[RADIATOR] Clearing stale user sessions

Fri May 11 12:54:52 UTC 2018

Thanks.

We're an educational institution; so there's no billing. However, we 
keep a simultaneous login limit and that limit gets bumped because of 
errors. So I might try a similar hack.

Does use of RadSec reduce the number of lost Stop messages?

On 5/10/2018 9:12 PM, Michael wrote:
> Eric,
> 
> This missing Accounting-Stop is also a big problem for me.  When using 
> usage billing, it means lost usage/bandwidth calculations. When using 
> max time usage, it's lost time.  When using maximum simultaneous, it 
> means new sessions cannot log back in.  One here and there is a problem 
> for that individual case, but when I have a VPDN tunnel on the back side 
> of the LNS quit and hundreds of pppoe sessions drop, I seem to have a 
> ton of missing Stop packets.  I don't even yet know where they go and 
> I'm not sure what's happening.
> 
> To battle this problem, i first setup Alive packets to constantly update 
> my active session database.  Usage, current time, and other stuff is 
> updated every 30 minutes.  I have a scripted process that scans the 
> online data and if a sessions last-updated timestamp gets older than 30 
> minutes, it is possibly a dead session.  The process gathers all dead 
> sessions, snmp queries the lns's to verify that they are in fact gone, 
> and then as Hugh suggested bellow, sends a fake Accounting-Stop using 
> radpwtst containing the last known Acct-IN/OUTput-Octets, a fake 
> Acct-Terminate-Cause=session-lost reason, a calculated current_time - 
> last_updated_time = Acct-Delay-Time, and everything else i need in the 
> Stop.  With this delay time, the end result is a Stop packet is produced 
> for current system time - Delay and therefore ends up being as close as 
> you're gonna get with regards to usage and time.  The time the session 
> was last known and confirmed to be online.
> 
> Was quite the complicated process, and very customized, but very necessary.
> 
> 
> Michael
> 
> 
> 
> On 05/10/2018 07:11 PM, Hugh Irvine wrote:
>> Hello Eric -
>>
>> You should be able to use the “Delete” button in the “Current 
>> sessions” page.
>>
>> See section 10 in the “user_help.pdf” guide in the “doc” directory of 
>> the Radmin distribution.
>>
>> Otherwise, yes you could fake up an Accounting-Stop request using 
>> “radpwtst” in the Radiator distribution.
>>
>> regards
>>
>> Hugh
>>
>>
>>> On 10 May 2018, at 22:04, Eric W. Bates <ericx at whoi.edu> wrote:
>>>
>>> On 5/9/2018 6:25 PM, Hugh Irvine wrote:
>>>> Hello Eric -
>>>> Where do you want to remove stale sessions?
>>>> RADUSAGE is where accounting data is stored.
>>>> Current sessions are normally stored in the RADONLINE table.
>>>> Do you mean remove entries from the RADONLINE table?
>>>> regards
>>>> Hugh
>>> I was guessing which table.
>>>
>>> I occasionally have users on an ASA vpn who sometimes exceed their 
>>> "maximum simultaneous connection limit" simply because the session 
>>> stop message was lost. I want to clear those "open" sessions somehow.
>>>
>>> Create an artificial "stop" record?
>>> Delete the original "start" record?
>>> Push a button in Radmin?
>>>
>>> Thanks.
>>>
>>>>> On 10 May 2018, at 01:05, Eric W. Bates <ericx at whoi.edu> wrote:
>>>>>
>>>>> Is there an easy way to close clearly stale user sessions?
>>>>>
>>>>> Do I have to delete the record from RADUSAGE with the matching 
>>>>> ACCTSESSIONID?
>>>>>
>>>>> -- 
>>>>> Clark 159a, MS 46
>>>>> 508/289-3112
>>>>>
>>>>> _______________________________________________
>>>>> radiator mailing list
>>>>> radiator at lists.open.com.au
>>>>> http://lists.open.com.au/mailman/listinfo/radiator
>>>> -- 
>>>> Hugh Irvine
>>>> hugh at open.com.au
>>>> Radiator: the most portable, flexible and configurable RADIUS server
>>>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>>>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>>>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>>>> DIAMETER, SIM, etc.
>>>> Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.
>>> -- 
>>> Clark 159a, MS 46
>>> 508/289-3112
>>
>> -- 
>>
>> Hugh Irvine
>> hugh at open.com.au
>>
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>> DIAMETER, SIM, etc.
>> Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at lists.open.com.au
>> http://lists.open.com.au/mailman/listinfo/radiator
> 

-- 
Clark 159a, MS 46
508/289-3112

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4188 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.open.com.au/pipermail/radiator/attachments/20180511/c4a1d22b/attachment.p7s>