On 04.02.2015 16:40, Alan DeKok wrote:
On Feb 4, 2015, at 6:56 AM, Sven <freeradius@fragnet.org> wrote: i try to use the Expiration Feature to get control over the Password lifetime of our Users.
The idea was to set a date maybe 90 Day from last Passwordchange. This worked well, Users got denied but ive tested this feature only with a few Days ahead from now.
Now i found out that if i set this to more than a Month from now that some of our Devices rejects the Access while i can see in the Radius Log that they where supplied with a Access-Accept.
That’s easy to fix. Add this in the post-auth section:
if (reply:Session-Timeout && (reply:Session-Timeout > 259200)) { update reply { Session-Timeout := 259200 } }
That should fix the problem. The user will be disconnected after 30 days, and will reconnect. Ones who still have valid accounts will get another 30 days of access.
Thank you, that helped me alot :) -sven