Thank you for testing. I know that reauthenticating users every minute is not a good solution with that lot of users. Also it won't work too well with lots of users as the captive portal only can start one auth-request at a time. It will start to not work when you have around 50 users and more that need to be reauthenticated every minute. Jonathan DeGraeve is working on a new version of the captive portal for m0n0 that should support multiple threads. Once that version is available in m0n0 we'll sync it over but for now we have to live with what we have. We are not planning to do much work on the captive portal as Jonathan is doing a great job and we don't want to divert from m0n0 therefore too much so we can sync it over. So everything regarding the captive portal (features, bugs) should be rather discussed at the m0n0 list (and be tested with m0n0 first) unless it works with m0n0 but not with pfsense.
Holger -----Original Message----- From: Roberto Greiner [mailto:[EMAIL PROTECTED] Sent: Monday, October 09, 2006 3:32 PM To: [email protected] Subject: Re: [Fwd: Re: [pfSense Support] Radius Session-Timeout] Holger, I've enabled the "Reauthenticate connected users every minute", and apparently it's working. I'm getting a new "login OK" message in the freeradius box every minute, and the user is working normally. Th only strange thing is that when I enabled this option, I got the following message in the logs: Oct 9 09:51:18 teste pftpx[470]: #175 client write error: 34 Which is quite odd, since I dont recall installing ftp services in the box. Of course, It may also be a coincidence that this message apeared about the same time I enabled this option. It's an interesting feature, but brings a problem: On our box we have about 100-200 simultaneous users. With that many users, the log files in the radius box would become useless, due to the flooding of continuous reauthentication messages. :-( About accounting, i have it enabled and intend to use in production. Unless I did understand something incorrectly, the accounting messages are reaching the radius server as expected. Roberto On 10/6/06, Roberto Greiner < [EMAIL PROTECTED]> wrote: > Ok, > > monday morning I will try it. The system is scheduled to enter > production midday, but before that I can still tinker with it. As soon > as it's done I will report it. > > Roberto > > Holger Bauer wrote: > > As you seem to have a testsetup available please can you test > > reauthenticate user every minute and accounting too and report back? > > > > Holger > > > > > >> -----Original Message----- > >> From: Roberto Greiner [mailto: [EMAIL PROTECTED] > >> Sent: Friday, October 06, 2006 5:25 PM > >> To: [email protected] > >> Subject: [pfSense Support] Radius Session-Timeout > >> > >> > >> I've made a test with the Radius Session-Timeout attributes, > >> but somehow > >> it didn't work. > >> > >> First I tried using the "Hard timeout&quo t; option from the Captive > >> Portal > >> page, and after 45 minutes, as I had programmed, the client was > >> disconnected. After that, I left the Hard timeout field blank and > >> enabled the "Use RADIUS Session-Timeout attributes", but nothin g > >> happened. The radius server is sending the attributes with a value of > >> 28800 (8 hours), but the user wasn't disconnected. > >> > >> I tried the same thing again again reducing the time to 1800 (30 > >> minutes), then to 900 (15 minutes), but again the client wasn't > >> disconnected. I've checked the reply packets from the radius server > >> (Freeradius 1.1.3), and the Session-Timeout attribute is being sent > >> properly. The Radius is sending the following attributes, > >> along with the > >> authorization: > >> > >> Framed-Compression=Van-Jacobsen-TCP-IP > >> Framed-Protocol=PPP > >> Service-Type=Framed-User > >> Framed-MTU=1500 > >> Session-Timeout=1800 > >> > >> In short, using the "Hard Timeout" options seems to be > >> working properly, > >> but "Use RADIUS Session-Timeout attributes" is not. > >> > >> Roberto > >> > >> -- -- -------------------------------------- ----------------------------- | Marcos Roberto Greiner | | &nbs p; | | Os otimistas acham que estamos no melhor dos mundos | | Os pessimistas tem medo de que isto seja verdade | | & nbsp; Murphy | ------------------------------------------------------------------- | & nbsp; [EMAIL PROTECTED] | ------------------------------------------------------------------- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
