[RADIATOR] Clearing stale user sessions

Hugh Irvine hugh at open.com.au
Fri May 11 06:55:02 UTC 2018 

Thanks Michael -

+1


> On 11 May 2018, at 11:12, Michael <ringo at vianet.ca> wrote:
> 
> Eric,
> 
> This missing Accounting-Stop is also a big problem for me.  When using usage billing, it means lost usage/bandwidth calculations. When using max time usage, it's lost time.  When using maximum simultaneous, it means new sessions cannot log back in.  One here and there is a problem for that individual case, but when I have a VPDN tunnel on the back side of the LNS quit and hundreds of pppoe sessions drop, I seem to have a ton of missing Stop packets.  I don't even yet know where they go and I'm not sure what's happening.
> 
> To battle this problem, i first setup Alive packets to constantly update my active session database.  Usage, current time, and other stuff is updated every 30 minutes.  I have a scripted process that scans the online data and if a sessions last-updated timestamp gets older than 30 minutes, it is possibly a dead session.  The process gathers all dead sessions, snmp queries the lns's to verify that they are in fact gone, and then as Hugh suggested bellow, sends a fake Accounting-Stop using radpwtst containing the last known Acct-IN/OUTput-Octets, a fake Acct-Terminate-Cause=session-lost reason, a calculated current_time - last_updated_time = Acct-Delay-Time, and everything else i need in the Stop.  With this delay time, the end result is a Stop packet is produced for current system time - Delay and therefore ends up being as close as you're gonna get with regards to usage and time.  The time the session was last known and confirmed to be online.
> 
> Was quite the complicated process, and very customized, but very necessary.
> 
> 
> Michael
> 
> 
> 
> On 05/10/2018 07:11 PM, Hugh Irvine wrote:
>> Hello Eric -
>> 
>> You should be able to use the “Delete” button in the “Current sessions” page.
>> 
>> See section 10 in the “user_help.pdf” guide in the “doc” directory of the Radmin distribution.
>> 
>> Otherwise, yes you could fake up an Accounting-Stop request using “radpwtst” in the Radiator distribution.
>> 
>> regards
>> 
>> Hugh
>> 
>> 
>>> On 10 May 2018, at 22:04, Eric W. Bates <ericx at whoi.edu> wrote:
>>> 
>>> On 5/9/2018 6:25 PM, Hugh Irvine wrote:
>>>> Hello Eric -
>>>> Where do you want to remove stale sessions?
>>>> RADUSAGE is where accounting data is stored.
>>>> Current sessions are normally stored in the RADONLINE table.
>>>> Do you mean remove entries from the RADONLINE table?
>>>> regards
>>>> Hugh
>>> I was guessing which table.
>>> 
>>> I occasionally have users on an ASA vpn who sometimes exceed their "maximum simultaneous connection limit" simply because the session stop message was lost. I want to clear those "open" sessions somehow.
>>> 
>>> Create an artificial "stop" record?
>>> Delete the original "start" record?
>>> Push a button in Radmin?
>>> 
>>> Thanks.
>>> 
>>>>> On 10 May 2018, at 01:05, Eric W. Bates <ericx at whoi.edu> wrote:
>>>>> 
>>>>> Is there an easy way to close clearly stale user sessions?
>>>>> 
>>>>> Do I have to delete the record from RADUSAGE with the matching ACCTSESSIONID?
>>>>> 
>>>>> -- 
>>>>> Clark 159a, MS 46
>>>>> 508/289-3112
>>>>> 
>>>>> _______________________________________________
>>>>> radiator mailing list
>>>>> radiator at lists.open.com.au
>>>>> http://lists.open.com.au/mailman/listinfo/radiator
>>>> --
>>>> Hugh Irvine
>>>> hugh at open.com.au
>>>> Radiator: the most portable, flexible and configurable RADIUS server
>>>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>>>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>>>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>>>> DIAMETER, SIM, etc.
>>>> Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.
>>> -- 
>>> Clark 159a, MS 46
>>> 508/289-3112
>> 
>> --
>> 
>> Hugh Irvine
>> hugh at open.com.au
>> 
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>> DIAMETER, SIM, etc.
>> Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.
>> 
>> _______________________________________________
>> radiator mailing list
>> radiator at lists.open.com.au
>> http://lists.open.com.au/mailman/listinfo/radiator
> 


--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc. 
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.

More information about the radiator mailing list