Blocked user not disconnected for 12+ hours
Alan DeKok
aland at deployingradius.com
Thu Feb 9 09:06:28 CET 2012
Christ Schlacta wrote:
> This morning around 7AM local time I blocked an offending user from the
> wifi network by adding their account to the disabled-users group in the
> ldap directory. Until 7PM, I got no entries in my log specifying Login
> incorrect for the offending host until approximately 7PM. The client
> was able to connect and continue to access the network successfully the
> entire time. I also effectively kicked the user at the access point
> after setting the account to disabled. For over 12 hours the user
> account was able to continue to connect unhindered.
Did the user *reconnect* during that time? Or did the user stay
connected?
Setting a user to blocked simply stops them from connecting the *next*
time that they connect. It doesn't kick the off of the network now.
If they continued to re-connect during that time, run the server in
debug mode to see why. Odds are you made a mistake, and were returning
Access-Accept. If the server returns Access-Reject, the user *will not*
be able to log in.
Alan DeKok.
More information about the Freeradius-Users
mailing list