2012-03-27 - Re: [GRASE-Hotspot] Disconnect Active User

Header Data

From: Timothy White <ti***8@gmail.com>
Message Hash: 9a658442d48c0558164dc90cbe8fe58f67c3d00794ff307325a9ad06de7a0045
Message ID: <CAESLx0K6zkqzqkD2aQ_uV2w6EF5aGG0v4gghjmw2c=peyHQQAg@mail.gmail.com>
Reply To: <CAAnGMTGrNGGnnYdsSYbpycgS2_m4SbRdjLMtTe2i6_Nv4GyTdA@mail.gmail.com>
UTC Datetime: 2012-03-27 14:55:53 UTC
Raw Date: Wed, 28 Mar 2012 07:55:53 +1000

Raw message

On Wed, Mar 28, 2012 at 1:44 AM, iii iii <ii***t@gmail.com> wrote:
> I have been having a lot of trouble lately with users greatly exceeding
> their bandwidth allowance.
> My desired solution would be to log out such accounts on a per-minute basis.

Before even going down this path, a user can't exceed their
"allowance". If you have set bandwidth limits in the groups (i.e.
256kbps for downlink, and 128kbps for uplink), then the fast the user
can download, is 256kbps. If they are downloading at faster than that
speed, you have a problem with the setup (maybe you created the groups
before Jan and as such the bug fix regarding speed limits wasn't
applied at the time, so recreate the groups).
If you are talking about quota allowance (so not speed, but actual
amount downloaded and uploaded), check that the users are actually in
a group with limits. This was something else that changed around Jan,
where groups no longer have "limits" applied to the group, but have
limits applied to the user at creation time, as defined by the group.
So again, if you created these users and/or groups before the change,
then you'll need to manually apply data limits (quota) to the users.
If you view the user in the "users" display tab, you'll be able to see
data limits in the 2nd column (soon to change to "remaining data" same
as the time limits changed recently). If that column is blank, the
user has no quota for data and can download as much as they want.
Bandwidth limits (speed limits) aren't shown there as they apply to
the whole group and so can be seen in the group area (I'll eventually
make it visible in that area as well).

>
> I have followed the steps listed on Ticket 28: Ability to disconnect active
> users (http://trac.grasehotspot.org/ticket/28), but the command fails.
> >From the command-line I get the following:
>
> $ sudo /bin/echo "User-Name=blah123" | /usr/bin/radclient -x 127.0.0.1:3779
> disconnect radsecret
> Sending Disconnect-Request of id 212 to 127.0.0.1 port 3779
> User-Name = "blah123"
> Sending Disconnect-Request of id 212 to 127.0.0.1 port 3779
> User-Name = "blah123"
> Sending Disconnect-Request of id 212 to 127.0.0.1 port 3779
> User-Name = "blah123"
> radclient: no response from server for ID 212 socket 3
>
> Googling the issue suggested I add udp port 3779 to my iptables, but that
> still didn't work.
>

If you read the top of that ticket, you'll see you shouldn't need sudo
at all. And as long as you are issuing that command on the machine
that the hotspot is running on (which I assume you are as 127.0.0.1
refers to the localhost), then it should be working.  The only thing I
can think is that the modifications to chilli haven't been made for
coaport. I can't currently even test the commands as my development
machine is currently dead. Check in /etc/chilli/ for coaport being in
the *.conf files. If it isn't, check that the running chilli process
has --coaport as a command argument (do something like "ps aux|grep
chilli") as that's the other way to pass that option to chilli. If
it's not in the conf files, or as a command line argument, then chilli
isn't listening for the packets that radclient is sending so you are
throwing them at a brick wall.
Being udp, there is no establishment of connection to check it's
working. Also do 'netstat -u  -l -n' to list all UDP ports listening
and check that 3779 is one of them.

Hope that gets you somewhere.

Tim




Thread