Re: Force user disconnect on NAS

Arran Cudbard-Bell <A.Cudbard-Bell@sussex.ac.uk> · Wed, 27 Feb 2008 23:08:41 +0000

J-P Raymond wrote:

  Ok I'll look at it thanks but

what about Disconnect message ?

I pull this info from my log

        User-Name = xxx@xxxx.com <mailto:xxx@xxxx.com>

        Acct-Status-Type = Start
        Acct-Session-Id = "12345678.90.123"
        NAS-Identifier = "router"
        NAS-IP-Address = 200.10.50.100
        NAS-Port-Type = Virtual
        Framed-IP-Address = 200.10.50.1
        Acct-Delay-Time = 0
        Client-IP-Address = 200.10.50.100
        Acct-Unique-Session-Id = "8d120506b2972302"

I put this in packet.txt

I tried :

cat packet.txt | radclient -x 200.10.50.100:3799 disconnect mysecret

// 

But radclient keep retrying and it doesn't seams to work !

on the web site it mentioned I need disconnect enabled Nas ?

Someone already tried this ?

See when someone gives you the answer to your question and you 

completely ignore it... *sigh*

Look http://www.rfc-archive.org/getrfc.php?rfc=3576 RFC 3576 CoA It's an 

extension to the RADIUS protocol. Most NAS don't support it because no 

RADIUS servers support it.

Use the IEEE 802.1x MIB, It works, It works very well. I'll try and dig 

out the relevant OIDs tomorrow if your interested...

Arran

Thanks

 > Date: Wed, 27 Feb 2008 21:31:06 +0000
 > To: freeradius-users@lists.freeradius.org
 > Subject: Re: Force user disconnect on NAS
 > From: A.Cudbard-Bell@sussex.ac.uk
 >
 > J-P Raymond wrote:
 > >
 > > Question,
 > >
 > > Is it possible from the radius server to force a user to disconnect ?
 > >
 > > If yes what do I need to do that ?
 > >
 > > Normal
 > > Client --> NAS --> Radius server
 > >
 > > I would like to send a request
 > > Radius server --> NAS X Client
 > >
 > > Thanks for your time
 > >
 > >
 > >
 > >

 > > 

------------------------------------------------------------------------

 > >
 > > -

 > > List info/subscribe/unsubscribe? See 

http://www.freeradius.org/list/users.html

 > Yes but your NAS needs to support CoA (Change of Authorisation) , and
 > your RADIUS server needs to support it too; currently FR doesn't.
 >
 > Your best bet is to use the standard 802.1x mib and force
 > re-authentication using SNMP. Most NAS implement this MIB just people
 > seem to overlook it...
 >
 > Regards,
 > Arran
 >
 >
 > --
 > Arran Cudbard-Bell (A.Cudbard-Bell@sussex.ac.uk)
 > Authentication, Authorisation and Accounting Officer
 > Infrastructure Services | ENG1 E1-1-08
 > University Of Sussex, Brighton
 > EXT:01273 873900 | INT: 3900
 >
 > -

 > List info/subscribe/unsubscribe? See 

http://www.freeradius.org/list/users.html

------------------------------------------------------------------------

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html