We've been busy. :) One minor but nice feature is that the debug messages are now indented, based on syntax. e.g. previously, for a nested "if" statement, we had: ... if .. if we now have: if (...) if (...) which is a bit easier to read. For people doing CoA, the "session-state" functionality has now been added to the "originate-coa" functionality. This lets you re-authorize a user, without checking passwords. See the following link for details: https://tools.ietf.org/html/rfc5176#section-3.2 When originating a CoA packet, you can do: update session-state { ... attributes ... } When the NAS sends an Access-Request, you can check it: if (Service-Type && (Service-Type == Authorize-Only)) { if (!session-state) { reject } ... re-authorize the user ... he's already authenticated! } That re-authorization was pretty much impossible before. It's now trivial. Alan DeKok.
this reauthorization coa feature compatible with chillispot/coovachilli or not ? On Nov 5, 2014 12:25 AM, "Alan DeKok" <aland@deployingradius.com> wrote:
We've been busy. :)
One minor but nice feature is that the debug messages are now indented, based on syntax. e.g. previously, for a nested "if" statement, we had:
... if .. if
we now have:
if (...) if (...)
which is a bit easier to read.
For people doing CoA, the "session-state" functionality has now been added to the "originate-coa" functionality.
This lets you re-authorize a user, without checking passwords. See the following link for details:
https://tools.ietf.org/html/rfc5176#section-3.2
When originating a CoA packet, you can do:
update session-state { ... attributes ... }
When the NAS sends an Access-Request, you can check it:
if (Service-Type && (Service-Type == Authorize-Only)) { if (!session-state) { reject }
... re-authorize the user ... he's already authenticated! }
That re-authorization was pretty much impossible before. It's now trivial.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
johan firdianto wrote:
this reauthorization coa feature compatible with chillispot/coovachilli or not ?
If they implement the RFC, yes. Ask them if they implement the RFC. Hmm.... coova seems dead. Anyone interested in continuing development on it? I can email the maintainer and ask. Alan DeKok.
participants (2)
-
Alan DeKok -
johan firdianto