[ previous ] [ next ] [ threads ]
 
 From:  "Ervin Malicdem" <schadow1 at gmail dot com>
 To:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Radius Accounting problems using WinRadius
 Date:  Fri, 25 Aug 2006 10:33:29 +0800
Hello!

I am new to radius and I am also trying to figure out how to create
time-limited accounts. I understand this is not yet possible for 1.23b1 as J
is still working on a new commit.

However, I would like to know how to make a time-limited account through
radius...the same way Holger is doing. So that the radius would be ready as
soon as J finally works out on the new commit.

Is it the Session-Timeout where we put a time-limit? Let's say I place a
value of 300 for Session-Timeout for a 5min account? Or is there another
attribute to do this?

Thanks!

On 8/25/06, Holger Bauer <Holger dot Bauer at citec dash ag dot de> wrote:
>
> Yes, that was probably some kind of missunderstanding at my end. Thanks
> for your hard work. Looking forward for that commit then.
>
> Holger
>
> > -----Original Message-----
> > From: Jonathan De Graeve [mailto:Jonathan dot DeGraeve at imelda dot be]
> > Sent: Thursday, August 24, 2006 7:00 PM
> > To: Holger Bauer; m0n0wall at lists dot m0n0 dot ch
> > Subject: RE: [m0n0wall] Radius Accounting problems using WinRadius
> >
> >
> > Apperently you didn't read the mail message quite well OR I formulated
> > it bad?
> >
> > By following the RFC2866 really strict the timecounter isn't updated
> > while using radius interim messages in the current version.
> >
> > I'm going to change this behaviour into the next commit
> >
> > J.
> >
> > --
> > Jonathan De Graeve
> > Network/System Engineer
> > Imelda vzw
> > Informatica Dienst
> > 015/50.52.98
> > Jonathan dot de dot graeve at imelda dot be
> > > -----Oorspronkelijk bericht-----
> > > Van: Holger Bauer [mailto:Holger dot Bauer at citec dash ag dot de]
> > > Verzonden: donderdag 24 augustus 2006 17:41
> > > Aan: Jonathan De Graeve; m0n0wall at lists dot m0n0 dot ch
> > > Onderwerp: RE: [m0n0wall] Radius Accounting problems using WinRadius
> > >
> > > I also tried interim updates but besides that I see interim in the
> > > radiuslogs at the server the timecounter doesn't expire so
> > the user is
> > > always authenticated. Tried this with 1.23b1 and 1.22 btw. Is there
> > any
> > > radiusserver that you can recommend that is working for
> > this scenario?
> > >
> > > Thanks in advance,
> > > Holger
> > >
> > > > -----Original Message-----
> > > > From: Jonathan De Graeve [mailto:Jonathan dot DeGraeve at imelda dot be]
> > > > Sent: Thursday, August 24, 2006 5:26 PM
> > > > To: Holger Bauer; m0n0wall at lists dot m0n0 dot ch
> > > > Subject: RE: [m0n0wall] Radius Accounting problems using WinRadius
> > > >
> > > >
> > > > > I want to setup a cpative portal in a hotspot scenario
> > > > where a radius
> > > > > server does accounting and logs out the user after his time has
> > > > expired.
> > > > > I'm using winradius as radius server. m0n0 is configured to send
> > out
> > > > > start/stop accounting information and reathenticate user
> > > > every minute.
> > > >
> > > > Use interim accounting and see M0n0wall ml with subject:
> > M0n0wall &
> > > > RFC2866 compliance.
> > > >
> > > > I've got no reaction on this mail so I will commit the
> > > > necessary change
> > > > soon.
> > > >
> > > > > Basically it works but the time is not handled correctly.
> > > > m0n0 always
> > > > > sends the complete time since the user is only (for example
> > > > if he was
> > > > > online for 2 minutes it sends "120") but the radius
> > server handles
> > > > this as
> > > > > delta since the last update.
> > > > >
> > > > > User has a 5 minute Account:
> > > > > reauthentication/update after 1st minute:  60 seconds
> > > > > reauthentication/update after 2nd minute: 120 seconds
> > > > > reauthentication/update after 3rd minute: 180 seconds
> > > > > reauthentication/update after 4th minute: 240 seconds
> > > > > reauthentication/update after 5th minute: 300 seconds
> > > > >
> > > > > WinRadius counts down in the following way:
> > > > > User has 300 seconds account:
> > > > > after 1st minute -60=240 left
> > > > > after 2nd minute -120=120 left
> > > > > after 3rd minute -180=-60 account expired
> > > > >
> > > > > So the user only got 3 minutes instead of 5 and this
> > becomes even
> > > > worse
> > > > > with higher numbers. I'm not sure if this is a problem with
> > > > winradius
> > > > or
> > > > > the captive portal. However I have not found a setting to
> > > > change this
> > > > > behaviour in winradius or m0n0.
> > > >
> > > > It's not a M0n0 problem
> > > >
> > > > >
> > > > > Anybody have a clue how to fix this or at which end the
> > problem is
> > > > > located? Which is the correct behaviour? Would switching to
> > another
> > > > > radiusserver help, if yes, what radiusserver is recommended to
> > work
> > > > > correct in that situation? Preferably a free one that however
> > should
> > > > be
> > > > > windowsbased.
> > > > >
> > > > > Thanks for any suggestions,
> > > > > Holger
> > > > >
> > > > >
> > > >
> > ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > > > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > > > >
> > > > >
> > > >
> > > > --
> > > > Jonathan De Graeve
> > > > Network/System Engineer
> > > > Imelda vzw
> > > > Informatica Dienst
> > > > +32 15/50.52.98
> > > > jonathan dot de dot graeve at imelda dot be
> > > >
> > > > ---------
> > > > Always read the manual for the correct way to do things
> > because the
> > > > number of incorrect ways to do things is almost infinite
> > > > ---------
> > > >
> > >
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>