selahattin_cilek at hotmail.com
Fri Feb 3 12:08:06 CET 2017
Yes, it was careless of me to post that question without carefully
examining the direction of the packets. Thank you for the information.
At least I now know where the fault is. I hope the UBNT guys will soon
solve this problem.
On 03.02.2017 13:23, Brian Candler wrote:
> On 03/02/2017 08:40, Selahattin Cilek wrote:
>> It is possible to inject the Session-Timeout attribute into Account
>> Request packets? If yes, how?
> The Session-Timeout is an instruction *from* the RADIUS server *to*
> the NAS, telling the NAS how long it is allowed to leave the user
> connected. That's why it goes in Access-Accept.
> There's no particular reason for the Session-Timeout to be included in
> the Accounting-Request. RFC2866 does allow it, but it would be a for
> information only ("I have been told to disconnect the user after they
> have been online for X seconds")
> For one last time, here's how it works.
> 1. NAS sends Access-Request.
> << at this point, for EAP there's a series of
> Access-Challenge/Access-Response exchanges >>
> 2. RADIUS server sends Access-Accept containing Session-Timeout (see
> RFC2865 section 5.27 and 5.44)
> 3. NAS grants access to the user and starts a timer.
> 4. NAS sends Accounting-Request (Start). It may also subsequently
> send Accounting-Request (Interim-Update) periodically.
> 5. NAS disconnects the user after the time given in Session-Timeout
> has expired.
> 6. NAS sends Accounting-Request (Stop).
> 7. Go back to step 1
> In steps 4 and 6, the RADIUS server confirms receipt of the
> Accounting-Request messages with Accounting-Response messages, but
> those contain no content. There are no other RADIUS messages involved.
> List info/subscribe/unsubscribe? See
This email has been checked for viruses by Avast antivirus software.
More information about the Freeradius-Users