Is it possible to change a session's or account's lifetime

Alan DeKok aland at
Mon Mar 26 13:34:37 CEST 2018

On Mar 26, 2018, at 2:16 AM, 张强 <zhangqiang at> wrote:
> What I want to do is temporarily allowing a user's access for a short
> time, say 2 minutes, and if the user takes further authentication 
> process, the user's access can be allowed without limit.

  Most NASes will ignore session times smaller than 5-10 minutes.

> I tried to use the Expiration attribute in radcheck, set the value 
> to be 2 minutes later in the beginning, and set it to be 1 day later 
> after the required authentication process is completed. But it seems the
> NAS only reads the initial value. It expires the user in 2 minutes and 
> never reads the new value.

  i.e. it kicks the user off, and the user never re-tries authentication.

  That isn't a problem you can solve on the RADIUS server.  Only the user can re-start authentication.

  So... what is the user doing for authentication?

> So the question is how to limit and change the lifetime of a session or 
> of an account?

  For Wifi, people use captive portals, which avoid this problem.

  Alan DeKok.

More information about the Freeradius-Users mailing list