New features in 3.0.5

johan firdianto johanfirdi at gmail.com
Wed Nov 5 02:36:53 CET 2014


this reauthorization coa feature compatible with chillispot/coovachilli or
not ?
 On Nov 5, 2014 12:25 AM, "Alan DeKok" <aland at deployingradius.com> wrote:

>   We've been busy. :)
>
>   One minor but nice feature is that the debug messages are now
> indented, based on syntax.  e.g. previously, for a nested "if"
> statement, we had:
>
> ...  if ..
>      if
>
> we now have:
>
>      if (...)
>       if (...)
>
>   which is a bit easier to read.
>
>   For people doing CoA, the "session-state" functionality has now been
> added to the "originate-coa" functionality.
>
>   This lets you re-authorize a user, without checking passwords.  See
> the following link for details:
>
> https://tools.ietf.org/html/rfc5176#section-3.2
>
>   When originating a CoA packet, you can do:
>
>         update session-state {
>                 ... attributes ...
>         }
>
>   When the NAS sends an Access-Request, you can check it:
>
>         if (Service-Type &&
>             (Service-Type == Authorize-Only)) {
>                 if (!session-state) {
>                         reject
>                 }
>
>                 ... re-authorize the user
>                 ... he's already authenticated!
>         }
>
>   That re-authorization was pretty much impossible before.  It's now
> trivial.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141105/bfe2d9bb/attachment.html>


More information about the Freeradius-Users mailing list