ocserv did not send stop accounting once user disconnected
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Tue Apr 28 07:05:25 PDT 2015
On Tue, Apr 28, 2015 at 2:23 PM, jafar habibi <iceberg.1369 at gmail.com> wrote:
> I have installed ocserv 0.10.4
> I can successfully authenticate against radius server. and accounting
> interim updates works well. but once user get disconnected ocserv
> dosn't send stop accounting to radius server and hence radius server
> treats it as a stale session.
> actually ocserv send stop session (stop accounting) after long delay
> after user gets disconnected and this makes a huge problem when
> simultaneous-us attribute is used in radius server cause user will not
> be able to login again until stop session packet is sent to radius
> server.
> so question is that how we can send stop accounting to radius server
> once user disconnected?
ocserv will send updates to radius every 5 minutes. That's why you see a delay.
Currently there is no way to modify that period except editing src/sec-mod.c and
modify MAINTAINANCE_TIME.
Said that, that behavior could be improved. Currently there are two types of
disconnection. Explicit user termination, and termination due to network (e.g.,
the mobile user turned off wireless). In the first case the disconnection of the
user is complete and the radius server will be notified on the next update.
However, in the second case, the connection is put in some "limbo" state and
the user can still reconnect using the cookie. On that state the
radius server will
not be notified, until that cookie expires.
So ocserv could be modified to immediately send the disconnection requests for
the first scenario, but there is no apparent fix for the "temporary"
disconnects, and
you'll have to cope with them anyway. So if that is acceptable, and
you'll be willing
to test I could modify ocserv in git to send user termination requests as soon.
regards,
Nikos
More information about the openconnect-devel
mailing list