I am using FreeRADIUS along with MySQL to authenticate users.
Users are saved in the radcheck table. User attributes are saved in the radreply table.
For example I have a user named Bob in the radcheck table.
username | attribute | op | value
------------------------------------------------
Bob | Cleartext-Password | := | password12
Bob has a Session-Timeout value of 60 (1 minute) in the radreply table.
username | attribute | op | value
------------------------------------------------
Bob | Session-Timeout | := | 60
Bob | Idle-Timeout | := | 60
This all works fine. My problem is that RADIUS just re-authenticates Bob straight away. I assume this is because Bob still exists in the radcheck table.
Is there a way to remove Bob from the radcheck and radreply tables after the Session-Timeout time has been reached?
You can write a custom login using Perl/PHP script in postacctsql using Perl/PHP module in Freeradius. postacctsql will give you the user who is session timeout and then you can write a custom script to delete a record from Mysql DB. You can find many examples of such scrip on google.
It's correct behavior of radius. If bob is auth well, session times out in 60 seconds. Idle timeout is not nessessary if <= session-timeout. You have to count something to a maximum you have set and then change access from accept to reject. Next time session-timeout reached bob can not reauth