Cisco WLC does not respect the Expiration of a user on Radius server.
Chris Moules
chris at gms.lu
Thu Apr 30 21:09:15 CEST 2009
Matthew,
I guess you are meaning that the WiFi session on the device is not
terminating.
I am not an expert in this area (I have not used the Expiration checks
myself) but I guess that the Cisco will not care about this value. I
assume that it is not even returned to it (Freeradius internal check
value, not a return value?).
You will probably want to look into the Session-Timout (and maybe
Idle-Timeout) settings.
If you are using sql you can probably calculate a dynamic
Session-Timeout length based on (MySQL lingo) NOW() and the Expiration
value. After this time the session (on the cisco) will end and the user
may try to re-login. The Expiration time will have passed and so it will
fail.
Chirs
Matthew Carriere wrote:
> Hi everyone,
>
> I have a CISCO WLC that is configured to use a FreeRadius server as the
> authentication point.
>
> Everything is working except the Expiration.
>
> I set an Expiration value programatically from a Ruby script by entering
> a record into the radcheck table:
>
> UserName | Matthew
> Attribute | Expiration
> op | :=
> Value | April 29 2009 02:14:48
>
> Here's the scenario,
>
> before the expiration date the user authenticates to the Radius server
> and then is able to use the Wireless (Cisco WLC). However, when the
> expiration time passes, the user can no longer authenticate to the
> radius server (which is correct), but they are still connected to the
> Wireless.
>
> Does anyone have some experience with this scenario to offer some
> suggestions to help troubleshoot?
>
> Thanks
>
> Matthew Carriere
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/devel.html
>
More information about the Freeradius-Devel
mailing list