Session-Timeout Problem

Selahattin Cilek selahattin_cilek at
Fri Feb 3 12:08:06 CET 2017

Yes, it was careless of me to post that question without carefully 
examining the direction of the packets. Thank  you for the information. 
At least I now know where the fault is. I hope the UBNT guys will soon 
solve this problem.

On 03.02.2017 13:23, Brian Candler wrote:
> On 03/02/2017 08:40, Selahattin Cilek wrote:
>> It is possible to inject the Session-Timeout attribute into Account 
>> Request packets? If yes, how?
> The Session-Timeout is an instruction *from* the RADIUS server *to* 
> the NAS, telling the NAS how long it is allowed to leave the user 
> connected.  That's why it goes in Access-Accept.
> There's no particular reason for the Session-Timeout to be included in 
> the Accounting-Request. RFC2866 does allow it, but it would be a for 
> information only ("I have been told to disconnect the user after they 
> have been online for X seconds")
> For one last time, here's how it works.
> 1. NAS sends Access-Request.
> << at this point, for EAP there's a series of 
> Access-Challenge/Access-Response exchanges >>
> 2. RADIUS server sends Access-Accept containing Session-Timeout (see 
> RFC2865 section 5.27 and 5.44)
> 3. NAS grants access to the user and starts a timer.
> 4. NAS sends Accounting-Request (Start).  It may also subsequently 
> send Accounting-Request (Interim-Update) periodically.
> 5. NAS disconnects the user after the time given in Session-Timeout 
> has expired.
> 6. NAS sends Accounting-Request (Stop).
> 7. Go back to step 1
> In steps 4 and 6, the RADIUS server confirms receipt of the 
> Accounting-Request messages with Accounting-Response messages, but 
> those contain no content.  There are no other RADIUS messages involved.
> -
> List info/subscribe/unsubscribe? See 

This email has been checked for viruses by Avast antivirus software.

More information about the Freeradius-Users mailing list