Alan DeKok aland at deployingradius.com
Wed Mar 26 19:12:49 CET 2014

Nick Lowe wrote:
>>   Nope.  Acct-Multi-Session-Id handles IDs for multiple sessions.  What
>> does that mean?  No one knows... the IETF RADIUS working group has had
>> discussion on that topic, with no resolution.
> For 802.1X purposes, it is, I thought, pretty well defined in RFC 3580... No?

  The document has text.  I'm not sure anyone implements it.

>>   No.  Every re-auth is a new connection.  Always.  Anything else is
>> madness.
> You have to correlate over these if you want to be able to limit the
> number of concurrent devices a user is allowed to have connected
> though, surely?

  Each session should contain information about the device.  That can be
used to terminate old sessions, and move them to the new AP.

> Certainly NASes that implement the Acct-Multi-Session-Id support
> persist that value across re-authenication whether there is an
> authorisation exchange or not.

  RFC 3580 says that the Multi-Session-Id is used where there is no
re-authentication.  If there's no re-authentication, there's no
authorization exchange.

  Alan DeKok.

More information about the Freeradius-Users mailing list