Expiration Feature / Session-Timeout Problem
Sven
freeradius at fragnet.org
Wed Feb 4 17:14:33 CET 2015
On 04.02.2015 16:40, Alan DeKok wrote:
> On Feb 4, 2015, at 6:56 AM, Sven <freeradius at fragnet.org> wrote:
> i try to use the Expiration Feature to get control over the Password
> lifetime of our Users.
>
> The idea was to set a date maybe 90 Day from last Passwordchange. This
> worked well, Users got denied but ive tested this feature only with a
> few Days ahead from now.
>
> Now i found out that if i set this to more than a Month from now that
> some of our Devices rejects the Access while i can see in the Radius
> Log that they where supplied with a Access-Accept.
>
> That’s easy to fix. Add this in the post-auth section:
>
> if (reply:Session-Timeout && (reply:Session-Timeout > 259200)) {
> update reply {
> Session-Timeout := 259200
> }
> }
>
> That should fix the problem. The user will be disconnected after 30
> days, and will reconnect. Ones who still have valid accounts will get
> another 30 days of access.
>
Thank you, that helped me alot :)
-sven
More information about the Freeradius-Users
mailing list