Use Cron to auto kick all users?



  • Is there a command to either restart CP or simply kick all the users.

    I've got a 2.0.3 system  testing CP with free radius2 running behind my lan  I'm using Mac auth with FR2 and have usage setup and it seems to work fine.

    I ran the command to remove the used octets files and noticed that the user who was still connected at the time was not counting traffic . User has 0 of x MB . Only after forcing that user to disconnect and reconnect did the counter start to work again.

    My best idea would be to have cron kick all the users 2 minutes after resetting the usage octets files.



  • first of all, look here

    your question is really close / related to this

    http://forum.pfsense.org/index.php/topic,61465.0.html

    second:

    mac auth :  let it !!  very unsecure !!

    use it on a "right combination"  username+password + mac check on radius  … uid/pwd will only work with one device (better ! )

    third :

    use : reauthentiate every minute  (this update the counts  and your radius user will be kicked (at least one minut after he reached his limits (time or volume)

    regards



  • reauthenticate every minute + interim update

    thats the right way



  • I have reauth every minute set .
    I lowered the idle timeout and that seems to solve the constantly connected issue.



  • use 5min idle, so you emulate a logout

    and a 24h hard timeout

    let radius handle billing timout itself

    use interim

    • reauthenticate every minute

    your pb will be solved

    and dont use mac only auth
    i could crack your access control in 2 minutes

    use mac check on radius as a supplementary "device right" checking

    (users shares accounts !!!  always !!)  like this you reduce the sharings



  • and ssl-ize your CP …

    so users wont be able to sniff negociations

    even if you use mac auth..  a sniffer could see all submitted mac addresses to control requests...

    you need a valid ssl if you use only mac auth

    on this way the login will be transparent, (on first request)  and ssl-ized



  • I use cron to kick users at just past midnight for our WiFi access (when the pub closes).  I also have a time lock implemented which shows a "Our WiFi is off" message instead of the captive portal once users are kicked.

    See this post here: http://forum.pfsense.org/index.php/topic,61730.msg333062.html#msg333062 I have posted the code I used to kick users at a set time.

    In saying this, when I run my script to kick all users, it does kick all users perfectly, and when you look in the captiveportal.db file, it is completely empty, so obviously works.  It does make me wonder if it would be simpler to just open the .db file and delete the contents, or even just delete the file (assuming pfsense will re-create it when required).  Not tried this though, so don't take my work for it!  The script linked to above works perfectly though!

    you can remove all the echo outputs from the script, and also remove the portion that writes a log file (that was more for me to check it was running through cron).


Locked