On Sep 10, 2019, at 4:06 PM, Houman <houmie@gmail.com> wrote:
I have setup the FreeRadius like the following to prevent a user from logging in after his monthly usage has been exceeded.
That's good.
While this works fine, the user won't be disconnected after the monthly-usage has been exceeded. Instead only if the user disconnects voluntarily and tries to reconnect again would he be prevented.
See sites-available/originate-coa
So I'm trying to find a way to disconnect the user the moment his limit has been reached.
That's what "originate-com" is for. The documentation isn't perfect, but it should be good. When you receive an accounting request packet, check for over the limit, and if so, send a Disconnect-Request packet. You'll need to set up a home server, etc.
After some research I have come across Dynamic Authorization extension and have enabled it like this:
That's for *receiving* CoA packets. You want the server to *send* CoA packets.
Now I can disconnect myself from the command line, like this:
*echo User-Name=houman | radclient -x 127.0.0.1:3799 <http://127.0.0.1:3799> disconnect ''secret123''*
Well, no. You're sending FreeRADIUS a Disconnect-Request packet. That doesn't send the packet to the NAS. FreeRADIUS just goes "yup, I got a packet'. You still need to send the packet to the NAS. Alan DeKok.