Session Timeout not working

  • Hello.

    I implemented a Captive Portal, authenticating in MySQL with FreeRadius, it is working perfectly.

    But how do I configure session_timeout in SQL accounts?
    Because if I configure it in "Hard timeout (Minutes)" in Captive Portal properties, apparently, it is only for local users.

    And if you configure it in FreeRadius, it is only for FreeRadius users and not SQL.

    When I query active users on Captive Portal I get the following result:

        [0] => 1598285704
        [allow_time] => 1598285704
        [1] => 2088
        [pipeno] => 2088
        [2] =>
        [ip] =>
        [3] => MAC
        [mac] => MAC
        [4] => USERNAME
        [username] => USERNAME
        [5] => 2e19c3a1ebb3a6f9
        [sessionid] => 2e19c3a1ebb3a6f9
        [6] => 
        [bpassword] => 
        [7] => 
        [session_timeout] => 
        [8] => 
        [idle_timeout] => 
        [9] => 
        [session_terminate_time] => 
        [10] => 
        [interim_interval] => 
        [11] => 
        [traffic_quota] => 
        [12] => radius
        [authmethod] => radius
        [13] => first
        [context] => first

    And as we can see, the session_timeout property is empty, even configuring directly in Captive Portal and FreeRadius.

    Thank you!

  • @Rafael-Silva said in Session Timeout not working:

    And if you configure it in FreeRadius, it is only for FreeRadius users and not SQL.

    It's not FreeRadius and MySQL.
    It's FreeRadius that does all the work.
    The thing is, FreeRadius needs initial settings like user names, password, speed, connection type, etc. It also needs to store temporary data, which can be updated as frequent as possible.
    MySQL is just a scratch pad, like a file system withplain flat (although binary) files, it could also be, if you're willing to write one, a set of Excel sheets, some other obscure database system.
    MySQL is just the storage support here.

    Note that the pfSense's way of surfacing FreeRadius settings using MySQL is somewhat hard coded and (very) limited in the GUI : not all the options and possibilities exist / are possible.
    For example, when you create users using the FreeRadius / pfSense GUI, these are still stored in a flat file, not MYSQL (see the MySQL tables yourself in the Radius database).

    @Rafael-Silva said in Session Timeout not working:

    [session_timeout] => 
    [8] => 
    [idle_timeout] => 
    [9] => 

    If you're able to see that info, then go to /etc/inc/, check the "prune" function.
    That function is called every minute by cron, and parses every connected user and checks if idle or hard time out should be applied.
    If this info isn't set, the default global Services > captive portal time out will apply ? (didn't check : could you ? )

  • Hello.

    Thanks for the feedback.

    I managed to solve by creating a record in the radcheck table, with the information of Session-Timeout and Idle-Timeout.
    Only then does pfSense disconnect expired users.


Log in to reply