[RADIATOR] possible bug when AcctTotalSinceQuery == Max-Daily-Session

Heikki Vatiainen hvn at open.com.au
Wed Oct 16 15:53:04 CDT 2013

On 10/15/2013 05:47 PM, Francesc Romà i Frigolé wrote:

> When the total session time used for the day as given by the
> AcctTotalSinceQuery is exactly the same as Max-Daily-Session in the
> authentication request Radiator allows the user to log in. 
> Only if the session time exceed the max daily session, even by just one
> second, will Radiator complain about max session exceeded.

I would need to see your configuration to say what happens exactly, but
most likely this can happen. If the amount of used seconds is 86400,
this does not *exceed* one day, yet.

> Is this the correct behaviour? I'd expect also to get a session exceeded
> error when AcctTotalSinceQuery == Max-Daily-Session.

I think it currently does work as documented ' ... If it is exceeded,
the user is rejected. ...' says the reference manual for Max-Daily-Session.

> This behaviour is causing  issues for us because Radiator is returning
> an authentication "accept" with a zero session time, which Mikrotik
> RouterOS hotspotl interprets as infinite session length, rather than a
> session exceeded error.

I can see that returning Session-Timeout of 0 with Access-Accept will
cause problems in your case. The RADIUS RFC is silent about 0 being a
special value, but it appears there are other implementations too which
consider 0 to mean inifinity.

> Is this a bug or there is something wrong with my settings?

Maybe this is a gray area? You could consider e.g., a PostAuthHook to
see if Session-Timeout is going to be 0 and then switch the result to
reject. Might even be a good time to reject sessions that have only a
few seconds left?


Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list