On Thu, Jul 28, 2005 at 06:20:35PM -0700, N White wrote: > That's correct. Read my second reply. So other then writing custom > scripts, is there a way for the RADIUS server(FreeRADIUS) to be told to > send a disconnect packet to the NAS that a particular user is logged in > to(NAS could vary - Portmaster, Cisco, PPPoE Server, VPN Server, etc))?
Nope, you have to write custom scripts. FreeRADIUS has nothing to do with (and wants nothing to do with) the disconnect packets. Usually, you would have a script that checks for whatever condition you're basing the disconnect on, and calls radclient (or telnet, or whatever the interface your NAS/downstream provides for this) to do the disconnect. (I've also seen SNMP and SOAP, and I really don't think FreeRADIUS is the right tool to automate a phone call to the NOC. ^_^) While you _could_ integrate disconnect into FreeRADIUS using a mechanism similar to checkrad, it'd be pretty daft, since the authentication checks the wrong details (this is an administrative request, not a user request) and sends the wrong way (this is an unsolicited packet to a NAS, not to a RADIUS proxy). This last point seems trivial until you try to proxy backwards through a chain you have only the last hop of, and the last hop doesn't neccessarily know what the previous hop was. (I vaugely remember someone discussing a static reverse-NAS route config file at some point. Luckily, no one tried to turn that into code) Bash and perl are both simpler and easier shells for this than FreeRADIUS. ^_^ -- Paul "TBBle" Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html