block users on-the-fly

Owen DeLong owen at delong.com
Mon Oct 16 16:54:10 CEST 2006


On Oct 16, 2006, at 6:25 AM, Guilherme Franco wrote:

> Hi,
>
> Does anyone already have a program to block freeradius on-the-fly?
>
> ie: user has PAID = YES in radcheck table. Whenever I set PAID = NO,
> the user would no longer authenticate the next time he/ she logs in.
> OK, this works, but, if the user is already loged in, even if I set
> PAID = NO, the user would not be rejected (for obvious reasons). This
> is important because the grand number of Router mode ADSL users, that
> never logs out. I'm building a program to verify every x minutes the
> database and if PAID = NO, return a flag to freeradius and then reject
> the user.
>
> Is there any other means to do that?
>
> Thanks.
> - List info/subscribe/unsubscribe? See http://www.freeradius.org/ 
> list/users.html

The radius protocol only supports processing of authentication requests.
Unless you can get your hardware to send a periodic re-auth request,
there's no way to have them processed by radius again no matter what
you do to the database.  Radius has no "push" capability.

Your options are:
	+	Get your hardware to re-auth periodically.
	+	Use another process to boot users (forcing a reauth) when you
		change the database.

Owen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20061016/eb8dbd67/attachment.pgp>


More information about the Freeradius-Users mailing list