block users on-the-fly
Guilherme Franco
guilhermefranco at gmail.com
Mon Oct 16 18:39:40 CEST 2006
Thanks Owen
On 10/16/06, Owen DeLong <owen at delong.com> wrote:
>
> On Oct 16, 2006, at 6:25 AM, Guilherme Franco wrote:
>
> > Hi,
> >
> > Does anyone already have a program to block freeradius on-the-fly?
> >
> > ie: user has PAID = YES in radcheck table. Whenever I set PAID = NO,
> > the user would no longer authenticate the next time he/ she logs in.
> > OK, this works, but, if the user is already loged in, even if I set
> > PAID = NO, the user would not be rejected (for obvious reasons). This
> > is important because the grand number of Router mode ADSL users, that
> > never logs out. I'm building a program to verify every x minutes the
> > database and if PAID = NO, return a flag to freeradius and then reject
> > the user.
> >
> > Is there any other means to do that?
> >
> > Thanks.
> > - List info/subscribe/unsubscribe? See http://www.freeradius.org/
> > list/users.html
>
> The radius protocol only supports processing of authentication requests.
> Unless you can get your hardware to send a periodic re-auth request,
> there's no way to have them processed by radius again no matter what
> you do to the database. Radius has no "push" capability.
>
> Your options are:
> + Get your hardware to re-auth periodically.
> + Use another process to boot users (forcing a reauth) when you
> change the database.
>
> Owen
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
--
Guilherme de Oliveira Franco
Damovo - Brasil
More information about the Freeradius-Users
mailing list