I’m currently using RADIUS to authenticate the hotspot users. All hotspot users are only permit one (1) login at a time, which is govern by RADIUS attribute Simultaneous-Use := 1.
The issue i’m having is when MT resets (reset due to unknown issue) all the RADIUS accountings for hotspot users who logged on are incomplete. Causing them not able to log in again because of simultaneous-use set to 1 when the MT boots up.
I’ve to access directly into RADIUS accounting table to complete the RADIUS accounting in order for the hotspot users to login again.
Is there any solutions to the issue above, without having to access the database to complete the RADIUS Accounting ?
Would appreciate very much any advice and reply to this post.
Something that I would like to see - since users are prevented from logging in again due to missed stop requests:
Have an option in the hotspot user profile such that if shared-users is set to 1, that instead of denying access to that current login, simply send a stop request to the radius server for the previously logged-in person, remove them from the active user list, and re-auth them.
In effect, dropping the old instance of that user and starting a new one.
And if that one is missed? And if the resend is missed? What if the Radius server is unavailable?
IMHO, I don’t think it’s the responsibility of the NAS to disconnect users - if I can put it that way… If you don’t have a accurate way to enforce session management (which includes session limiting), why use it?
Done properly, it’s very easy to get this under control and working. MT even included a radius client to facilitate radius disconnect messages. Disconnecting a stale session during authentication is a matter of sending a few bytes to the NAS. No re-authentication required, no re-transmissions required, no unneccessary waiting for the authentication to pass, no timeouts… You get the point.
On the otherhand, maybe I’m missing something - in which case, please enlighten me
