Forced Reauthentication
Houston-III, Lester L
lester.l.houston-iii at boeing.com
Tue Dec 6 23:31:35 CET 2011
Hello,
I'm trying to force reauthentication of my strongswan IPSec clients where EAP-TLS is being used, but nothing seems to work. Now, this is something that I would like to do on a per-client basis, so I'm modifying the session-timeout attribute of the access-accept packet to include my new session time. This insertion is performed from JRADIUS, where it is called in the post-auth stage. All of this appears to be working since the FreeRADIUS output prints out the new session-timeout value along with the other access-accept data when it sends the access-accept packet. I have also tried to globally set the session-timeout by including it in the FreeRADIUS users file, but none of these methods seem to work. Is anyone aware of a way to force a connecting client to reauthenticate? Am I missing something with the methods I've tried thus far?
Lester Houston 111
Boeing Research & Technology
Electronics Prototyping and Integration Center (EPIC)
lester.l.houston-iii at boeing.com
314-234-0621
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111206/a929857e/attachment.html>
More information about the Freeradius-Users
mailing list