Force user disconnect on NAS

Arran Cudbard-Bell A.Cudbard-Bell at sussex.ac.uk
Thu Feb 28 00:08:41 CET 2008 

J-P Raymond wrote:
>   Ok I'll look at it thanks but
>  
> what about Disconnect message ?
>  
> I pull this info from my log
>  
>         User-Name = xxx at xxxx.com <mailto:xxx at xxxx.com>
>         Acct-Status-Type = Start
>         Acct-Session-Id = "12345678.90.123"
>         NAS-Identifier = "router"
>         NAS-IP-Address = 200.10.50.100
>         NAS-Port-Type = Virtual
>         Framed-IP-Address = 200.10.50.1
>         Acct-Delay-Time = 0
>         Client-IP-Address = 200.10.50.100
>         Acct-Unique-Session-Id = "8d120506b2972302"
>  
> I put this in packet.txt
>  
> I tried :
> cat packet.txt | radclient -x 200.10.50.100:3799 disconnect mysecret
> // 
> But radclient keep retrying and it doesn't seams to work !
>  
> on the web site it mentioned I need disconnect enabled Nas ?
>  
> Someone already tried this ?

See when someone gives you the answer to your question and you 
completely ignore it... *sigh*

Look http://www.rfc-archive.org/getrfc.php?rfc=3576 RFC 3576 CoA It's an 
extension to the RADIUS protocol. Most NAS don't support it because no 
RADIUS servers support it.

Use the IEEE 802.1x MIB, It works, It works very well. I'll try and dig 
out the relevant OIDs tomorrow if your interested...

Arran

>  
> Thanks
> 
> 
> 
> 
>  > Date: Wed, 27 Feb 2008 21:31:06 +0000
>  > To: freeradius-users at lists.freeradius.org
>  > Subject: Re: Force user disconnect on NAS
>  > From: A.Cudbard-Bell at sussex.ac.uk
>  >
>  > J-P Raymond wrote:
>  > >
>  > > Question,
>  > >
>  > > Is it possible from the radius server to force a user to disconnect ?
>  > >
>  > > If yes what do I need to do that ?
>  > >
>  > > Normal
>  > > Client --> NAS --> Radius server
>  > >
>  > > I would like to send a request
>  > > Radius server --> NAS X Client
>  > >
>  > > Thanks for your time
>  > >
>  > >
>  > >
>  > >
>  > > 
> ------------------------------------------------------------------------
>  > >
>  > > -
>  > > List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
>  > Yes but your NAS needs to support CoA (Change of Authorisation) , and
>  > your RADIUS server needs to support it too; currently FR doesn't.
>  >
>  > Your best bet is to use the standard 802.1x mib and force
>  > re-authentication using SNMP. Most NAS implement this MIB just people
>  > seem to overlook it...
>  >
>  > Regards,
>  > Arran
>  >
>  >
>  > --
>  > Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
>  > Authentication, Authorisation and Accounting Officer
>  > Infrastructure Services | ENG1 E1-1-08
>  > University Of Sussex, Brighton
>  > EXT:01273 873900 | INT: 3900
>  >
>  > -
>  > List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 
> 
> 
> ------------------------------------------------------------------------
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list