checkrad alternative
Igor Smitran
sigor at blic.net
Fri Oct 27 22:17:08 UTC 2023
On 27. 10. 23. 19:14, Matthew Newton via Freeradius-Users wrote:
>
> Don't trust Cisco snmpwalk. In my experience it often misses things.
>
> Go directly for the MIBs you want to query.
>
> But otherwise you'll need to find some other way to find out who's on
> line, then write a script or devise a method that FreeRADIUS can query
> that.
>
Already tried it but no success.
It seems that there is a possibility to use COA to check if session is
live on NAS:
echo "Acct-Session-Id=0044F775" | radclient -x *.*.*.*:1700 coa secret
Sending CoA-Request of id 228 to *.*.*.* port 1700
Acct-Session-Id = "0044F775"
rad_recv: CoA-NAK packet from host *.*.*.* port 1700, id=228, length=81
Cisco-Command-Code = "\020"
Cisco-Account-Info = "Suser_framed_ip"
Cisco-Account-Info = "$IVirtual-Access2.263"
I will try to use update coa, unlang and sql xlat and avoid checkrad
usage entirely.
I hope i will succeed. In case that someone has something to add or
share please do.
I am expecting problems with parsing of reply messages from NAS and
deciding what to do next, if i use only unlang for parsing.
some rought example:
if (there is session with null stop time) {
update coa {
send session id
}
}
if (reply:packet-type COA) {
if (Cisco-Command-Code) {
reject
}
}
Igor
More information about the Freeradius-Users
mailing list