Session-Timeout Problem
Selahattin Cilek
selahattin_cilek at hotmail.com
Fri Feb 3 12:08:06 CET 2017
Yes, it was careless of me to post that question without carefully
examining the direction of the packets. Thank you for the information.
At least I now know where the fault is. I hope the UBNT guys will soon
solve this problem.
On 03.02.2017 13:23, Brian Candler wrote:
> On 03/02/2017 08:40, Selahattin Cilek wrote:
>> It is possible to inject the Session-Timeout attribute into Account
>> Request packets? If yes, how?
>
> The Session-Timeout is an instruction *from* the RADIUS server *to*
> the NAS, telling the NAS how long it is allowed to leave the user
> connected. That's why it goes in Access-Accept.
>
> There's no particular reason for the Session-Timeout to be included in
> the Accounting-Request. RFC2866 does allow it, but it would be a for
> information only ("I have been told to disconnect the user after they
> have been online for X seconds")
>
> For one last time, here's how it works.
>
> 1. NAS sends Access-Request.
>
> << at this point, for EAP there's a series of
> Access-Challenge/Access-Response exchanges >>
>
> 2. RADIUS server sends Access-Accept containing Session-Timeout (see
> RFC2865 section 5.27 and 5.44)
>
> 3. NAS grants access to the user and starts a timer.
>
> 4. NAS sends Accounting-Request (Start). It may also subsequently
> send Accounting-Request (Interim-Update) periodically.
>
> 5. NAS disconnects the user after the time given in Session-Timeout
> has expired.
>
> 6. NAS sends Accounting-Request (Stop).
>
> 7. Go back to step 1
>
> In steps 4 and 6, the RADIUS server confirms receipt of the
> Accounting-Request messages with Accounting-Response messages, but
> those contain no content. There are no other RADIUS messages involved.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
More information about the Freeradius-Users
mailing list