[c-nsp] Discussion list for RADIUS?
Tuc at T-B-O-H.NET
ml at t-b-o-h.net
Fri May 23 22:47:50 EDT 2008
Hi,
What it boils down to is that when you auth, you have the potential
for a "Session-Timeout" reply. Lets say its 120 minutes. You get back that
you are authorized with that attribute.
You send the accounting start record and off the user goes. 10 minutes
into the session, the operators/a process/whatever decides to change your Radius
entry so that the new Session-Timeout would be 5 minutes. How, if at all, does
the NAS become aware of this?
It doesn't seem that accounting records play into any of this. I
see where in 2866 you send a type 4, and get a type 5 back (Accounting-Request
and Accounting-Response). The Accounting-Response seems like it only says
"I've seen, I've recorded, thank you". If the ID was deleted, it appears it
might not care.
I'm just wondering except for constantly re-authorizing and getting
the Session-Timeout (Or worse, an Access-Reject) is there any way for a NAS
to know that the Session-Timeout has expired, the ID is no longer valid, etc.
Thanks, Tuc
>
> Why don't you just ask your question, and if anyone can help you or point
> you in the right direction we will? I know you said it is not a Cisco
> product question, but there have been enough emails already that initially
> asking the question, but asking for direct replies instead of to the list
> because it wasn't a Cisco question, would probably have been more efficient.
>
> Thanks,
>
> Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
> Senior Network Engineer
> Coleman Technologies, Inc.
> 954-298-1697
>
>
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> > bounces at puck.nether.net] On Behalf Of Tuc at T-B-O-H.NET
> > Sent: Friday, May 23, 2008 6:47 PM
> > To: Joe Maimon
> > Cc: A.L.M.Buxey at lboro.ac.uk; cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] Discussion list for RADIUS?
> >
> > >
> > >
> > >
> > > Tuc at T-B-O-H.NET wrote:
> > > >> Hi,
> > > >>> Hi,
> > > >>>
> > > >>> Does anyone know of a good discussion list for the RADIUS
> > protocol?
> > >
> > > You could try the freeradius list. You could also try the freeradius
> > server.
> > >
> > Been there, done that, told to RTFRFCs, its not about FreeRadius
> > but
> > the protocol, go elsehwere, thank you, goodbye.
> >
> > Hence my search elsewhere......
> >
> > Thanks, Tuc
More information about the cisco-nsp
mailing list