Session-Timeout Problem

Selahattin Cilek selahattin_cilek at hotmail.com
Thu Feb 2 16:59:49 CET 2017


Without some sort of mechanism to periodically update and check network 
usage, it is impossible to enforce quota on the users. It would be 
impossible for the NAS to keep long-term track of network usage by 
hundreds of users, and therefore it is FreeRADIUS's job to do that.


On 02.02.2017 18:39, Brian Julin wrote:
>
> Brian Chandler wrote:
>
>> However, I would point out that there are much better ways of achieving
>> your goal than kicking off users every 10 minutes, which is highly
>> disruptive.
> This is something I've been wondering and wishing for the time/motivation
> to look into.
>
> It's not necessarily incumbent on the NAS to kill the client's connection
> *before* the re-auth as long as they will definitely kill it without a successful
> reauth and they make the Session-Timeout deadline; some NAS vendors may
> have used the wiggle room here to keep the client traffic flowing during the
> re-authentication and on a success just keep them working.  Surveying that
> behavior across popular NAS units would be interesting.
>
> But, that does not necessarily mean even when attached to those products
> that clients will play ball... so before even that, surveying which clients might
> perform a hitless reauth (both during EAP, and during DHCP if it is triggered)
> or measuring the magnitude of the hit would be the better first step.
>
> Also there is EAP-ERP (RFC 5296/6696) to streamline such behavior;
> I haven't gone digging to see if any products claim support for it.


---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus




More information about the Freeradius-Users mailing list