28.07.2009 05:09:31
segaodma
Posts: 14
|
I'm using a D-Link DI-624 router, I have DWL-2100AP also but I haven't tested it yet. The Active Sessions are not refreshed correctly. Sometimes when I disconnect the user, the Active Sessions is still active, raising the problem of not being able to connect again if there is a Simultaneous Use check enabled for that user. Is there some option of refreshing the Active Sessions only for that user if it tries to connect, or maybe a "to do" for a next version?
|
|
0
• permalink
|
28.07.2009 12:10:43
Admin
Administrator
Posts: 1684
|
Hi,
As far as I've investigated D-Link DI-624 does not supports RADIUS accounting, in this case you can not see session entries in Active Sessions for the
users connected to D-Link DI-624.
Best regards,
Yasin KAPLAN
|
|
0
• permalink
|
28.07.2009 16:19:24
segaodma
Posts: 14
|
Hi again,
Well, mine shows Active Sessions. I don't know why.  The problem is that (sometimes, not always) when the user disconnects the session is still shown in the active tab. Sometimes the sessions disappear and sometimes they won't.
About the router... there are several hardware versions of DI-624 and (I don't know why) they are totally different routers, just the name is the same. These are the versions: Ax, Cx, H1, Bx and D2G (and there may be more). I was reading some other forums, watching pictures on Google and found out that the version that I have D2G (the latest one) is completely different router from the other older versions and that the new D-Link's router WBR2310 (Rev.A, not B... they are different also!) was in fact just a prepacked DI-624 D2G. They are completely the same and... the main proof... the WBR2310 firmware works on the DI-624! I tried flashing the DI-624 with the WBR2310 firmware and all went fine and the router was working! Then I tried flashing it back with the original firmware and again all fine. I'm using the original firmware now, but I will try the WBR2310 soon and post.
About the sessions... there could be two reasons...
The router's firmware or the users client software?
|
|
0
• permalink
|
28.07.2009 16:26:40
Admin
Administrator
Posts: 1684
|
Well, If active session entry is not cleared that means TekRADIUS could not receive a proper RADIUS Accounting-Stop message when client disconnected.
This is probably caused by the firmware. Please see TekRADIUS log if proper RADIUS Accounting-Stop messages are received.
|
|
0
• permalink
|
28.07.2009 18:11:14
segaodma
Posts: 14
|
I think I found the problem...
I got 3 wireless cards and using 2 client's software for testing.
Cards: D-Link DWL-G520 (Atheros), Repotec RP-WP1400 (Realtek), Edimax EW-7318Ug (Ralink USB).
Software: Juniper Odyssey (for D-Link and Repotec) and Ralink's clients software for the USB.
Using Odyssey:
If I enable/disable the card with Odyssey the Active Sessions are working fine! Meaning that the terminate signal is sent to the TekRADIUS server.
The problem is raised when I disable the adapter directly from Network Connections of the Windows. Then the user disconnects from the NAS, but the Active Session remains open. And won't let me connect again if the Simultaneous-use is set to 1. It keeps the connection active forever! I have to restart the server or change the Simultaneous-use setting to more than 1 in TekRADIUS User tab to let me connect again. And worse... if I set the Simultaneous-use to 5 and do a Repair 5 times to the same card, then the Active Sessions tab lists and keeps open all the 5 sessions active, even though they are made with the same adapter in 2 minutes. The 6-th time it won't let me connect.
Using Ralink's software does not terminate the session in any way, it always stays active either I enable/disable it through the Ralink or through Network Connections.
I don't think that the DI-624 is the problem because it works fine with the Odyssey. I changed the firmware to WBR2310 and still the same. I think that the problem are the software that do not send the correct terminate signal to the TekRADIUS through the NAS. Can you add an option to the TekRADIUS for it to check (send query to the NAS) if the sessions are still alive indeed (e.g. check ARP-ping), when TekRADIUS gets an authentication request (a user tries to connect)?
|
|
0
• permalink
|
28.07.2009 21:51:18
segaodma
Posts: 14
|
Another test...
I disabled the Simultaneous-use check for the test user. I connected the Ralink USB card with it's Ralink utility, and again and again, repair, repair... I made 10 active sessions. All of them remained active. Then I connected the D-Link with the Odyssey. It made 11-th active session and placed it under the 10 already active ones. Next I made more connections with the Ralink which were placed below the D-Link's connection in the list of the Active Sessions. When I disabled the D-Link card through the Odyssey, from the list of active sessions disappeared the 11-th connection, the one that was made with the D-Link. All others remained active. Meaning that TekRADIUS probably keeps a record of the MAC address of each session (which is not shown in the Active Sessions tab) and removes the right one when it gets the terminate signal from the NAS. I think that the NAS (the DI-624 or WBR-2310) is not the problem, the problem are the software not sending the terminate information THROUGH the NAS? Or maybe a good NAS (if this one is some bad software) would send an automatic terminate signal with the MAC address of the user to the TekRADIUS whenever a user disconnects? I really don't know how this works and who is responsible for sending those terminate signals. 
