Is it possible to change a session's or account's lifetime

Alan DeKok aland at deployingradius.com
Tue Mar 27 14:25:27 CEST 2018


On Mar 26, 2018, at 11:14 PM, 张强 <zhangqiang at meizu.com> wrote:
> A captive portal is excatly what I'm trying to make, 
> but our scenario is rather complicated. The user 
> have to be taken from the portal to a mobile 
> application to continue the authentication process 
> which will need Internet access. That's why I need 
> to temporarily allow the user's access.

  The issue here is that you're using a custom authentication process.  If the NAS supports it, it will work.  Otherwise it won't.

  And as always, no amount of poking FreeRADIUS will make the NAS do what you want.  The NAS *must* support that functionality.

> If I understood you right, I have to make the user 
> to re-authenticate to let the NAS know the Expiration 
> attribute has changed?

   Not exactly.  The NAS should honour Session-Timeout, which is set by FreeRADIUS when you use Expiration.

  But, the user doesn't know to re-authenticate.  They might re-authenticate, or they might not.  This isn't under your control.

> If so, I think configuring the 
> NAS to authenticate with freeRADIUS every 10 
> minutes, and making the initial expiration value to a 
> little longer than 10 min will solve the problem. 
> Am I right?

  Maybe.  Or maybe it won't change anything.

> And I'm terribly sorry if this post doesn't follow the 
> thread I started previously, I don't know how to follow 
> a thread when replying to a mailing list.

  If you're subscribed to the mailing list and get it via email... just reply to the message.

  Alan DeKok.




More information about the Freeradius-Users mailing list