6 Dec
2011
6 Dec
'11
7:40 p.m.
On Wed, Dec 7, 2011 at 5:31 AM, Houston-III, Lester L <lester.l.houston-iii@boeing.com> wrote:
Hello,
I’m trying to force reauthentication of my strongswan IPSec clients where EAP-TLS is being used, but nothing seems to work. Now, this is something that I would like to do on a per-client basis, so I’m modifying the session-timeout attribute of the access-accept packet to include my new session time.
Does the NAS (strongswan?) support session-timeout? If you don't know, ask its support/forum/list. It's unlikely that you'll find the answer here.
This insertion is performed from JRADIUS, where it is called in the post-auth stage.
Why would you need jradius? why not just use an unlang block in freeradius? update reply { ... } -- Fajar