13 11:21:10.586: AAA/ACCT/NET: Found list "default" Jun 13 11:21:10.586: As12 AAA/AUTHOR/FSM (3360470138): found list "default" Jun 13 11:21:10.586: As12 AAA/AUTHOR/FSM (3938440701): found list "default" Jun 13 11:21:10.586: RADIUS: ustruct sharecount=4 Jun 13 11:21:10.590: RADIUS: Initial Transmit Async12 id 158 213.242.54.xxx:1646, Accounting-Request, len 87 Jun 13 11:21:10.590: Attribute 4 6 D5F236E1 Jun 13 11:21:10.590: Attribute 5 6 000C Jun 13 11:21:10.590: Attribute 61 6 Jun 13 11:21:10.590: Attribute 1 9 656C636F Jun 13 11:21:10.590: Attribute 40 6 0001 Jun 13 11:21:10.590: Attribute 45 6 0001 Jun 13 11:21:10.590: Attribute 6 6 0002 Jun 13 11:21:10.590: Attribute 44 10 30303030 Jun 13 11:21:10.590: Attribute 7 6 0001 Jun 13 11:21:10.590: Attribute 41 6 Jun 13 11:21:10.602: RADIUS: Received from id 158 213.242.54.xxx:1646, Accounting-response, len 20 Jun 13 11:21:10.922: As12 AAA/AUTHOR/IPCP (3934615531): found list "default" Jun 13 11:21:10.922: RADIUS: ustruct sharecount=4 Jun 13 11:21:10.926: RADIUS: Initial Transmit Async12 id 159 213.242.54.xxx:1646, Accounting-Request, len 93 Jun 13 11:21:10.926: Attribute 4 6 D5F236E1 Jun 13 11:21:10.926: Attribute 5 6 000C Jun 13 11:21:10.926: Attribute 61 6 Jun 13 11:21:10.926: Attribute 1 9 656C636F Jun 13 11:21:10.926: Attribute 40 6 0003 Jun 13 11:21:10.926: Attribute 45 6 0001 Jun 13 11:21:10.926: Attribute 6 6 0002 Jun 13 11:21:10.926: Attribute 44 10 30303030 Jun 13 11:21:10.926: Attribute 7 6 0001 Jun 13 11:21:10.926: Attribute 8 6 D5F236F9 Jun 13 11:21:10.926: Attribute 41 6 Jun 13 11:21:10.938: RADIUS: Received from id 159 213.242.54.xxx:1646, Accounting-response, len 20 Jun 13 17:21:20 Karachi: %SEC-6-IPACCESSLOGP: list 101 denied udp 213.242.54.99(137) -> 213.242.54.255(137), 11 packets cisco-3640-i#terminal n
Re: (RADIATOR) Radiator Session-Timeout question
Hello Alexey - On Sat, 14 Oct 2000, Alexey A. Shavaldin wrote: > Hello ! > > I have a question about specifying Session-Timeout to my NASs, using Radiator > 2.16 and Oracle8i ver 8.1.6. The fact is that I need NAS to hangup a line with > the user with session timeout. In MySQL it is done, in my opinion, simply. I > just dynamically change timebank=unix_timestamp(stopdate)-%{Timestamp}. > Is there any analogue of unix_timestamp in Oracle, which I can use with Oracle > and Radiator to compute remaining timebank of a user? In other words, I have to > calculate unix timestamp from an Oracle date while creating my SQL queries. > > Can you point me to a solution of my problem or, perhaps, there're some other > ways to do it ? > It would probably be simplest just to define an integer column and use that. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator Session-Timeout question
Hello ! I have a question about specifying Session-Timeout to my NASs, using Radiator 2.16 and Oracle8i ver 8.1.6. The fact is that I need NAS to hangup a line with the user with session timeout. In MySQL it is done, in my opinion, simply. I just dynamically change timebank=unix_timestamp(stopdate)-%{Timestamp}. Is there any analogue of unix_timestamp in Oracle, which I can use with Oracle and Radiator to compute remaining timebank of a user? In other words, I have to calculate unix timestamp from an Oracle date while creating my SQL queries. Can you point me to a solution of my problem or, perhaps, there're some other ways to do it ? I'll appreciate any help. Thanks. -- With regards, Alexey A. Shavaldin [EMAIL PROTECTED] System Administrator of Kraft-S, JSC === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Session-Timeout ERR
