Dropping NAS-Port AVP from Acct-Unique-Session-Id by default

Alan DeKok aland at deployingradius.com
Fri Sep 18 15:36:58 CEST 2015


On Sep 18, 2015, at 9:26 AM, Nick Lowe <nick.lowe at gmail.com> wrote:
> I meant what RFC 3580 says here. Instructing a NAS to re-authenticate
> via a Termination-Action AVP of RADIUS-Request and a Session-Timeout
> AVP being supplied in the Access-Accept.

  You're getting caught up in terminology, and are ignoring my comments.

> That is entirely decoupled to EAP session resumption.

  Not entirely... EAP session resumption can be used during a re-authentication.

  In which case you know it's the same user as before.

  If EAP session resumption isn't used, you can still look at the *other* data, and tell that it's the same user, same MAC, and same AP.

  Since you control Class, you can send the same Class back for the re-authenticated session.  And therefore the "unique" accounting session ID will be the same.

   don't know what point you're trying to make.  Please explain your point, instead of quoting RFCs about re-authentication.  I can read the RFCs.  I can't read your mind.

> It is in this case that NASes are observed not sending a Stop and a
> Start, which I believe is semantically correct.

  As I said, the RFCs are silent on this issue.  There is no way to tell if this behaviour is correct or incorrect.

  Alan DeKok.




More information about the Freeradius-Users mailing list