change username/password takes no effect for 802.1x wifi clients

Matthew Newton mcn at
Sun Oct 25 19:45:24 CET 2020

On 25/10/2020 18:40, X Xiao wrote:
> However if I change the username/password in mods-config/files/authorize,
> then restart radiusd, I can still surf the internet using the old
> username/password, no relogin required, until I logoff the wifi network,
> and relogin again, now I need supply the new username/password.

Sure. That's the same as if you're logged into pretty much any system 
and change your password - you only authenticate when you first connect.

> How to force a re-login(via 802.1x) whenever I change username/password in
> freeradius? Is there a way to do it on freeradius side, or I just restart
> wifi network whenever I restart radiusd?

If your NAS supports CoA then you can send a CoA disconnect packet to 
kick the user off and force re-authentication. Sadly most NAS 
documentation is pretty lacking when CoA is concerned, so it might 
involve some guesswork.

Otherwise you'll need to find some other way to kick the user off 
(though restarting the whole wireless network sounds a bit drastic).


More information about the Freeradius-Users mailing list