Hello Joseph - On Tue, 14 Mar 2000, Joseph Cilia wrote: > Hi Guys, > > Can anybody help me please, just upgraded our radiator to ver 15.0 and not > the Session Time out is reporting an ERR message like the one below: > > Mon Mar 13 20:11:12 2000: ERR: There is no value named 125052.0 for > attribute Session-Timeout. Using 0. > > I did not change anything, on ver 14.1 it was working, ok. > Actually, I suspect your configuration was not working correctly with Radiator 2.14.1, its just that Radiator 2.15 now tells you more about problems with the dictionary (previous versions remained silent). I would expect your configuration file (or user record) contains something like the following? Session-Timeout = 123052.0 If so, Radiator is treating "123052.0" as a string and trying to look it up in the dictionary. You should change it to this (the variable is an integer): Session-Timeout = 123052 hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Session-Timeout ERR
Hi Guys, Can anybody help me please, just upgraded our radiator to ver 15.0 and not the Session Time out is reporting an ERR message like the one below: Mon Mar 13 20:11:12 2000: ERR: There is no value named 125052.0 for attribute Session-Timeout. Using 0. I did not change anything, on ver 14.1 it was working, ok. Best Regards, Joseph Cilia Managing Director NEXT Generation IT Limited -- Mobile: (+356) 947 2319 Tel: (+356) 419109 Fax: (+356) 438948 ICQ: 9415615 E-mail: [EMAIL PROTECTED] URL: http://www.nextgen.net.mt -- === Archive at http://www.starport.net/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Session Timeout Until xx:xx
Title: RE: (RADIATOR) Session Timeout Until xx:xx Hi, For double checking: Here is my users file and the cfg file. And Session-Timeout works this way very well. I will try the same functionality live with SQL database today. fred User-Password = "x", Time = "Al0800-1800" User-Service = Framed-User, Framed-Protocol = PPP, Framed-Netmask = 255.255.255.0, Framed-Routing = None, Framed-MTU = 1500, Framed-Compression = Van-Jacobson-TCP-IP # radius.cfg Foreground LogStdout LogDir /var/radius DbDir /usr/local/etc LogFile %L/logfile DictionaryFile %D/dictionary.ascend Trace 4 Secret xxx DupInterval 300 IgnoreAcctSignature Filename %D/users AddToReply Session-Timeout = until 1800 # Log accounting to the detail file in LogDir AcctLogFileName %L/detail > -Original Message- > From: Hugh Irvine [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, December 08, 1999 12:56 AM > To: Ferhat DILMAN; Mike McCauley; [EMAIL PROTECTED]; Ferhat DILMAN; > [EMAIL PROTECTED] > Cc: tom minchin > Subject: RE: (RADIATOR) Session Timeout Until xx:xx > > > > Hello Ferhat - > > On Tue, 07 Dec 1999, Ferhat DILMAN wrote: > > >%_Thanks for it. It is now working. > > > > By the way, in the documentation, it says Session-Timeout = > "until 1800". > > > > It did not work with quotes. It worked without "" > > > > Curious - it works with "" here. Could you send us more > details, including your > configuration file (w/o secrets) so we can see what is happening? > > thanks > > Hugh > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, > NT, Rhapsody
RE: (RADIATOR) Session Timeout Until xx:xx
Hello Ferhat - On Tue, 07 Dec 1999, Ferhat DILMAN wrote: > >%_Thanks for it. It is now working. > > By the way, in the documentation, it says Session-Timeout = "until 1800". > > It did not work with quotes. It worked without "" > Curious - it works with "" here. Could you send us more details, including your configuration file (w/o secrets) so we can see what is happening? thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Session Timeout Until xx:xx
Title: RE: (RADIATOR) Session Timeout Until xx:xx Thanks for it. It is now working. By the way, in the documentation, it says Session-Timeout = "until 1800". It did not work with quotes. It worked without "" Thanks, cool functionality :) Ferhat > -Original Message- > From: Mike McCauley [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 07, 1999 7:49 PM > To: [EMAIL PROTECTED]; Ferhat DILMAN; [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED]; tom minchin > Subject: Re: (RADIATOR) Session Timeout Until xx:xx > > > Hello Ferhat, > > On Dec 7, 11:41am, Hugh Irvine wrote: > > Subject: RE: (RADIATOR) Session Timeout Until xx:xx > > > > Hello Ferhat - > > > > On Tue, 07 Dec 1999, Ferhat DILMAN wrote: > > > >%_Hi, > > > > > > I have tested Session-Timeout="until 1800" parameter and > does not work. > > > > > > > Thanks for pointing this out - as it happens, a user reply item of > > > > Session-Timeout="until 1800" > > > > does in fact work. However, due to an oversight, it doesn't > work in an > > AddToReply. Our apologies for this and Mike will post a fix shortly. > > Hugh is right. The special handling of Session-Timeout for "until" was > not being done if it was in a DefaultReply and AddToReply. > > I have uploaded a fixed version of AuthGeneric.pm > > Thanks for reporting this. > Cheers. > > -- > Mike McCauley [EMAIL PROTECTED] > Open System Consultants Pty. Ltd Unix, Perl, > Motif, C++, WWW > 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au > Phone +61 3 9598-0985 Fax +61 3 9598-0955 > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, > NT, Rhapsody
Re: (RADIATOR) Session Timeout Until xx:xx
Hello Ferhat, On Dec 7, 11:41am, Hugh Irvine wrote: > Subject: RE: (RADIATOR) Session Timeout Until xx:xx > > Hello Ferhat - > > On Tue, 07 Dec 1999, Ferhat DILMAN wrote: > > >%_Hi, > > > > I have tested Session-Timeout="until 1800" parameter and does not work. > > > > Thanks for pointing this out - as it happens, a user reply item of > > Session-Timeout="until 1800" > > does in fact work. However, due to an oversight, it doesn't work in an > AddToReply. Our apologies for this and Mike will post a fix shortly. Hugh is right. The special handling of Session-Timeout for "until" was not being done if it was in a DefaultReply and AddToReply. I have uploaded a fixed version of AuthGeneric.pm Thanks for reporting this. Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Session Timeout Until xx:xx
Hello Ferhat - On Tue, 07 Dec 1999, Ferhat DILMAN wrote: > >%_Hi, > > I have tested Session-Timeout="until 1800" parameter and does not work. > Thanks for pointing this out - as it happens, a user reply item of Session-Timeout="until 1800" does in fact work. However, due to an oversight, it doesn't work in an AddToReply. Our apologies for this and Mike will post a fix shortly. > The config is: Ascend TNT, Radiator 2.14.1 with new AuthGeneric.pm module on > Debian Linux and here is the user file and the config file and the logfile. > > I have radiator main server and i have created a proxy. Main server sends > the requests to this server. By the way, main server is still in 2.13 > version. Does it matter? > > Anybody tested this new parameter? > > P.S. I have added the Ascend attribute into the dictionary: > ATTRIBUTE Session-Timeout 27 integer > You mention in your other email that Ascend uses ATTRIBUTE Ascend-Maximum-Time 194 integer does this mean that Ascends do not honour the standard Session-Timeout? You might also check what version on Ascend software you are running and whether other versions behave differently? thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Session Timeout Until xx:xx
Using the same basic setup (Ascend TNT, Radiator 2.14.1, new AuthGeneric.pm. Difference is that I run it on BSDI 4.0.1) it works. Here is what I did (suggestions thanks to Hugh) First I set up special files for timed users, disconnect non pay users, vacation users, etc. Here is my radius.cfg: Identifier System Filename /etc/master.passwd Match ^([^:]*):([^:]*) # This clause handles all users from all realms by looking them up # in the users file at /usr/local/etc/raddb/users AuthByPolicy ContinueWhileAccept AcceptIfMissing Filename %D/dnp-users AcceptIfMissing Filename %D/vacation-users AcceptIfMissing Filename %D/time-users Filename %D/users AcctLogFileName %L/detail Now in my /usr/local/etc/raddb directory I have the following files: users dnp-users vacation-users timed-users The timed-users file looks like this: # File for timed users # Format for data entry: # Time = "A10800-1700", Auth-Type = System # Service-Type = Framed-User, # Framed-Protocol = PPP # timetest Password = "timetest", Time = "Al1139-1145", Auth-Type = System Session-Timeout = until 1145, Service-Type = Framed-User, Framed-Protocol = PPP (the timetest user was a test...it worked) HTH, T. > > === > > Archive at http://www.thesite.com.au/~radiator/ > > To unsubscribe, email '[EMAIL PROTECTED]' with === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Session Timeout Until xx:xx
