Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 21 Feb 2001 23:44:29 -0600 (CST)
From:      Chuck Rock <carock@kira.epconline.net>
To:        david rhodus <sdrhodus@wildcatblue.com>
Cc:        Odhiambo Washington <wash@iconnect.co.ke>, freebsd-isp@FreeBSD.ORG
Subject:   Re: Expiring User accounts
Message-ID:  <Pine.BSF.4.21.0102212337110.56090-100000@kira.epconline.net>
In-Reply-To: <000001c09c6c$88337a90$577afea9@vghk>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
We use RADIUS here, and I have my connections logged off after 8 hours
on-line, and also after one hour of idle time.

I found my clues in the RADIUS program dorectory. Theres a dictionary file
that gives you a lot of options. The key is figuring out what your NAS
equipment uses for RADIUS commands.

We are using Nortel CVX1800 platform connected to our Cisco 3662 router. I
had to slightly customize the RADIUS dictionary, but the options I use in
my users file are as follows....

user	Password = "UNIX"
        User-Service = Framed-User,
        Framed-Protocol = PPP,
        Idle-Timeout = 2400,
        Session-Timeout = 28800,
        Framed-Routing = None

The idle timeout is in seconds as are the session timeout. When the limits
are reached, it kicks the user from the system and in the RADIUS log, it
says the user was disconned as reason "Session Timeout"

I don't know exactly how it kicks the user, I assume it is some way the
Cisco router works with RADIUS. I can manually kick the users if I telnet
into the router, so either the router remembers that users RADIUS session
limits and kicks them as necessary, or something else does it.

I had to modify the RADIUS dictionary because it Ascend RADIUS, and the
Cisco router had some of it's own RADIUs phrases it recognizes. I had to
pull teeth on the Cisco open forum to get that information though.

Chuck Rock
EPC


On Wed, 21 Feb 2001, david rhodus wrote:

> I wish I could have something that would turn my users off after 200 hours
> of being online. I'm using radius to acut. them. Yet I don't know of
> anything yet that could do it.
> Is this kinda what your talking about? Does anyone else know how to do this?
> 
> ----- Original Message -----
> From: "Odhiambo Washington" <wash@iconnect.co.ke>
> To: "Lowell Gilbert" <lowell@world.std.com>
> Cc: "FBSD-ISP" <freebsd-isp@freebsd.org>
> Sent: Tuesday, February 20, 2001 11:59 PM
> Subject: Re: Expiring User accounts
> 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0102212337110.56090-100000>