failed to notify radius server after user disconnecting
Nikos Mavrogiannopoulos
nmav at gnutls.org
Fri Feb 20 00:40:03 PST 2015
On Fri, Feb 20, 2015 at 3:23 AM, 163 <huangjiesin at 163.com> wrote:
> Thanks for quick reply. here is the debug output for 0.9.0,which work
> correctly to notify radius server correctly after disconnecting.
[...]
> ocserv[678]: main[testuser]: 221.107.180.1:54063 sending msg sm: session
> close to sec-mod
> ocserv[679]: sec-mod: received request from pid 678 and uid 0
> ocserv[679]: sec-mod: cmd [size=26] sm: session close
> it seems that in the latest version, sec_auth_user_deinit is not called at
> all. Looking forward to you fixing this. Thank you again.
In 0.9.2 the radius server is not contacted immediately on disconnect.
It will be contacted if there no further connection which reuses the
cookie, when the cookie validity time expires. That is periodically
checked every 5 minutes. Could you verify that this actually happens
in your use case? If not how long is cookie timeout, and how long did
you wait after the user disconnected. If cookie-timeout is the default
(300 secs), you may need to wait up to 10 mins for the radius server
to be contacted.
regards,
Nikos
More information about the openconnect-devel
mailing list