checkrad alternative
Igor Smitran
sigor at blic.net
Sat Oct 28 19:54:18 UTC 2023
On 28. 10. 23. 18:27, Alan DeKok wrote:
> See raddb/sites-available/originate-coa
> That's an example virtual server of how to handle CoA packets like this.
>
> *But*, you can't wait for the CoA reply, and then reject the original Access-Request. Version 3 just won't do this.
>
> The hack in v3 is to just run the exec module, and exec radclient. It's ugly, but it's likely to work.
>
Yes, i can see that, unfortunately. Best way would be to wait for COA
reply from NAS and then decide to reject access request or allow it.
But, this makes it undoable:
"The "coa" or "disconnect" packet is sent when the current
Access-Request or Accounting-Request has been finished, and a reply sent
to the NAS."
I need to get back to drawing board :(
It looks like the only possible way would be to rewrite checkrad and
send COA from there.
Thank you
Igor
More information about the Freeradius-Users
mailing list