help-gnu-radius
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[2]: [Help-gnu-radius] How it do 'logout' ?

From: Азамат Альмухаметов
Subject: Re[2]: [Help-gnu-radius] How it do 'logout' ?
Date: Tue, 25 Nov 2003 00:01:34 +0300 
> > i guess my NAS (3Com 1500 RAS) sends illegal 'port' and 'session_id' when 
> > user logout.. :(
> 
> You can verify it in your /var/log/radacct/<nasname>/detail file. The
> triple (username,session_id,port) must be unique for each session,
> otherwise no proper accounting is possible. If your NAS sends
> non-matching values for the end of a session, you will have to
> apply some rewriting procedure to fix them. Please refer to
> 
> http://www.gnu.org/software/radius/manual/html_chapter/radius_11.html#SEC171
> 
> Did anybody else have the same problems with 3Com 1500 RAS, please?
> 
> Regards,
> Sergey

Thank you for support, Sergey! I didnt refer the rewrite documention. My 
accounting based on Mysql, so i wrote script in perl, which controls 
'Simultaneous-Use = 1' (so i ignore 'radwho's radwtmp)

-------- users-----------
DEFAULT Group = "day", Auth-Type = SQL,
    Login-Time = "Al0800-2100"
    Exec-Program-Wait = "/usr/local/bin/sqlauth.pl \
    %C{User-Name} \
    %C{NAS-Port-Id}"
-------- /users ----------

------------- sqlauth.pl ----------
#!/usr/bin/perl

#
# select a 'calls' table and found active users
# by aza 24 nov 2003

use DBI;

my $serverName = "localhost";
my $serverPort = "3306";
my $serverUser = "some-db-user";
my $serverPass = "his-passwd";
my $serverDb = "RADIUS";
my $Table_calls = "calls";

$LOGFILE = "/var/log/radius-check.log";

($user, $port) = @ARGV;

if (!$user || !$port) {
    logmessage("Error: Missing parameters");
    print "Reply-Message = Error-Missing-parameters";
    exit(1);
}

my ($dbh, $sth, @row);
$dbh = 
DBI->connect("DBI:mysql:database=$serverDb;host=$serverName;port=$serverPort",$serverUser,$serverPass);
$sth = $dbh->prepare("SELECT status,user_name FROM $Table_calls WHERE 
status=1");
$sth->execute;

while(@row = $sth->fetchrow_array)
{
    if ($user eq $row[1]) { $user_online = 1; }         # found user with 
status=1
}
$sth->finish;
$dbh->disconnect;

if ($user_online != 1)
{
    logmessage("OK: Login");
    print "Service-Type = Framed,Framed-Protocol = PPP,Framed-IP-Netmask = 
255.255.255.255";
    exit(0);
}
else
{
    logmessage("Error: User alredy logged");
    print "Reply-Message = User-alredy-logged";
    exit(1);
}

# logging sub
sub logmessage {
    my ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst) = 
localtime(time);
    my $dateString = sprintf "%02d/%02d/%d %02d:%02d:%02d", $mday, $mon+1, 
1900+$year, $hour, $min, $sec;
    open (LOGFILE, ">>$LOGFILE");
    print LOGFILE "$dateString $_[0] [$user/$port]\n";
    close (LOGFILE);
}

--------------- /sqlauth.pl -----------------

by default there is 'acct_session_time' for each complet users session! So you 
can upgrade this script to control 'users-hours per day'  etc...

Thank you, gnu-radius! Thank you Sergey!

p.s. do you see some realy bugs in this script, please?
reply via email to
[Prev in Thread] Current Thread [Next in Thread]