New features in 3.0.5
Alan DeKok
aland at deployingradius.com
Tue Nov 4 18:18:48 CET 2014
We've been busy. :)
One minor but nice feature is that the debug messages are now
indented, based on syntax. e.g. previously, for a nested "if"
statement, we had:
... if ..
if
we now have:
if (...)
if (...)
which is a bit easier to read.
For people doing CoA, the "session-state" functionality has now been
added to the "originate-coa" functionality.
This lets you re-authorize a user, without checking passwords. See
the following link for details:
https://tools.ietf.org/html/rfc5176#section-3.2
When originating a CoA packet, you can do:
update session-state {
... attributes ...
}
When the NAS sends an Access-Request, you can check it:
if (Service-Type &&
(Service-Type == Authorize-Only)) {
if (!session-state) {
reject
}
... re-authorize the user
... he's already authenticated!
}
That re-authorization was pretty much impossible before. It's now
trivial.
Alan DeKok.
More information about the Freeradius-Users
mailing list