Hi Tom, On Dec 7, 9:19am, tom minchin wrote: > Subject: Re: (RADIATOR) Session Timeout Until xx:xx > On Mon, Dec 06, 1999 at 04:04:57PM +0200, Ferhat DILMAN wrote: . > > Yeah, the Ascends like Ascend-Maximum-Time, so use that instead. Unfortunately > unless the code is cleverer than it looks to me (not unlikely) you'll have > to butcher the code slightly so that it uses the Ascend attribute rather > than the standard RADIUS one. Should be a simple search and replace. Does that mean that Ascend does not honour Session-Timeout? Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Session Timeout Until xx:xx
On Mon, Dec 06, 1999 at 04:04:57PM +0200, Ferhat DILMAN wrote: > Hi, > > I have tested Session-Timeout="until 1800" parameter and does not work. > > The config is: Ascend TNT, Radiator 2.14.1 with new AuthGeneric.pm module on > Debian Linux and here is the user file and the config file and the logfile. > > I have radiator main server and i have created a proxy. Main server sends > the requests to this server. By the way, main server is still in 2.13 > version. Does it matter? > Yeah, the Ascends like Ascend-Maximum-Time, so use that instead. Unfortunately unless the code is cleverer than it looks to me (not unlikely) you'll have to butcher the code slightly so that it uses the Ascend attribute rather than the standard RADIUS one. Should be a simple search and replace. [EMAIL PROTECTED] === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Session Timeout Until xx:xx
Title: RE: (RADIATOR) Session Timeout Until xx:xx And when I look into Ascend manual, it gives: ATTRIBUTE Ascend-Maximum-Time 194 integer attribute where there is no Session-Timeout field. > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of Hugh Irvine > Sent: Wednesday, December 01, 1999 12:26 AM > To: Ferhat DILMAN; [EMAIL PROTECTED] > Subject: Re: (RADIATOR) Session Timeout Until xx:xx > > > > Hello Ferhat - > > On Tue, 30 Nov 1999, Ferhat DILMAN wrote: > > >%_Hi, > > The module AuthGeneric in 2.1.14 patch area states that: > > 28/9/99 New version of AuthGeneric supports a new format > for Session-Timeout > > reply items:. > > If you have for example: Session-Timeout="until 1800" Then the > > Session-Timeout in the reply will be calculated as the > number of seconds up > > until the time of day specified > > > > However, I am puzzled since I don't understand how to use > this extra string > > in AuthBy SQL module. Is it possible to use a parameter in > AuthGeneric > > inside AuthSQL ? > > AuthSQL (and all other Authxxx modules) inherits from (is built on) > AuthGeneric, so anything in AuthGeneric is also usable in AuthSQL. > > Keep in mind also that Session-Timeout is a standard reply > item and as such can > be sent in any Access-Accept packet. You should have a look > at Section 13 in > the manual - Check and Reply Items. These can be used in a > variety of places in > Radiator: as Handler check items, as AuthBy reply items, and > as check and reply > items in user definitions. > > You could use Session-Timeout in an AuthBy SQL like this: > > > > DBSource ... > DBAuth ... > DBUsername ... > ... > AddToReply Session-Timeout = "until 1800" > ... > > > > and of course there are lots of other possibilities... > > hth > > Hugh > > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, > NT, Rhapsody > > === > Archive at http://www.thesite.com.au/~radiator/ > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Session Timeout Until xx:xx
