CoA server conception

Alan DeKok aland at
Fri Mar 3 13:55:23 UTC 2023

On Mar 3, 2023, at 8:43 AM, Yuriy Ivkin <y.ivkin at> wrote:
> After few hours of googling I think I understood.

  The documentation tries to be as clear as possible.  But it assumes some familiarity with RADIUS.

> The only not clear thing: how freeradius deside to send a CoA message or not ?

  It doesn't.  *You* update the configuration to say "please send a CoA packet".

  There are two "coa" related visual servers:

	receive CoA packets and do whatever you want with them

	receive CoA packets, look up user information in a DB, and proxy them to the NAS.

  From your previous message:

> For example, I have a NAS server with configured coa port. I can send a disconnect request directly into it. If I configure a coa server on a freeradius server, will I be able to send a disconnect request to the freeradius instead and that is all?

  The user is connected to the NAS, not to FreeRADIUS.  Sending a CoA packet to FreeRADIUS (and not to the NAS) will do nothing.

> What is the "Simply update the  "coa" list" means ? Changing of a site configuration in accounting section like this

  That is what it says.

> Will the CoA message be generated in response for every acct request of active sessions ? That has no sense...

  The point is not to send a CoA packet on every accounting request.  The point is to document HOW to send CoA packets.  The next step is for you to figure out WHEN you want to send CoA packets.  And then write the policy:

	if (... I need to send a CoA packet) {
		update coa {

  As with almost everything in the server, we don't (and can't) document every possible policy.  We can't provide a default configuration which works for everyone, and does what everyone wants.

  Instead, we document how the server works.  It's up to you to figure out how to turn that into local policies.

  Alan DeKok.

More information about the Freeradius-Users mailing list