Actually i have AAA by mysql and everything work fine. Especially the use *Max-Daily-Session*attribute to disconnect the user after 10min (600sec) connection. I recently changed the way authenticazione using a custom php script. In sites-enabled/default file: authorize{ update control { Auth-Type := `/usr/bin/php -f /etc/raddb/yourscript.php '%{User-Name}' '%{User-Password}' '%{Client-IP-Address}'`} In /etc/freeradius/users: DEFAULT Auth-Type = AcceptExec-Program-Wait = "/usr/bin/php -f /etc/raddb/attributes.php '%{User-Name}' '%{User-Password}' '%{Client-IP-Address}'" In attributes.php: <?php $User = $argv[1]; $Pass = $argv[2]; $Ip = $argv[3];if ($User == "test") echo "Max-Daily-Session:=600";?> It seems that the server does not care about the Max-Daily-Session attribute and does not send the Packet of Disconnect. What changes between mysql and custom authentication?