[RADIATOR] 802.1x re-authentications

Tue Nov 22 07:54:24 CST 2011

On 11/22/2011 03:55 AM, Kiernan McColl wrote:

> I believe you’d have to add something similar to this to your AuthBy config:
> 
> AddToReply Session-Timeout=3600

That should work. Termination-Action is usually not needed.

The value for seconds can be a fixed value like above, or it can pulled
e.g. from SQL during the authentication to create accounts which are
valid e.g. "until midnight".

> *From:*radiator-bounces at open.com.au
> [mailto:radiator-bounces at open.com.au] *On Behalf Of *Markus Moeller
> *Sent:* Tuesday, 22 November 2011 3:45 AM
> *To:* radiator at open.com.au
> *Subject:* [RADIATOR] 802.1x re-authentications
> 
>  
> 
> I read that the session timeout can be used to defines the re-authentications time for a device. Where can I set this in Radiator ?
> 
> Thank You
> Markus
> 
> http://www.rfc-editor.org/rfc/rfc3580.txt
> 
>  
> 
> 3.17.  Session-Timeout
> 
>  
> 
>    When sent along in an Access-Accept without a Termination-Action
> 
>    attribute or with a Termination-Action attribute set to Default, the
> 
>    Session-Timeout attribute specifies the maximum number of seconds of
> 
>    service provided prior to session termination.
> 
>  
> 
>    When sent in an Access-Accept along with a Termination-Action value
> 
>    of RADIUS-Request, the Session-Timeout attribute specifies the
> 
>    maximum number of seconds of service provided prior to re-
> 
>    authentication.  In this case, the Session-Timeout attribute is used
> 
>    to load the reAuthPeriod constant within the Reauthentication Timer
> 
>    state machine of 802.1X.  When sent with a Termination-Action value
> 
>    of RADIUS-Request, a Session-Timeout value of zero indicates the
> 
>    desire to perform another authentication (possibly of a different
> 
>    type) immediately after the first authentication has successfully
> 
>    completed.
> 
>  
> 
>    When sent in an Access-Challenge, this attribute represents the
> 
>    maximum number of seconds that an IEEE 802.1X Authenticator should
> 
>    wait for an EAP-Response before retransmitting.  In this case, the
> 
>    Session-Timeout attribute is used to load the suppTimeout constant
> 
>    within the backend state machine of IEEE 802.1X.
> 
>  
> 
>  
> 
> 
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.