IP-Address
Alan DeKok
aland at deployingradius.com
Wed Mar 26 19:12:49 CET 2014
Nick Lowe wrote:
>> Nope. Acct-Multi-Session-Id handles IDs for multiple sessions. What
>> does that mean? No one knows... the IETF RADIUS working group has had
>> discussion on that topic, with no resolution.
>
> For 802.1X purposes, it is, I thought, pretty well defined in RFC 3580... No?
The document has text. I'm not sure anyone implements it.
>> No. Every re-auth is a new connection. Always. Anything else is
>> madness.
>
> You have to correlate over these if you want to be able to limit the
> number of concurrent devices a user is allowed to have connected
> though, surely?
Each session should contain information about the device. That can be
used to terminate old sessions, and move them to the new AP.
> Certainly NASes that implement the Acct-Multi-Session-Id support
> persist that value across re-authenication whether there is an
> authorisation exchange or not.
RFC 3580 says that the Multi-Session-Id is used where there is no
re-authentication. If there's no re-authentication, there's no
authorization exchange.
Alan DeKok.
More information about the Freeradius-Users
mailing list