[RADIATOR] Updating Session Timeout Max-Hourly

Heikki Vatiainen hvn at open.com.au
Fri Oct 28 15:58:53 CDT 2011 

On 10/28/2011 08:44 PM, SimonM123 wrote:

> Thanks. The problem is now my session timeout col. Do I need this and what
> should the value be before forst session? The first time a user logs in, the
> session timeout value is null? Do I need more logic in here ??

Since SESSIONTIMEOUT column value is returned as Session-Timeout reply
attribute, it would need to be initialised to seconds user is allowed to
stay logged in initially. Once the user is logged in, each accounting
request would then reset the time to (time left when this session
started - time currently logged in).

See http://tools.ietf.org/html/rfc2865#section-5.27 for more about
Session-Timeout

Thanks!
Heikki

> Heikki Vatiainen-4 wrote:
>>
>> On 10/27/2011 12:10 PM, SimonM123 wrote:
>>
>>> If I've posted this twice, I'm sorry - couldn't find the email I sent
>>> yesterday.
>>
>> Probably did not reach the list. I did not see it either.
>>
>>> We're using the Max-All and Max-Daily session in a customised sql.cfg.
>>>
>>>
>>>         AuthColumnDef     0,User-Password, check
>>>         AuthColumnDef     1,Max-Daily-Session,check
>>>         AuthColumnDef     2,Session-Timeout,reply
>>>
>>>
>>>         AuthSelect select PASSWORD, MAXDAILYSESSION, SESSIONTIMEOUT from
>>> SUBSCRIBERS where USERNAME=%0
>>>
>>>
>>>         AcctTotalQuery SELECT SUM(AcctSessionTime) FROM ACCOUNTING WHERE
>>> UserName=%0B
>>
>> The above should run when Max-All-Session is a check item.
>>
>>>         AcctTotalSinceQuery SELECT SUM(AcctSessionTime - GREATEST((%1 -
>>> UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM ACCOUNTING WHERE UserName=%0 AND
>>> UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > %1
>>
>> This should run with Max-Daily-Session. So it should run for your
>> Max-Daily-Session check item. When you run Radiator with Trace 4 you
>> should see this query in Radiator log when it runs.
>>
>>>        AcctSQLStatement update SUBSCRIBERS set SESSIONTIMEOUT =
>>> SESSIONTIMEOUT - 0%{AcctTotalSinceQuery} where USERNAME='%n'
>>>
>>> The last one I thought might decrease the session timeout on successful
>>> auth
>>> but it's not working.
>>
>> Try 0%{Acct-Session-Time} instead of 0%{AcctTotalSinceQuery}. This will
>> try to minus the value of Acct-Session-Time attribute for every received
>> accounting message. Also, it runs when accounting message is received,
>> not during auth(entication).
>>
>> You should see this in Trace 4 log too.
>>
>>> What's the best way to do this?
>>
>> Does the above help?
>>
>> Heikki
>>
>>
>> -- 
>> Heikki Vatiainen <hvn at open.com.au>
>>
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
>> NetWare etc.
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>>
>>
> 


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list