[ previous ] [ next ] [ threads ]
 
 From:  "Jonathan De Graeve" <Jonathan dot DeGraeve at imelda dot be>
 To:  "Holger Bauer" <Holger dot Bauer at citec dash ag dot de>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Radius Accounting problems using WinRadius
 Date:  Thu, 24 Aug 2006 18:59:37 +0200
Apperently you didn't read the mail message quite well OR I formulated
it bad?

By following the RFC2866 really strict the timecounter isn't updated
while using radius interim messages in the current version.

I'm going to change this behaviour into the next commit

J.

--
Jonathan De Graeve
Network/System Engineer
Imelda vzw
Informatica Dienst
015/50.52.98
Jonathan dot de dot graeve at imelda dot be 
> -----Oorspronkelijk bericht-----
> Van: Holger Bauer [mailto:Holger dot Bauer at citec dash ag dot de]
> Verzonden: donderdag 24 augustus 2006 17:41
> Aan: Jonathan De Graeve; m0n0wall at lists dot m0n0 dot ch
> Onderwerp: RE: [m0n0wall] Radius Accounting problems using WinRadius
> 
> I also tried interim updates but besides that I see interim in the
> radiuslogs at the server the timecounter doesn't expire so the user is
> always authenticated. Tried this with 1.23b1 and 1.22 btw. Is there
any
> radiusserver that you can recommend that is working for this scenario?
> 
> Thanks in advance,
> Holger
> 
> > -----Original Message-----
> > From: Jonathan De Graeve [mailto:Jonathan dot DeGraeve at imelda dot be]
> > Sent: Thursday, August 24, 2006 5:26 PM
> > To: Holger Bauer; m0n0wall at lists dot m0n0 dot ch
> > Subject: RE: [m0n0wall] Radius Accounting problems using WinRadius
> >
> >
> > > I want to setup a cpative portal in a hotspot scenario
> > where a radius
> > > server does accounting and logs out the user after his time has
> > expired.
> > > I'm using winradius as radius server. m0n0 is configured to send
out
> > > start/stop accounting information and reathenticate user
> > every minute.
> >
> > Use interim accounting and see M0n0wall ml with subject: M0n0wall &
> > RFC2866 compliance.
> >
> > I've got no reaction on this mail so I will commit the
> > necessary change
> > soon.
> >
> > > Basically it works but the time is not handled correctly.
> > m0n0 always
> > > sends the complete time since the user is only (for example
> > if he was
> > > online for 2 minutes it sends "120") but the radius server handles
> > this as
> > > delta since the last update.
> > >
> > > User has a 5 minute Account:
> > > reauthentication/update after 1st minute:  60 seconds
> > > reauthentication/update after 2nd minute: 120 seconds
> > > reauthentication/update after 3rd minute: 180 seconds
> > > reauthentication/update after 4th minute: 240 seconds
> > > reauthentication/update after 5th minute: 300 seconds
> > >
> > > WinRadius counts down in the following way:
> > > User has 300 seconds account:
> > > after 1st minute -60=240 left
> > > after 2nd minute -120=120 left
> > > after 3rd minute -180=-60 account expired
> > >
> > > So the user only got 3 minutes instead of 5 and this becomes even
> > worse
> > > with higher numbers. I'm not sure if this is a problem with
> > winradius
> > or
> > > the captive portal. However I have not found a setting to
> > change this
> > > behaviour in winradius or m0n0.
> >
> > It's not a M0n0 problem
> >
> > >
> > > Anybody have a clue how to fix this or at which end the problem is
> > > located? Which is the correct behaviour? Would switching to
another
> > > radiusserver help, if yes, what radiusserver is recommended to
work
> > > correct in that situation? Preferably a free one that however
should
> > be
> > > windowsbased.
> > >
> > > Thanks for any suggestions,
> > > Holger
> > >
> > >
> >
---------------------------------------------------------------------
> > > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > >
> > >
> >
> > --
> > Jonathan De Graeve
> > Network/System Engineer
> > Imelda vzw
> > Informatica Dienst
> > +32 15/50.52.98
> > jonathan dot de dot graeve at imelda dot be
> >
> > ---------
> > Always read the manual for the correct way to do things because the
> > number of incorrect ways to do things is almost infinite
> > ---------
> >
>