Forced Reauthentication

Houston-III, Lester L lester.l.houston-iii at boeing.com
Wed Dec 7 01:50:02 CET 2011


I will ask the strongswan folks.  JRADIUS is used for some other post authentication processing that determines whether the user truly granted or denied access to the system.


-----Original Message-----
From: freeradius-users-bounces+lester.l.houston-iii=boeing.com at lists.freeradius.org [mailto:freeradius-users-bounces+lester.l.houston-iii=boeing.com at lists.freeradius.org] On Behalf Of Fajar A. Nugraha
Sent: Tuesday, December 06, 2011 6:40 PM
To: FreeRadius users mailing list
Subject: Re: Forced Reauthentication

On Wed, Dec 7, 2011 at 5:31 AM, Houston-III, Lester L
<lester.l.houston-iii at boeing.com> wrote:
> Hello,
>
>
>
> I'm trying to force reauthentication of my strongswan IPSec clients where
> EAP-TLS is being used, but nothing seems to work.  Now, this is something
> that I would like to do on a per-client basis, so I'm modifying the
> session-timeout attribute of the access-accept packet to include my new
> session time.

Does the NAS (strongswan?) support session-timeout?
If you don't know, ask its support/forum/list. It's unlikely that
you'll find the answer here.

> This insertion is performed from JRADIUS, where it is called
> in the post-auth stage.

Why would you need jradius? why not just use an unlang block in freeradius?

update reply {
...
}

-- 
Fajar

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list