radius CoA client for PPTP box

Brock Eastman brock at corp.digitalpath.net
Thu Sep 24 01:35:46 CEST 2015 

I am currently trying to implement radius CoA on a NAS client using
freeradius to handle the listening of inbound packets.  I need to add a
feature to change the shaping policy on the fly from our radius system to
each existing NAS.  Freeradius appears to employ a nice framework to
accomplish this such as PPTP/PPPOE servers for an ISP environment.  I
originally started out with a PHP socket program that listened on port 3799
- it worked but has compatibility issues with older php4 systems that I must
still support.  I am not trying to proxy anything, just straight listen for
packets, send the attributes to a secondary program and change rate shaping
or disconnect users on the fly.

 

I have no problems sending requests from my radius server to the NAS hosting
the radius CoA listener on port 3799.

RADIUS AUTH/ACCT SERVER - > SEND REQUEST ON PORT 3799 

 

Radclient call -

echo "User-Name = test, Framed-IP-Address=198.204.209.33, NAS-Port=382" |
radclient -x 198.204.208.XX:3799 coa mypass

 

 

What I need is in the recv-coa section to allow me to send a remote command
using exec.  So far nothing has worked for me.  I've dug around in the
documentation all day without anything working.  I'm validating the php
script runs by touching a filesystem command and running the daemon in debug
mode from the command line to see the output.  But the php is never called.

 

----------------snippet from radiusd.conf

server coa {

        #  When a packet is received, it is processed through the

        #  recv-coa section.  This applies to *both* CoA-Request and

        #  Disconnect-Request packets.

 

 

        recv-coa {

                #  CoA && Disconnect packets can be proxied in the same

                #  way as authentication or accounting packets.

                #  Just set Proxy-To-Realm, or Home-Server-Pool, and the

                #  packets will be proxied.

                #  Insert your own policies here.

 

 

                update control {

                        Auth-Type:=`/usr/bin/php
/usr/local/bin/radius_coa.php %{User-Name}`

                }

                ok

        }

}

-----------------------

 

Here is the output I have .. successfully getting data into freeradius NAS
from central radius...

radiusd -X 

 

... adding new socket proxy address * port 53450

Listening on coa address * port 3799

Listening on accounting address * port 1813

Listening on command file /var/run/radiusd/radiusd.sock

Listening on authentication address 127.0.0.1 port 18120 as server
inner-tunnel

Listening on proxy address * port 1151

Ready to process requests.

rad_recv: CoA-Request packet from host 198.204.208.XX port 39238, id=55,
length=38

        User-Name = "test"

        Framed-IP-Address = 198.204.209.33

        NAS-Port = 382

  WARNING: Empty recv-coa section.  Using default return values.

  WARNING: Empty send-coa section.  Using default return values.

Sending CoA-ACK of id 55 to 198.204.208.XX port 39238

Finished request 0.

Going to the next request

Cleaning up request 0 ID 55 with timestamp +23

Ready to process requests.

------------------------------------------------------

 

I am sure this is something simple to fix.

 

Thanks

 

Brock Eastman

VP Engineering

DigitalPath, Inc

More information about the Freeradius-Users mailing list