New features in 3.0.5

Alan DeKok aland at deployingradius.com
Tue Nov 4 18:18:48 CET 2014


  We've been busy. :)

  One minor but nice feature is that the debug messages are now
indented, based on syntax.  e.g. previously, for a nested "if"
statement, we had:

...  if ..
     if

we now have:

     if (...)
      if (...)

  which is a bit easier to read.

  For people doing CoA, the "session-state" functionality has now been
added to the "originate-coa" functionality.

  This lets you re-authorize a user, without checking passwords.  See
the following link for details:

https://tools.ietf.org/html/rfc5176#section-3.2

  When originating a CoA packet, you can do:

	update session-state {
		... attributes ...
	}

  When the NAS sends an Access-Request, you can check it:

	if (Service-Type &&
	    (Service-Type == Authorize-Only)) {
		if (!session-state) {
			reject
		}

		... re-authorize the user
		... he's already authenticated!
	}

  That re-authorization was pretty much impossible before.  It's now
trivial.

  Alan DeKok.


More information about the Freeradius-Users mailing list