Unexpected Disconnect Message to NAS
Vladimir Cvetic
vcvetic.vc at gmail.com
Wed Feb 20 20:13:31 CET 2019
I can see in the debug log that the Session-Timeout attribute is set within
the inner tunnel but it doesn't make its way out to in the access-accept
response. the session is not terminated by the NAS.
Even with the parameter "use_tunneled_reply=yes" it doesn't work with PEAP.
Even if it's working for EAP-TLS I'd like to know what I'm doing wrong but
I simply don't see it. Any hint you can share would be appreciated.
On Tue, Feb 19, 2019 at 2:12 PM Alan DeKok <aland at deployingradius.com>
wrote:
>
>
> > On Feb 19, 2019, at 7:42 AM, Vladimir Cvetic <vcvetic.vc at gmail.com>
> wrote:
> >
> > Finally I fixed it. Apparently freeradius doesn't send Session-Timeout
> > attribute when using PEAP.
>
> No, it *does* send Session-Timeout with PEAP. If you configure it
> correctly.
>
> Read the debug log to see what's going on.
>
> > I tested with EAP-TTLS. Freeradius is sending
> > now Session-Timeout attribute now and the NAS disconnects the user now as
> > expected. No need for CoA and Disconnect messages anymore. Everything is
> > handled via the dailycounter and logintime module.
> >
> > Thanks Alan,
> > All the best
> >
> > On Tue, Feb 19, 2019 at 1:34 PM Alan DeKok <aland at deployingradius.com>
> > wrote:
> >
> >> On Feb 19, 2019, at 5:15 AM, Vladimir Cvetic <vcvetic.vc at gmail.com>
> wrote:
> >>> I did some further investigation with tcpdump.
> >>> the session-timeout attribute is only send with the access-challenge
> from
> >>> freeradius. I can't see the session-attribute within the access-accept
> >>> packets.
> >>> Is that the right behaviour?
> >>
> >> It's apparently what you configured the server to do.
> >>
> >> If that's not what you want, do something different. And ask better
> >> questions. "I did stuff and it didn't work" isn't really something we
> can
> >> help you with.
> >>
> >> Alan DeKok.
> >>
> >>
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list