A little issue with disconnecting users

Mobin Yazarlou yazarlou.m at gmail.com
Sat Aug 20 23:41:11 CEST 2011


>>  Thanks. I did what you said but it seems that there must be a NAS to
>> get the packet on port 3799 and disconnect the user for me. I have
>> everything on a single machine and there is not any standalone hardware
>> or something to act as a NAS. PPTP and L2TP/IPSec processes serve dialin
>> users and freeRADIUS is used to authenticate them.
>>  Is there any lightweight software that I can use as a NAS to solve this?

> $ man l2tp

>  It should have the ability to close connections via a command-line
> tool.  Then, run a script on FreeRADIUS to use that command-line tool.
>  Why are you working hard to find a complicated solution?  If it's all
> on one machine, the solutions are simple.
> Alan DeKok.

 Thanks Alan, that looks pretty easy. For a single machine and a single
dialin service that must work very well but I have some other services like
PPTP and OpenVPN and will have to run RADIUS and VPN services on different
machines when the number of users grow.


> Not to my knowledge. CoA and DM extensions are relatively recent
> (in RADIUS terms) so not that many vendors or projects have implemented
> them. If your VPN daemon doesn't support DM, then your best bet is SNMP,
> just fire off a script with the exec module. The only reason why you'd
absolutely
> need to use DM is if the packets had to navigate a network of RADIUS proxy

> servers, otherwise SNMP works just as well.

> If your VPN daemon doesn't support SNMP, see if it has a control socket,
then
> write something in perl/python/ruby to translate SNMP requests, or just
requests
> on another INET socket.

> Good luck :)
> -Arran


 Thanks Arran. Honestly, I don't have any idea about CoA and DM but I know
that I can use SNMP on the server which runs Debian 6.0. This might be out
of the RADIUS scope but I need a little bit more information on this to work
it out. How should I send the PoD to SNMP? Will SNMP handle such request by
default or I have to set it up for this?

 Even a useful URL would be a great help cause I couldn't find anything by
googling the keywords came to my mind.

Thanks,
Moby
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110821/ab046662/attachment.html>


More information about the Freeradius-Users mailing list