Title: RE: (RADIATOR) Session Timeout Until xx:xx Hi, I have tested Session-Timeout="until 1800" parameter and does not work. The config is: Ascend TNT, Radiator 2.14.1 with new AuthGeneric.pm module on Debian Linux and here is the user file and the config file and the logfile. I have radiator main server and i have created a proxy. Main server sends the requests to this server. By the way, main server is still in 2.13 version. Does it matter? Anybody tested this new parameter? P.S. I have added the Ascend attribute into the dictionary: ATTRIBUTE Session-Timeout 27 integer radius.cfg sample test file: Foreground LogStdout LogDir /var/radius DbDir /usr/local/etc LogFile %L/logfile DictionaryFile %D/dictionary.ascend Trace 5 Secret XXX DupInterval 300 IgnoreAcctSignature Filename %D/users DefaultReply User-Service = Framed-User,\ Framed-Protocol = PPP,\ Framed-Netmask = 255.255.255.0,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP AddToReply Session-Timeout = "until 1555" AcctLogFileName %L/detail users file: fred User-Password = "", Time = "Al0800-1555" logfile: Mon Dec 6 15:50:15 1999: DEBUG: Reading users file /usr/local/etc/users Mon Dec 6 15:50:15 1999: INFO: Server started Mon Dec 6 15:50:50 1999: DEBUG: Packet dump: *** Received from 212.133.133.5 port 49464 Packet length = 114 01 13 00 72 b7 43 50 8b 91 90 8e 7d 42 b2 3b 6e b6 95 c1 76 01 06 66 72 65 64 02 12 0d 3b 5a 3d 83 ba bf 8d c5 2e c9 73 1e fb 02 6f 20 11 32 31 32 2e 31 33 33 2e 31 33 33 2e 32 30 32 05 06 00 00 00 c1 3d 06 00 00 00 00 06 06 00 00 00 02 07 06 00 00 00 01 18 02 1f 10 30 30 39 30 32 31 36 34 35 39 32 34 35 33 2c 0b 32 38 31 35 38 38 31 39 33 Code: Access-Request Identifier: 19 Authentic: <183>CP<139><145><144><142>}B<178>;n<182><149><193>v Attributes: User-Name = "fred" Password = "<13>;Z=<131><186><191><141><197>.<201>s<30><251><2>o" NAS-Identifier = "212.133.133.202" NAS-Port = 193 NAS-Port-Type = Async User-Service = Framed-User Framed-Protocol = PPP State = "" Caller-Id = "00902164592453" Acct-Session-Id = "281588193" Mon Dec 6 15:50:50 1999: DEBUG: Handling request with Handler 'Realm=DEFAULT' Mon Dec 6 15:50:50 1999: DEBUG: Deleting session for fred, 212.133.133.202, 193 Mon Dec 6 15:50:50 1999: DEBUG: Handling with Radius::AuthFILE Mon Dec 6 15:50:50 1999: DEBUG: Radius::AuthFILE looks for match with fred Mon Dec 6 15:50:50 1999: DEBUG: Radius::AuthFILE ACCEPT: Mon Dec 6 15:50:50 1999: DEBUG: Access accepted for fred Mon Dec 6 15:50:50 1999: DEBUG: Packet dump: *** Sending to 212.133.133.5 port 49464 Code: Access-Accept Identifier: 19 Authentic: <183>CP<139><145><144><142>}B<178>;n<182><149><193>v Attributes: User-Service = Framed-User Framed-Protocol = PPP Framed-Netmask = 255.255.255.0 Framed-Routing = None Framed-MTU = 1500 Framed-Compression = Van-Jacobson-TCP-IP Session-Timeout = until 1555 Mon Dec 6 15:50:51 1999: DEBUG: Packet dump: *** Received from 212.133.133.5 port 49464 Packet length = 158 04 14 00 9e 69 ad fb ae 68 de f7 c4 8e 53 b0 d9 61 76 a0 10 01 06 66 72 65 64 20 11 32 31 32 2e 31 33 33 2e 31 33 33 2e 32 30 32 05 06 00 00 00 c1 3d 06 00 00 00 00 28 06 00 00 00 01 29 06 00 00 00 00 2c 0b 32 38 31 35 38 38 31 39 33 2d 06 00 00 00 01 bb 06 00 00 05 c3 bc 06 00 00 00 00 33 06 00 00 00 01 32 0a 30 30 30 30 30 35 63 33 78 06 00 00 00 0d 79 06 00 00 00 05 7a 06 00 00 00 01 1f 10 30 30 39 30 32 31 36 34 35 39 32 34 35 33 07 06 00 00 01 06 08 06 d4 85 88 14 Code: Accounting-Request Identifier: 20 Authentic: i<173><251><174>h<222><247><196><142>S<176><217>av<160><16> Attributes: User-Name = "fred" NAS-Identifier = "212.133.133.202" NAS-Port = 193 NAS-Port-Type = Async Acct-Status-Type = Start Acct-Delay-Time = 0 Acct-Session-Id = "281588193" Acct-Authentic = RADIUS Ascend-Multilink-ID = 1475 Ascend-Num-In-Multilink = 0 Acct-Link-Count = "<0><0><0><1>" Acct-Multi-Session-Id = "05c3" Ascend-Modem-PortNo = 13 Ascend-Modem-SlotNo = 5 Ascend-Modem-ShelfNo = 1 Caller-Id = "0090216459245
Re: (RADIATOR) Session Timeout Until xx:xx
