A little issue with disconnecting users

Arran Cudbard-Bell a.cudbardb at freeradius.org
Sat Aug 20 15:06:23 CEST 2011


On 20 Aug 2011, at 14:43, Mobin Yazarlou wrote:

> >>  Could you give a working Packet of Disconnect example cause it will not work if I eliminate "X-Ascend-Session-Svr-Key" or set a NULL value for it.
> 
> 
> >You don't need X-Ascend-Session-Srv-Key and i've removed it from the example on the wiki...
> 
> >See here http://wiki.freeradius.org/HP#Radclient+DM+example
> 
> >-Arran
> 
> 
>  Thanks. I did what you said but it seems that there must be a NAS to get the packet on port 3799 and disconnect the user for me.

Yes.

> I have everything on a single machine and there is not any standalone hardware or something to act as a NAS. PPTP and L2TP/IPSec processes serve dialin users and freeRADIUS is used to authenticate them.
>  Is there any lightweight software that I can use as a NAS to solve this?

Not to my knowledge. CoA and DM extensions are relatively recent (in RADIUS terms) so not that many vendors or projects have implemented them. If your VPN daemon doesn't support DM, then your best bet is SNMP, just fire off a script with the exec module. The only reason why you'd absolutely need to use DM is if the packets had to navigate a network of RADIUS proxy servers, otherwise SNMP works just as well.

If your VPN daemon doesn't support SNMP, see if it has a control socket, then write something in perl/python/ruby to translate SNMP requests, or just requests on another INET socket.

Good luck :)

-Arran

Arran Cudbard-Bell
a.cudbardb at freeradius.org

RADIUS - Half the complexity of Diameter

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110820/3d9bbd78/attachment.html>


More information about the Freeradius-Users mailing list