Originate CoA Request After Receiving Access-Accept
Alan DeKok
aland at deployingradius.com
Fri Apr 26 15:15:35 CEST 2013
Okis Chuang wrote:
> From the originate-coa documentation, it seems I can’t originate
> coa-request at the section of pre-proxy or post-proxy.
>
> It’s documented, pretty clear.
It's nice to hear that the documentation helps. :)
> I’m not sure whether it is the cause of my following questions.
It is.
> But what if I need two steps below finished continually both in the same
> move:
>
> 1. **proxy** auth request to other AAA dispatcher(also FreeRADIUS)
> to decide where to authenticate.
That's easy.
> 2. Getting Access-Accept in post-auth, then originate coa request
> at once in order to change redirect profile to forward profile for
> subscriber.
That's hard. At least with "originate-coa".
The short answer is that you can run "radclient" as an external
program from the post-proxy section. It's ugly, but it will work.
> But I got the warning that **cannot proxy and originate CoA packets at
> the same time**.
Yes. We're looking into fixing that for 3.0.
> Actually I move the coa origination to my AAA dispatcher, it also can’t
> works and occurs the same warning.(It makes sense because both are doing
> coa request after proxying auth request I guess.
Originating a CoA packet is really proxying it. And the server can't
proxy to two different destinations.
> So here are my questions:
>
> 1. Does this flow works possibly in my scenario? I mean can I
> originate coa at once after getting Access-Accept?
Not today.
> 2. What if I set a **virtual coa server** for receiving coa request
> from itself, then send to gateway at the section of
That won't change anything.
It may be easy to originate CoA packets *after* proxying. Just so
long as it doesn't do both at the same time.
I'll see if I have time to look into it.
Alan DeKok.
More information about the Freeradius-Users
mailing list