Hard timeout doesn't work
-
Hi all,
I'm about to start from scratch as this feature is not working. Idle timeout works fine.
I gather there is a cron every minute which checks each client. I have made the Hard timeout 5mins.
When I hover over the client in CP status it shows the idle timeout and session but nothing about hard timeout.
Nothing is showing in the logs - I expected a DISCONNECT logI am using external radius auth. Any ideas how to debug it?
-
@guntery said in Hard timeout doesn't work:
I gather there is a cron every minute which checks each client.
Correct.
You can even see it :
Access the console, option 8 and typeps ax | grep 'prune'Every 60 seconds it executes, checks all connected users, and do what "needs to be done".
But .... if a (the FreeRadius) package is used for your portal instance, then things like hard time out , soft time out (and more) are controlled by radius - so you have to set things up over there.
That is, I'm pretty sure it would work like that.edit : I tested :
When I set a time out of 5 minutes :
and this suer logs in (it' me) I see a :
after 5 minutes.
It's a SESSION TIMEOUT. Somewhat the same thing as a "DISCONNECT" I guess.
And of course, the user was disconnected.So, it works ....
-
Thanks,
you are correct the idle timeout and hard timeout are ignored. damn!Is there a command line method to DISCONNECT a user?
-
@guntery said in Hard timeout doesn't work:
Is there a command line method to DISCONNECT a user?
No one ready right now.
There is a command line script that disconnect all users from all portal instances, published by myself and others in this forum part.But first, you have visit this GUI page :
Hover your mouse of the dustbind of the user you want to disconnect.
Now, have a look at the second most information shown on your screen :
and there you see how to select the to be disconnected using its "connection ID", the "f273c20eb7b0174c" string in my example.
Now you have everything to do a "SELECT" upon the connected user database, and have it removed.
You'll be needing probably the "pfSense Ultimate Manual**" , to guide you when modifying the PHP command line script file.
** The source code - you have a copy already
-
@Gertjan said in Hard timeout doesn't work:
pfSense Ultimate Manual
thanks for that (https://docs.netgate.com/manuals/pfsense/en/latest/the-pfsense-book.pdf)
it shows a little more detail on the hard timeout. And mentions radius. It looks like it actually should work regardless of authentication method...
I found under the CP authentication section there is a Session timeout check box for "Use RADIUS Session-Timeout attributes"
If I disable this the hard timeout works with freeradius! cheers
