[c-nsp] Discussion list for RADIUS?
Robert Blayzor
rblayzor.bulk at inoc.net
Sun May 25 08:15:05 EDT 2008
On May 23, 2008, at 10:47 PM, Tuc at T-B-O-H.NET wrote:
> You send the accounting start record and off the user goes. 10
> minutes
> into the session, the operators/a process/whatever decides to change
> your Radius
> entry so that the new Session-Timeout would be 5 minutes. How, if at
> all, does
> the NAS become aware of this?
Easy, it doesn't. RADIUS servers do not PUSH attributes to an active
NAS session. There are some dynamic-author features that some Cisco
NAS's support where you can change attributes of an existing session,
but that's not the roll of a RADIUS server. You'd have to have a
client side app to push server like conversation back to the NAS.
Authorization is only done once at login time. If you change
attributes, normally the only way to do so is to reset the session and
have them reauth.
--
Robert Blayzor, BOFH
INOC, LLC
rblayzor at inoc.net
http://www.inoc.net/~rblayzor/
More information about the cisco-nsp
mailing list