hi
> When using the EAP attributes (<draft-aboba-radius-rfc2869bis-10.txt), > Radius has the "EAP Start" packet for the client to indicate to the radius > server about the start of an authentication handshake. Now, the server can > send a response packet with the "Session-Timeout" attribute optionally > included in its response, indicating to the NAS how long the session must > remain active. usually, the NAS don't hand the Start packet to the RADIUS server. the first packet which arrives is usually the EAP Response Identity though Start can be sent to the server too, if I remember good. actually, EAP Start is not mandatory, the NAS can generate the Request directly when it sees an incoming association/call/whatever. > What would be the behavior in a case where the "Session-Timeout" attribute > is not set by the server ? Is there a default value for the duration of this > authenticated session that the NAS would use ? Or is this session > authenticated for an infinite duration of time. there could be NAS which has those "default" options... but that's outside of radius. > This question would make sense in the context where the NAS would also > implement the accounting attributes as well. In such a case, the NAS would > be sending an "Accounting Start" packet to the accounting server whenever it > sends a "Start" packet to the RADIUS server. However, when does it send the > "Accounting Stop" packet to the accounting server, if there is no > corresponding "Session-Timeout" associated with this session ? if there is no Session-Timeout attribute, the NAS simply waits until disconnection occurs and sends the Accounting Stop to the server including all Incoming/Outgoing Octets, Delays, etc. server can now write the Start and the Stop in its history, thus having the base for the accounting. that's how i understand it. actually, i would see Session-Timeout as a reason for disconnection. and the disconnection always results in an Accounting Stop packet being sent. the reason for the disconnection is included in the Stop packet (Lost-Carrier, Session-Timeout, etc.) e.g. take a look at page 19 of RFC 2866. and later, you will see that Session-Timeout is 0-1 possibility in the Accounting packets. ciao artur -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