|
|
0
• permalink
|
28.07.2009 21:54:37
segaodma
Posts: 14
|
I think that (if it's possible) adding a option on the TekRADIUS to check for the activity of the users previous session whenever the user tries to connect the next time would be a great option.
|
|
0
• permalink
|
28.07.2009 23:34:45
Admin
Administrator
Posts: 1684
|
Every access server which supports RADIUS Accounting sends a unique RADIUS Accounting Id for a new user session so
every session which is initiated with the same user to same access server even to same port will have a different RADIUS Accounting Id.
When a user disconnects same Id is sent in RADIUS Accounting-Stop message so RADIUS server clears only matching active session.
Clearing inactive session by pooling them must be implemented in the access server since access servers provide physical connection.
|
|
0
• permalink
|
29.07.2009 05:34:32
segaodma
Posts: 14
|
I installed Realtek's wireless utility. Works great... adding/removing sessions to the Active Sessions tab whenever you enable/disable the "Radio off" check box of the wireless card. Still the problem remains if you enable/disable the "Disable the adapter" check box of the utility. It disables the card as if it was disabled from Network Connections... then the session remains active, even though in both cases the user disappears from the list of the NAS. The only difference is that the terminate signal is not sent when the adapter is disabled by Network Connections... the thing that is mostly used by the users. ughh!!!
I think that the only solution for this (I don't know how) would be if you can link somehow the Accounting ID with the Users MAC address... and make some kid of a script that would check ARP-ping to see if the client and his session is still active whenever the user tries to connect again... then grant/deny access based on the result of the ARP-ping?
|
|
0
• permalink
|
29.07.2009 06:09:00
segaodma
Posts: 14
|
I left the Realtek card with its utility on for an hour. The card was reconnecting by itself every 5-7 minutes creating new active sessions while not closing the old ones. After a hour I had about 10 active sessions.
|
|
0
• permalink
|
30.07.2009 00:15:44
segaodma
Posts: 14
|
Video of the problem...
|
|
0
• permalink
|
22.08.2009 15:19:23
segaodma
Posts: 14
|
http://www.dslreports.com/forum/r22697797-EAPTTLS-issue-with-FreeRadius~start=20
|
|
0
• permalink
|
23.08.2010 05:11:21
segaodma
Posts: 14
|
still no solution ...
|
|
0
• permalink
|
23.08.2010 10:04:52
Admin
Administrator
Posts: 1684
|
When you disable wireless connection from "Network Connections", Windows bypasses D-Link driver functions and
client can not send a proper signal to the AP for disconnection.
TekRADIUS does not have a feature to check if user session still active in the access server. This is the access server's
responsibility.
|
|
0
• permalink
|
04.09.2010 02:29:17
ankesh
Posts: 2
|
Hi,
I am using Tekradius to authenticae my network devices.
I am usoing ZTE L3 switches and High end routers.
All the devices are getting authenticate properly but in Tekradius I am unable to see active session details.
Please help how to resolve this issue.
|
|
0
• permalink
|
04.09.2010 11:48:06
Admin
Administrator
Posts: 1684
|
Hi,
Please make sure that RADIUS Accounting is supported on your network devices and also enabled.
Best regards,
Yasin KAPLAN
|
|
-1
• permalink
|
04.09.2010 15:44:54
ankesh
Posts: 2
|
admin wrote:
Hi,
Please make sure that RADIUS Accounting is supported on your network devices and also enabled.
Best regards,
Yasin KAPLAN
Hi,
Thanks for your reply,
I have checked accounting function on ZTE L3 switch and highend router. It supports accounting function as well.
I have done below configuration.
but still I am not getting any active session whenever user login.
Please suggest what could be the reason.
!
!
user-authentication-type radius 1 chap
!
!
radius authentication-group 1
ip vrf ONM
server 1 10.10.10.1 master key zxr10 port 1812
algorithm first
nas-ip-address 10.255.8.1
user-name-format strip-domain
vendor enable
!
!
radius accounting-group 1
alias Tekradius
ip vrf ONM
server 1 10.10.10.1 master key zxr10 port 1813
algorithm first
nas-ip-address 10.255.8.1
user-name-format strip-domain
vendor enable
local-buffer enable
!
!
|
|
0
• permalink
|
05.09.2010 23:07:56
Admin
Administrator
Posts: 1684
|
Please set logging level to debug at settings / service parameters and examine TekRADIUS log (Accessible through file menu)
to make sure that TekRADIUS recevies RADIUS accounting packets.
|
|
0
• permalink
|