Session-Timeout Problem
Brian Candler
b.candler at pobox.com
Fri Feb 3 11:23:32 CET 2017
On 03/02/2017 08:40, Selahattin Cilek wrote:
> It is possible to inject the Session-Timeout attribute into Account Request packets? If yes, how?
The Session-Timeout is an instruction *from* the RADIUS server *to* the
NAS, telling the NAS how long it is allowed to leave the user
connected. That's why it goes in Access-Accept.
There's no particular reason for the Session-Timeout to be included in
the Accounting-Request. RFC2866 does allow it, but it would be a for
information only ("I have been told to disconnect the user after they
have been online for X seconds")
For one last time, here's how it works.
1. NAS sends Access-Request.
<< at this point, for EAP there's a series of
Access-Challenge/Access-Response exchanges >>
2. RADIUS server sends Access-Accept containing Session-Timeout (see
RFC2865 section 5.27 and 5.44)
3. NAS grants access to the user and starts a timer.
4. NAS sends Accounting-Request (Start). It may also subsequently send
Accounting-Request (Interim-Update) periodically.
5. NAS disconnects the user after the time given in Session-Timeout has
expired.
6. NAS sends Accounting-Request (Stop).
7. Go back to step 1
In steps 4 and 6, the RADIUS server confirms receipt of the
Accounting-Request messages with Accounting-Response messages, but those
contain no content. There are no other RADIUS messages involved.
More information about the Freeradius-Users
mailing list