Topic: STALE SESSIONS
I use Chillispot but frequently I have problems with **login** due stale sessions.
How can I solve this problem?
Any help is very welcome.
I want to solve this problem **definitively**!!!
Thanks,
mson77
You are not logged in. Please login or register.
I use Chillispot but frequently I have problems with **login** due stale sessions.
How can I solve this problem?
Any help is very welcome.
I want to solve this problem **definitively**!!!
Thanks,
mson77
One problem might be that if you allow only one login and restart your chilli process, the sessions will not be reset. I have created the following config to come around this problem:
1. Enable the following feature in the chilli.conf file:
# TAG: ipup
# Script executed after network interface has been brought up.
# Executed with the following parameters: <devicename> <ip address>
# <mask>
# Normally you do not need to uncomment this tag.
ipup /etc/chilli.ipup
2. Create the /etc/chilli.ipup file referenced above, and make it runnable (chmod 755):
#!/bin/sh
exec wget -q -O /dev/null http://www.myserver.com/chilli.ipup.php
3. Finally, create a PHP file that resets the stale login sessions:
<? // chilli.ipup.php
// Open permanent database connection
if (!($mylink = mysql_pconnect('sql_server', 'sql_username', 'sql_password'))) {
echo mysql_error();
exit;
}
mysql_select_db('sql_database',$mylink) or die(mysql_error());
$q="UPDATE radacct SET AcctStopTime=now(), AcctTerminateCause='Chillispot Restart' WHERE AcctStopTime ='0000-00-00 00:00:00'";
mysql_query($q) or die (mysql_error());
Hello ajauberg,
Thank you for your usefull information.
Best regards,
mson77
Hi ajauberg,
I guess this will not work if chillispot is in the router box (DD-WRT firmware) and everything else is in separated server? Sometime the chilli's daemon on the router restart out of nowhere and how can I make it exec the php script in the server from the router box?
Thanks.
Yes, you can, I am using OpenWRT in the exact same configuration.
#!/bin/sh
exec wget -q -O /dev/null http://www.myserver.com/chilli.ipup.php
This code is actually executed in the router box and calls the remote server
$q="UPDATE radacct SET AcctStopTime=now(), AcctTerminateCause='Chillispot Restart' WHERE AcctStopTime ='0000-00-00 00:00:00'"; mysql_query($q) or die (mysql_error());
I am doing this but yet this doesn't re-enable users login! This just resets the table.
Often I need to radzap the user, but yet this doesn't clear the radacct entry.
My users all have Acct-Interim-Interval := 60 in the radgroupreply table and Idle-Timeout := 600, but after NAS restart in radwho and radacct table I see stale users for ages!
may i suggest either define vars or edit manually this part
sql_server = my server or 127.0.0.1
sql_username = my user or radius
sql_password = my password or PASSWORD
sql_database= datebase to select
if (!($mylink = mysql_pconnect('<sql_server>', '<sql_username>', '<sql_password>'))) {
echo mysql_error();
exit;
}
mysql_select_db('<sql_database>',$mylink) or die(mysql_error());
True as maxxer said that this will only clear the database table but the user who is online during chilli restart can't login due to stale session in radius if simultaneous-use attribute is set to 1. Due to that, this workaround didn't solve the problem totally. I'm not knowledgeable with scripting but I've an idea if somebody can help write it.
The idea is to clear the database table and execute radwho and radzap when chilli restart. The first problem is solved with the solution post by ajauberg. Now to the second step. Use radwho -r to get list of username that hanging in radius right after the restart happen and feed it to the radzap to delete it from radius. So, no more stale in database table and radius will also be clear from it and users with simultaneous-use = 1 can login again without "you are already login" error.
I suppose a knowledgeable person in scripting/perl can combine both radwho and radzap in one script because I believe that radzap itself use radwho and radclient. Maybe a little modification to radzap can make this happen. Later (I suppose), one can add the code in chilli.ipup.php to call the script and execute it.
Thanks.
The idea is to clear the database table and execute radwho and radzap when chilli restart. The first problem is solved with the solution post by ajauberg. Now to the second step. Use radwho -r to get list of username that hanging in radius right after the restart happen and feed it to the radzap to delete it from radius. So, no more stale in database table and radius will also be clear from it and users with simultaneous-use = 1 can login again without "you are already login" error.
i modified my radius configuration so that stores accounting and all other information ONLY on the db. This solved (i'm almost sure) all the problems of my stale sessions. so you store the users information on file OR on sql, but not both!
i modified my radius configuration so that stores accounting and all other information ONLY on the db. This solved (i'm almost sure) all the problems of my stale sessions. so you store the users information on file OR on sql, but not both!
Thanks for the info maxxer. I've look in my radius.conf but can't really sure what to put and where. Could you point me to the right direction. BTW, I've check radwho file and with "radwho -ZRN 10.0.0.1 | radclient -f - radius.example.net acct testing123", one can zap all user connected to the NAS in one go. But, I rather not reinventing the wheel if you already have a working solution.
EDIT: nevermind. Found it. Thanks for the solution maxxer.
Thanks.
in radius.conf, check that into the accounting and authorize sections you have commented the lines of radutmp and sradutmp (maybe only in accounting, can't remember exactly right now)
hi cmos,
the script that if i combine the of ajauberg and rad cmd from maxxer look like this:
#!/bin/sh
exec wget -q -O /dev/null http://www.myserver.com/chilli.ipup.php
radwho -ZRN 10.0.0.1 | radclient -f - radius.example.net acct testing123
- -
my question is that this is the script right?, it can be exec right?
please i have not test but only my suggest.
Powered by PunBB 1.4.4, supported by Informer Technologies, Inc.