Security

Hi all.

I am trying to implement a filter using Insight DB to check active sessions from users.

I am following the Solution below to implement this filter.

https://community.arubanetworks.com/t5/Controller-Based-WLANs/How-to-deny-access-for-authentication-request-based-on-session/ta-p/183304

I have created a new authentication source using Insight DB and the following filter:

select count(*) as sessions  from radius_acct
where (username = ‘%{Authentication:Username}’)
 AND end_time is null AND termination_cause is null
 AND (updated_at BETWEEN (now() – interval ‘1 hour’) AND now());

The problem is that I always receive 0 as the results.

Doing tests with pgAdmin using a valid username it works fine.

It seems that something is wrong with the filter syntax when I add two ore more conditions.

For example if the filter has only the condition below it works fine.

    where radius_acct.username = ‘%{Authentication:Username}’

The same thing happens when the condition is only this one:

    radius_acct.end_time is null and termination_cause is null

 But when I need to check both conditions using an AND it does not work anymore.

Does someone know what is twrong or if there is another way to check active sessions ?
 
Thanks,

Luis Fernando Rodrigues Silveira

Hi Tim,

My first test was using Insight DB as authorization source with the following Enforcement :

It was not working too. It always returned me 0 as active sessions.

So I decided to create another authentication source using Insighdb to test some filters.

I don't understand why it is not working when I add both conditions using AND.

It was supposed to work correct ?

Customer has a Cluster with 2 CPPM Servers running 6.7.5

Do you know any other way to check active sessions for an user ?

Can I use other database like Tipslogdb in order to check this ?

Thanks,

Luis Fernando Rodrigues Silveira

Hi Tim, thanks for the answer again.

I am working with TAC right now regarding another issue related to Insight. Customer's cluster was having high CPU usage because Insight and Performance Monitoring was active on Publisher node. We disable both on Publisher node and let them active only on the Subscriber. After doing that CPU performance increased around 50% !!

I will do more tests on Monday.  Probably my problem with Insight authorization was being caused by this wrong setup.

I will let you know the results.

Regards,

Luís Fernando Rodrigues Silveira

Hi Tim,

Just a feedback.

Arun Nair from Aruba ERT solved the problem.

He changed the query.

I was using the query below :

select count(*) as sessions   from radius_acct
  where (username = '%{Authentication:Username}') AND
        end_time is null AND termination_cause is null AND
        (updated_at BETWEEN (now() - interval '1 hour') AND now());

It was replaced with the following one that is working fine now.

SELECT COUNT(*) AS active_count FROM radius_acct WHERE username = '%{Authentication:Username}' AND start_time >=  NOW() -
INTERVAL '2 day' AND  end_time is NULL;

Another important thing that he explained is that counter starts with 0 because it is using accounting information. So after first sucessfull authorization counter is 0, after second counter is 1 and so on.

To limit 3 active sessions I am suing the following Enforcement:

(Authorization:[Insight Repository]:Active-Sessions  GREATER_THAN_OR_EQUALS  3)  -- Deny

Thanks,

Luis Fernando Rodrigues