Expiration Feature / Session-Timeout Problem

Sven freeradius at fragnet.org
Wed Feb 4 12:56:22 CET 2015


i try to use the Expiration Feature to get control over the Password 
lifetime of our Users.

The idea was to set a date maybe 90 Day from last Passwordchange. This 
worked well, Users got denied but ive tested this feature only with a 
few Days ahead from now.

Now i found out that if i set this to more than a Month from now that 
some of our Devices rejects the Access while i can see in the Radius Log 
that they where supplied with a Access-Accept.

I guess that some of our older Devices got Problems with the releated 
Session-Timeout value which is in the Access-Accept reply too.

Is there a way to not send Session-Timeout Data to these or all Devices 
? In my setup i dont think that i need this because my goal is not to 
Disconnect a User, only to block him from logging in.

Maybe there is a better solution to get this "feature" :) Im not sure 
if the Expiration Feature is the right thing for this task.

Kind Regards, Sven

More information about the Freeradius-Users mailing list