Session Timeout in Access-Challenge

Sumant Gupta sumantgupta at gmail.com
Wed Oct 6 12:44:40 CEST 2021


Hi All,

I am trying to configure the "Session Timeout" in Freeradius , so that it
can follow the text below from specs.

https://www.ietf.org/rfc/rfc3580.txt

When sent in an Access-Challenge, this attribute represents the
   maximum number of seconds that an IEEE 802.1X Authenticator should
   wait for an EAP-Response before retransmitting.  In this case, the
   Session-Timeout attribute is used to load the suppTimeout constant
   within the backend state machine of IEEE 802.1X


I tried changing the sites-available/default and added the
"Session-Timeout := 7200" in below section, but still i can't see

"Session-timeout" parameter in "Access Challenge" request. After doing
that I restarted the freeradius .

I am using freeradius 3.0.16.

Is it the correct path, i am following?

post-auth {
        #
        #  If you need to have a State attribute, you can
        #  add it here.  e.g. for later CoA-Request with
        #  State, and Service-Type = Authorize-Only.
        #
#       if (!&reply:State) {
#               update reply {
#                       State := "0x%{randstr:16h}"
#               }
#       }

        #
        #  For EAP-TTLS and PEAP, add the cached attributes to the reply.
        #  The "session-state" attributes are automatically cached when
        #  an Access-Challenge is sent, and automatically retrieved
        #  when an Access-Request is received.
        #
        #  The session-state attributes are automatically deleted after
        #  an Access-Reject or Access-Accept is sent.
        #
        update {
                &reply: += &session-state:
                Session-Timeout := 7200
        }

 Sumant


More information about the Freeradius-Users mailing list