Topic: STALE SESSIONS

I use Chillispot but frequently I have problems with **login** due stale sessions.
How can I solve this problem?

Any help is very welcome.

I want to solve this problem **definitively**!!!

Thanks,



mson77

Re: STALE SESSIONS

One problem might be that if you allow only one login and restart your chilli process, the sessions will not be reset. I have created the following config to come around this problem:

1. Enable the following feature in the chilli.conf file:

# TAG: ipup
# Script executed after network interface has been brought up.
# Executed with the following parameters: <devicename> <ip address>
# <mask>
# Normally you do not need to uncomment this tag.
ipup /etc/chilli.ipup

2. Create the /etc/chilli.ipup file referenced above, and make it runnable (chmod 755):

#!/bin/sh

exec wget -q -O /dev/null http://www.myserver.com/chilli.ipup.php

3. Finally, create a PHP file that resets the stale login sessions:

<? // chilli.ipup.php 

// Open permanent database connection
if (!($mylink = mysql_pconnect('sql_server', 'sql_username', 'sql_password'))) {
    echo mysql_error();
    exit;
}
mysql_select_db('sql_database',$mylink) or die(mysql_error());

$q="UPDATE radacct SET AcctStopTime=now(), AcctTerminateCause='Chillispot Restart' WHERE AcctStopTime ='0000-00-00 00:00:00'"; 
mysql_query($q) or die (mysql_error());

Re: STALE SESSIONS

Hello ajauberg,


Thank you for your usefull information.

Best regards,



mson77

4 (edited by cmos 2007-11-08 12:06:21)

Re: STALE SESSIONS

Hi ajauberg,

I guess this will not work if chillispot is in the router box (DD-WRT firmware) and everything else is in separated server? Sometime the chilli's daemon on the router restart out of nowhere and how can I make it exec the php script in the server from the router box?

Thanks.

Re: STALE SESSIONS

Yes, you can, I am using OpenWRT in the exact same configuration.

#!/bin/sh

exec wget -q -O /dev/null http://www.myserver.com/chilli.ipup.php

This code is actually executed in the router box and calls the remote server

Re: STALE SESSIONS

ajauberg wrote:
$q="UPDATE radacct SET AcctStopTime=now(), AcctTerminateCause='Chillispot Restart' WHERE AcctStopTime ='0000-00-00 00:00:00'"; 
mysql_query($q) or die (mysql_error());

I am doing this but yet this doesn't re-enable users login! This just resets the table.
Often I need to radzap the user, but yet this doesn't clear the radacct entry.

My users all have Acct-Interim-Interval := 60 in the radgroupreply table and Idle-Timeout := 600, but after NAS restart in radwho and radacct table I see stale users for ages!

Re: STALE SESSIONS

may i suggest either define vars or edit manually this part

sql_server = my server or 127.0.0.1
sql_username = my user or radius
sql_password = my password or PASSWORD
sql_database= datebase to select




if (!($mylink = mysql_pconnect('<sql_server>', '<sql_username>', '<sql_password>'))) {
    echo mysql_error();
    exit;
}
mysql_select_db('<sql_database>',$mylink) or die(mysql_error());

8 (edited by cmos 2008-04-07 07:38:45)

Re: STALE SESSIONS

True as maxxer said that this will only clear the database table but the user who is online during chilli restart can't login due to stale session in radius if simultaneous-use attribute is set to 1. Due to that, this workaround didn't solve the problem totally. I'm not knowledgeable with scripting but I've an idea if somebody can help write it.

The idea is to clear the database table and execute radwho and radzap when chilli restart. The first problem is solved with the solution post by ajauberg. Now to the second step. Use radwho -r to get list of username that hanging in radius right after the restart happen and feed it to the radzap to delete it from radius. So, no more stale in database table and radius will also be clear from it and users with simultaneous-use = 1 can login again without "you are already login" error.

I suppose a knowledgeable person in scripting/perl can combine both radwho and radzap in one script because I believe that radzap itself use radwho and radclient. Maybe a little modification to radzap can make this happen. Later (I suppose), one can add the code in chilli.ipup.php to call the script and execute it.

Thanks.

Re: STALE SESSIONS

cmos wrote:

The idea is to clear the database table and execute radwho and radzap when chilli restart. The first problem is solved with the solution post by ajauberg. Now to the second step. Use radwho -r to get list of username that hanging in radius right after the restart happen and feed it to the radzap to delete it from radius. So, no more stale in database table and radius will also be clear from it and users with simultaneous-use = 1 can login again without "you are already login" error.

i modified my radius configuration so that stores accounting and all other information ONLY on the db. This solved (i'm almost sure) all the problems of my stale sessions. so you store the users information on file OR on sql, but not both!

10 (edited by cmos 2008-04-07 09:28:12)

Re: STALE SESSIONS

maxxer wrote:

i modified my radius configuration so that stores accounting and all other information ONLY on the db. This solved (i'm almost sure) all the problems of my stale sessions. so you store the users information on file OR on sql, but not both!

Thanks for the info maxxer. I've look in my radius.conf but can't really sure what to put and where. Could you point me to the right direction. BTW, I've check radwho file and with "radwho -ZRN 10.0.0.1 | radclient -f - radius.example.net acct testing123", one can zap all user connected to the NAS in one go. But, I rather not reinventing the wheel if you already have a working solution.

EDIT: nevermind. Found it. Thanks for the solution maxxer.

Thanks.

Re: STALE SESSIONS

in radius.conf, check that into the accounting and authorize sections you have commented the lines of radutmp and sradutmp (maybe only in accounting, can't remember exactly right now)

Re: STALE SESSIONS

hi cmos,
the script that if i combine the of ajauberg  and rad cmd from maxxer look like this:

#!/bin/sh

exec wget -q -O /dev/null http://www.myserver.com/chilli.ipup.php
radwho -ZRN 10.0.0.1 | radclient -f - radius.example.net acct testing123

- -
my question is that this is the script right?, it can be exec right?
please i have not test but only my suggest.