checkrad alternative
Alan DeKok
aland at deployingradius.com
Sat Oct 28 16:27:20 UTC 2023
On Oct 27, 2023, at 6:17 PM, Igor Smitran <sigor at blic.net> wrote:
> It seems that there is a possibility to use COA to check if session is live on NAS:
That might work? If you send a CoA which doesn't change anything, you might get an ACK. If you send a CoA for a session which doesn't exist, you'll get a NAK.
But it's not a common way to check user sessions, so it may or may not work, depending on the NAS.
> I hope i will succeed. In case that someone has something to add or share please do.
>
> I am expecting problems with parsing of reply messages from NAS and deciding what to do next, if i use only unlang for parsing.
>
> some rought example:
>
> if (there is session with null stop time) {
>
> update coa {
>
> send session id
>
> }
>
> }
>
> if (reply:packet-type COA) {
>
> if (Cisco-Command-Code) {
>
> reject
>
> }
See raddb/sites-available/originate-coa
That's an example virtual server of how to handle CoA packets like this.
*But*, you can't wait for the CoA reply, and then reject the original Access-Request. Version 3 just won't do this.
The hack in v3 is to just run the exec module, and exec radclient. It's ugly, but it's likely to work.
Alan DeKok.
More information about the Freeradius-Users
mailing list