radius CoA client for PPTP box

Brock Eastman brock at corp.digitalpath.net
Thu Sep 24 01:35:46 CEST 2015

I am currently trying to implement radius CoA on a NAS client using
freeradius to handle the listening of inbound packets.  I need to add a
feature to change the shaping policy on the fly from our radius system to
each existing NAS.  Freeradius appears to employ a nice framework to
accomplish this such as PPTP/PPPOE servers for an ISP environment.  I
originally started out with a PHP socket program that listened on port 3799
- it worked but has compatibility issues with older php4 systems that I must
still support.  I am not trying to proxy anything, just straight listen for
packets, send the attributes to a secondary program and change rate shaping
or disconnect users on the fly.


I have no problems sending requests from my radius server to the NAS hosting
the radius CoA listener on port 3799.



Radclient call -

echo "User-Name = test, Framed-IP-Address=, NAS-Port=382" |
radclient -x 198.204.208.XX:3799 coa mypass



What I need is in the recv-coa section to allow me to send a remote command
using exec.  So far nothing has worked for me.  I've dug around in the
documentation all day without anything working.  I'm validating the php
script runs by touching a filesystem command and running the daemon in debug
mode from the command line to see the output.  But the php is never called.


----------------snippet from radiusd.conf

server coa {

        #  When a packet is received, it is processed through the

        #  recv-coa section.  This applies to *both* CoA-Request and

        #  Disconnect-Request packets.



        recv-coa {

                #  CoA && Disconnect packets can be proxied in the same

                #  way as authentication or accounting packets.

                #  Just set Proxy-To-Realm, or Home-Server-Pool, and the

                #  packets will be proxied.

                #  Insert your own policies here.



                update control {

/usr/local/bin/radius_coa.php %{User-Name}`







Here is the output I have .. successfully getting data into freeradius NAS
from central radius...

radiusd -X 


... adding new socket proxy address * port 53450

Listening on coa address * port 3799

Listening on accounting address * port 1813

Listening on command file /var/run/radiusd/radiusd.sock

Listening on authentication address port 18120 as server

Listening on proxy address * port 1151

Ready to process requests.

rad_recv: CoA-Request packet from host 198.204.208.XX port 39238, id=55,

        User-Name = "test"

        Framed-IP-Address =

        NAS-Port = 382

  WARNING: Empty recv-coa section.  Using default return values.

  WARNING: Empty send-coa section.  Using default return values.

Sending CoA-ACK of id 55 to 198.204.208.XX port 39238

Finished request 0.

Going to the next request

Cleaning up request 0 ID 55 with timestamp +23

Ready to process requests.



I am sure this is something simple to fix.




Brock Eastman

VP Engineering

DigitalPath, Inc

More information about the Freeradius-Users mailing list