(RADIATOR) how do you guys handle your users' left time, using Radiator?

Masuod - radiator at irangate.net
Thu Oct 25 09:15:35 CDT 2001 

Dear anybody,
In order to ba able to automatically end the remote users' sessions
on our Cisco NAS, we need to enable session-timeout attr on the
Radiator, and Cisco. I've read lots and lots of your mails, and Cisco
documents, which have helped me a lot, but still no good!
Has anyone solved this issue? I'd really appreciate your help.
Followings are the configurations I've done on my cisco and radiator.
I know that the Radiator sends the attribute correctly,(according to
the log included below) but somehow Cisco discards this information.

If this is not possible, how do you guys handle your users' left
time, using Radiator?(disconnecting it when the time is over!)


MANY MANY THANKS ALREADY!





Thu Oct 25 16:46:31 2001: DEBUG: Packet dump:
*** Received from x.x.x.x port 1645 ....
Code:       Access-Request
Identifier: 43
Authentic:  <227><226><225>@z<218>[<137><15><29>i<6>z<0><136><175>
Attributes:
	NAS-IP-Address = x.x.x.x
	NAS-Port = 47
	NAS-Port-Type = Async
	User-Name = "14w560"
	User-Password = "|<219><243><164>f<135><17><14>4#V<23><244>1<242>+"
	Service-Type = Framed-User
	Framed-Protocol = PPP

Thu Oct 25 16:46:31 2001: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Thu Oct 25 16:46:31 2001: DEBUG:  Deleting session for 14w560,
217.219.1.12, 47
Thu Oct 25 16:46:31 2001: DEBUG: Handling with Radius::AuthSQL
Thu Oct 25 16:46:31 2001: DEBUG: Handling with Radius::AuthSQL:
IrangateSQL
Thu Oct 25 16:46:31 2001: DEBUG: Query is: select passwd,timeleft
from users where tac_id='14w560'

Thu Oct 25 16:46:31 2001: DEBUG: Radius::AuthSQL looks for match with
14w560
Thu Oct 25 16:46:31 2001: DEBUG: Radius::AuthSQL ACCEPT: 
Thu Oct 25 16:46:31 2001: DEBUG: Access accepted for 14w560
Thu Oct 25 16:46:31 2001: DEBUG: Packet dump:
*** Sending to 217.219.1.12 port 1645 ....
Code:       Access-Accept
Identifier: 43
Authentic:  <227><226><225>@z<218>[<137><15><29>i<6>z<0><136><175>
Attributes:
	Session-Timeout = 733





----------------Radiator configuration follows:

Foreground
LogStdout
LogDir		.
DbDir		.
Trace 4

<Client DEFAULT>
	Secret	mysecret
	DupInterval 0
</Client>

<Client x.x.x.x>
	Secret	xxxx
	DupInterval 0
</Client>

<AuthBy SQL>
	DBSource		dbi:ODBC:NTTacDB
	DBUsername	sa
	DBAuth		xxxxx
	Identifier	SQL1
	AuthSelect         select passwd,timeleft from users where id='%n'
	AuthColumnDef 	0, User-Password, check
	AuthColumnDef 	1, Session-Timeout, reply	
	NoDefault
</AuthBy>


<Realm DEFAULT>
	AuthBy	SQL1
</Realm>


------ NAS configuration follows:

Current configuration : 4587 bytes                                  
! 
version 12.1            
service timestamps debug uptime                               
service timestamps log uptime                             
no service password-encryption                              
! 
hostname Access_Srv3                    
! 
aaa new-model             

aaa authentication ppp default group radius
aaa accounting network default start-stop group radius
enable secret 5 xxxxxxx    
enable password password                        
! 
ip subnet-zero              

ip name-server 198.81.209.2                           
ip name-server 195.146.32.1                           
! 
! 
! 
! 
interface Ethernet0/0                     
 ip address x.x.x.x 255.255.255.0 secondary                          

 ip address x.x.x.x 255.255.255.0                                    

! 
interface Group-Async1                      
 ip unnumbered Ethernet0/0                          
 ip access-group 190 in                       
 ip wccp web-cache redirect out                               
 encapsulation ppp                  
 async mode interactive                       
 peer default ip address pool (213)                                   
 ppp authentication pap                       
 group-range 33 48                  
! 
ip local pool (213) x.x.x.x x.x.x.x
ip local pool (217) x.x.x.x x.x.x.x                              
ip classless            
ip route 0.0.0.0 0.0.0.0 x.x.x.x
no ip http server                 
! 
tacacs-server host x.x.x.1                                           
tacacs-server host x.x.x.2
tacacs-server timeout 10                        
tacacs-server key xxxxxxxxx
snmp-server community xxxxx RO 15
radius-server host x.x.x.x auth-port 1645 acct-port 1646
radius-server retransmit 3
radius-server key xxxxxxx
!
line con 0
 transport input none
line 33 48
 session-timeout 15
 modem InOut
 modem autoconfigure discovery
 autocommand  ppp
 transport input all
 autoselect during-login
 autoselect ppp
 stopbits 1
 flowcontrol hardware
line aux 0
line vty 0 4
 password xxxxxxx
!
end

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list