|
From: | Stuart Stevenson |
Subject: | RE: [Radiusplugin-users] Stale Users / Checking |
Date: | Sun, 9 Jan 2011 15:23:45 -0000 |
Hi Ed, I came across this same problem a while ago. There is no definitive way for OpenVPN and Freeradius to sync together in a way to get rid of stale sessions. This has to be handled solely on Freeradius. To be able to properly identify stale sessions, I implemented a ‘modified’ column in the radacct MySQL table. This field gets updated with the MySQL function NOW() when accounting_start_query and accounting_update_query are called (in dialup.conf). I have a PHP script that runs the following query: UPDATE radacct SET acctstoptime = NOW() WHERE acctstoptime IS NULL AND modified < (NOW() - INTERVAL '3' MINUTE) This checks to see if any sessions that the radiusplugin or radius server thinks is active (acctstoptime IS NULL), and hasn’t been updated in the last 3 minutes (I have Acct-Interim-Interval = 60 set), then consider it a stale session and end it. Another way could be to set the new column ‘modified’ to be ‘on update CURRENT_TIMESTAMP’ – thus, requiring no modifications to dialup.conf. Regards, Stuart. From: address@hidden [mailto:address@hidden On Behalf Of Ed Stout
- How should stale users be handled when using this plugin? - Can they be if the stop message is not received? For arguments sake, the server goes down and users are redirected to a new server. There doesnt appear to be a way to do a check from the radius server to the OpenVPN server as to whether the user is still active, as far as OpenVPN is concerned - Im using FreeRadius with MySQL backend and SQL accounting. |
[Prev in Thread] | Current Thread | [Next in Thread] |