Change of Authorization (RFC 3576 / 5176)

Alan DeKok aland at
Thu Jun 11 07:46:11 CEST 2009

Kanwar Ranbir Sandhu wrote:
> On Wed, 2009-06-10 at 15:09 -0400, Kanwar Ranbir Sandhu wrote:
>> I have a related question, although it's a bit off topic.
>> On Tue, 2009-05-19 at 14:08 +0200, Alan DeKok wrote:
>>>   In 2.1.6, the server could *originate* CoA packets.  e.g. If the users
>>> bandwidth consumption is over a quota, send a packet to disconnect them.
>> Does this include things like changing the group a user in?  For
>> example, if a user in the "allowed" group is updated to be in the
>> "disallowed" group (and auth/acct are in mysql), freeradius would
>> originate a CoA packet to disconnect the user.  Can this be done with
>> unlang, or am I mad?
> Anyone?

  Not all messages get *immediate* responses.

  And how would the server know if you changed the group?

  If the group changes, you'll need to tell FreeRADIUS to re-evaluate
the policies.

  Alan DeKok.

More information about the Freeradius-Users mailing list