change username/password takes no effect for 802.1x wifi clients
Matthew Newton
mcn at freeradius.org
Sun Oct 25 19:45:24 CET 2020
On 25/10/2020 18:40, X Xiao wrote:
> However if I change the username/password in mods-config/files/authorize,
> then restart radiusd, I can still surf the internet using the old
> username/password, no relogin required, until I logoff the wifi network,
> and relogin again, now I need supply the new username/password.
Sure. That's the same as if you're logged into pretty much any system
and change your password - you only authenticate when you first connect.
> How to force a re-login(via 802.1x) whenever I change username/password in
> freeradius? Is there a way to do it on freeradius side, or I just restart
> wifi network whenever I restart radiusd?
If your NAS supports CoA then you can send a CoA disconnect packet to
kick the user off and force re-authentication. Sadly most NAS
documentation is pretty lacking when CoA is concerned, so it might
involve some guesswork.
Otherwise you'll need to find some other way to kick the user off
(though restarting the whole wireless network sounds a bit drastic).
--
Matthew
More information about the Freeradius-Users
mailing list