How to get current datetime in freeradius?

Alan DeKok aland at
Tue Oct 15 16:32:57 CEST 2019

On Oct 15, 2019, at 10:08 AM, Houman <houmie at> wrote:
> Thank you very much for all your help on this.  I got in touch with the NAS
> makers (StrongSwan) and did some analysis together. Essentially the NAS
> only needs the User-Name for the disconnect request, which I'm already
> providing. The reason why it sends a NAK is that no IKE_SA was found with a
> matching remote identity. This is what happens on the NAS side in the log
> file:


> It's a bit of a dilemma. I have a reason to disconnect the user based on a
> condition. But the user can still reconnect and I won't be able to
> disconnect him straight away.

  You should be able to save the condition in a DB, and then *reject* the next connection attempt by the user.

> I have to wait until the next
> Acct-Interim-Interval kicks in before I can actually disconnect him again.
> Since the authentication happens through Freeradius, is there a way to
> reject the user immediately during authentication other than sending
> disconnect requests?

  Return Access-Reject.

  Alan DeKok.

More information about the Freeradius-Users mailing list