Hello Ferhat - On Tue, 30 Nov 1999, Ferhat DILMAN wrote: > >%_Hi, > The module AuthGeneric in 2.1.14 patch area states that: > 28/9/99 New version of AuthGeneric supports a new format for Session-Timeout > reply items:. > If you have for example: Session-Timeout="until 1800" Then the > Session-Timeout in the reply will be calculated as the number of seconds up > until the time of day specified > > However, I am puzzled since I don't understand how to use this extra string > in AuthBy SQL module. Is it possible to use a parameter in AuthGeneric > inside AuthSQL ? AuthSQL (and all other Authxxx modules) inherits from (is built on) AuthGeneric, so anything in AuthGeneric is also usable in AuthSQL. Keep in mind also that Session-Timeout is a standard reply item and as such can be sent in any Access-Accept packet. You should have a look at Section 13 in the manual - Check and Reply Items. These can be used in a variety of places in Radiator: as Handler check items, as AuthBy reply items, and as check and reply items in user definitions. You could use Session-Timeout in an AuthBy SQL like this: DBSource ... DBAuth ... DBUsername ... ... AddToReply Session-Timeout = "until 1800" ... and of course there are lots of other possibilities... hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Session Timeout Until xx:xx
Title: Session Timeout Until xx:xx Hi, The module AuthGeneric in 2.1.14 patch area states that: 28/9/99 New version of AuthGeneric supports a new format for Session-Timeout reply items:. If you have for example: Session-Timeout="until 1800" Then the Session-Timeout in the reply will be calculated as the number of seconds up until the time of day specified However, I am puzzled since I don't understand how to use this extra string in AuthBy SQL module. Is it possible to use a parameter in AuthGeneric inside AuthSQL ? Regards, Ferhat
Re: (RADIATOR) Session timeout.
On Thu, Aug 12, 1999 at 09:04:51AM -0500, Dennis Khaw wrote: > Hi everyone, > > I'm new to Radiator and currently setting it up for the first time. > Please bear with me if this is a common question. > > How do I set the session timeout for each login? If setting a session > timout is possible, could I also setup different timeouts for different > realms? I do not see a command similar to that in the Radiator manual. > > BTW, I'm not using any database for authentication. I'm using a authby > UNIX and authby tacacplus. > Hmm, those two AuthBys don't give you a lot of flexibility, but you can use AddToReply to send a session timeout for each AuthBy. You'll have to find out what RADIUS attribute your NAS will take to limit a session to a certain time. ... AddToReply Session-Timeout = 14400 ... [EMAIL PROTECTED] === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Session timeout.
Hi everyone, I'm new to Radiator and currently setting it up for the first time. Please bear with me if this is a common question. How do I set the session timeout for each login? If setting a session timout is possible, could I also setup different timeouts for different realms? I do not see a command similar to that in the Radiator manual. BTW, I'm not using any database for authentication. I'm using a authby UNIX and authby tacacplus. Thanks in advance... Dennis === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Session timeout
Hello Josh, On Jun 18, 3:33pm, Josh Bressers wrote: > Subject: (RADIATOR) Session timeout > Does anyone know if a session timeout flag exists in radiator? > Basically if a user is logged on for too long, kick em off. If you NAS supports it (most do), you can use a reply item: Session-Timeout= The NAS will then kick them off when the session gets to that number of seconds. Hope that helps. Cheers. > > JB > > === > Archive at http://www.thesite.com.au/~radiator/ > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. >-- End of excerpt from Josh Bressers -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Session timeout
On Fri, Jun 18, 1999 at 03:33:56PM -0500, Josh Bressers wrote: > Does anyone know if a session timeout flag exists in radiator? > Basically if a user is logged on for too long, kick em off. > Radiator can send Session-Timeout or Ascend-Maximum-Time back to the NAS, but it's up to the NAS to interpret and disconnect the user. [EMAIL PROTECTED] === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Session timeout
Does anyone know if a session timeout flag exists in radiator? Basically if a user is logged on for too long, kick em off. JB === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.