I've enabled the "Reauthenticate connected users every minute", and apparently it's working. I'm getting a new "login OK" message in the freeradius box every minute, and the user is working normally.
Th only strange thing is that when I enabled this option, I got the following message in the logs:
Oct 9 09:51:18 teste pftpx[470]: #175 client write error: 34
Which is quite odd, since I dont recall installing ftp services in the box. Of course, It may also be a coincidence that this message apeared about the same time I enabled this option.
It's an interesting feature, but brings a problem: On our box we have about 100-200 simultaneous users. With that many users, the log files in the radius box would become useless, due to the flooding of continuous reauthentication messages. :-(
About accounting, i have it enabled and intend to use in production. Unless I did understand something incorrectly, the accounting messages are reaching the radius server as expected.
Roberto
On 10/6/06, Roberto Greiner < [EMAIL PROTECTED]> wrote:
> Ok,
>
> monday morning I will try it. The system is scheduled to enter
> production midday, but before that I can still tinker with it. As soon
> as it's done I will report it.
>
> Roberto
>
> Holger Bauer wrote:
> > As you seem to have a testsetup available please can you test reauthenticate user every minute and accounting too and report back?
> >
> > Holger
> >
> >
> >> -----Original Message-----
> >> From: Roberto Greiner [mailto: [EMAIL PROTECTED]]
> >> Sent: Friday, October 06, 2006 5:25 PM
> >> To: [email protected]
> >> Subject: [pfSense Support] Radius Session-Timeout
> >>
> >>
> >> I've made a test with the Radius Session-Timeout attributes,
> >> but somehow
> >> it didn't work.
> >>
> >> First I tried using the "Hard timeout" option from the Captive Portal
> >> page, and after 45 minutes, as I had programmed, the client was
> >> disconnected. After that, I left the Hard timeout field blank and
> >> enabled the "Use RADIUS Session-Timeout attributes", but nothing
> >> happened. The radius server is sending the attributes with a value of
> >> 28800 (8 hours), but the user wasn't disconnected.
> >>
> >> I tried the same thing again again reducing the time to 1800 (30
> >> minutes), then to 900 (15 minutes), but again the client wasn't
> >> disconnected. I've checked the reply packets from the radius server
> >> (Freeradius 1.1.3), and the Session-Timeout attribute is being sent
> >> properly. The Radius is sending the following attributes,
> >> along with the
> >> authorization:
> >>
> >> Framed-Compression=Van-Jacobsen-TCP-IP
> >> Framed-Protocol=PPP
> >> Service-Type=Framed-User
> >> Framed-MTU=1500
> >> Session-Timeout=1800
> >>
> >> In short, using the "Hard Timeout" options seems to be
> >> working properly,
> >> but "Use RADIUS Session-Timeout attributes" is not.
> >>
> >> Roberto
> >>
> >>
--
--
-------------------------------------------------------------------
| Marcos Roberto Greiner |
| |
| Os otimistas acham que estamos no melhor dos mundos |
| Os pessimistas tem medo de que isto seja verdade |
| Murphy |
-------------------------------------------------------------------
| [EMAIL PROTECTED] |
-------------------------------------------------------------------
