Support for this attribute is NAS dependant. If the Cisco doesn't
support it, you can see if they have something similiar, or ask
them for a resolution. There is nothing on the RADIUS server
side we can do besides send the attribute.
> 2) Radius-server sends the same value of attribute Session-
> Timeout for all PPP-session, but it would be preferable that
> Session-Timeout=SubAccounts.TimeLeft.
You need to enable time banking, in the RadiusNT administrator before
it will do this. It will actually take the smaller of the two
Session-Timeout values and send it to the NAS.
> Questions:
> 1) How can we make Cisco to set absolute-timeout according to
> the value of attribute Session-Timeout received from Radius-server.
I don't know, to be honest. I don't have a lot of experience with
Cisco's RADIUS implementation.
> 2) Can the Radius-server set the value of attribute
> Session-Timeout=SubAccounts.TimeLeft for specified user
If you enable it to. You'll also want to turn on sub-accounts
update, as well.
-- Dale E. Reed Jr. (daler@iea.com)_________________________________________________________________ IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs Internet Solutions for Today | http://www.emerald.iea.com