Expiration Feature / Session-Timeout Problem

Mrinal K sinha.mrinal at gmail.com
Wed Feb 4 13:21:48 CET 2015


What all Attributes are supported depends on the NAS implementation. So
there could be some session terminal attribute supported by your NAS, if
you are using chillispot you have option to
return WISPr-Session-Terminate-Time. Chillspot then just terminates user
session at the timestamp returned by radius
(as WISPr-Session-Terminate-Time).

In any case if you want to not use (or selectively return Session-Timeout)
then you can do it in unlang. Like you can keep a list of MAC addresses
(for which Session-Timeout will be returned) in sql table and do a lookup.
If lookup returns true then add Session-Timeout to your reply else dont.

On Wed, Feb 4, 2015 at 5:26 PM, Sven <freeradius at fragnet.org> wrote:

> Hello,
>
> i try to use the Expiration Feature to get control over the Password
> lifetime of our Users.
>
> The idea was to set a date maybe 90 Day from last Passwordchange. This
> worked well, Users got denied but ive tested this feature only with a few
> Days ahead from now.
>
> Now i found out that if i set this to more than a Month from now that some
> of our Devices rejects the Access while i can see in the Radius Log that
> they where supplied with a Access-Accept.
>
> I guess that some of our older Devices got Problems with the releated
> Session-Timeout value which is in the Access-Accept reply too.
>
> Is there a way to not send Session-Timeout Data to these or all Devices ?
> In my setup i dont think that i need this because my goal is not to
> Disconnect a User, only to block him from logging in.
>
> Maybe there is a better solution to get this "feature" :) Im not sure if
> the Expiration Feature is the right thing for this task.
>
> Kind Regards, Sven
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>


More information about the Freeradius-Users mailing list