If radius
server wants to send a challenge to user, then it sends Access-Challenge packet
to radius client. Following figure shows frame format for Access-Challenge
packet.
Access-Challenge
packet may contain one or more Reply-Message. Reply-Message attribute indicates
text, which may be displayed to the user.
Access-Challenge
packet can contain following attributes.
Attribute
|
Description
|
Reply-Message
|
It indicates
text, which may be displayed to the user.
|
State
|
Can has
single state attribute. This Attribute is available to be sent by the server
to the client in an Access-Challenge and MUST be sent unmodified from the
client to the server in the new Access-Request reply to that challenge, if
any.
|
Vendor-Specific
|
This
Attribute is available to allow vendors to support their own extended
Attributes not suitable for general usage.
It MUST not affect the operation of the RADIUS protocol.
|
Idle-Timeout
|
This
Attribute sets the maximum number of consecutive seconds of idle connection
allowed to the user before termination of the session or prompt.
|
Session-Timeout
|
This
Attribute sets the maximum number of seconds of service to be provided to the
user before termination of the session or prompt.
|
Proxy-State
|
This
Attribute is available to be sent by a proxy server to another server when
forwarding an Access-Request and MUST be returned unmodified in the Access-Accept,
Access-Reject or Access-Challenge.
|
No comments:
Post a Comment