Disconnect-Request packet

Paul Hampson Paul.Hampson at PObox.com
Fri Jul 29 03:53:36 CEST 2005

On Thu, Jul 28, 2005 at 06:20:35PM -0700, N White wrote:
> That's correct. Read my second reply. So other then writing custom 
> scripts, is there a way for the RADIUS server(FreeRADIUS) to be told to 
> send a disconnect packet to the NAS that a particular user is logged in 
> to(NAS could vary - Portmaster, Cisco, PPPoE Server, VPN Server, etc))?

Nope, you have to write custom scripts. FreeRADIUS has nothing to do
with (and wants nothing to do with) the disconnect packets.

Usually, you would have a script that checks for whatever condition
you're basing the disconnect on, and calls radclient (or telnet, or
whatever the interface your NAS/downstream provides for this) to do
the disconnect. (I've also seen SNMP and SOAP, and I really don't think
FreeRADIUS is the right tool to automate a phone call to the NOC. ^_^)

While you _could_ integrate disconnect into FreeRADIUS using a mechanism
similar to checkrad, it'd be pretty daft, since the authentication
checks the wrong details (this is an administrative request, not a user
request) and sends the wrong way (this is an unsolicited packet to a
NAS, not to a RADIUS proxy). This last point seems trivial until you try
to proxy backwards through a chain you have only the last hop of, and
the last hop doesn't neccessarily know what the previous hop was.  (I
vaugely remember someone discussing a static reverse-NAS route config
file at some point. Luckily, no one tried to turn that into code)

Bash and perl are both simpler and easier shells for this than
FreeRADIUS. ^_^

Paul "TBBle" Hampson, on an alternate email client.

More information about the Freeradius-Users mailing list