[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Radiusplugin-users] Re: Radiusplugin packet of disconnect
From: |
Ralf Lübben |
Subject: |
[Radiusplugin-users] Re: Radiusplugin packet of disconnect |
Date: |
Thu, 3 Jan 2008 16:40:59 +0100 |
User-agent: |
KMail/1.9.6 |
Hello,
thanks for your congratulations.
Your requested feature would be great, but it also would be an great extension
to the existing plugin.
The feature would need an own process which waits for the disconnect packet
and than disconnects the user through the management interface of OpenVPN.
A simpler solution would be to use the option
--reneg-sec
of OpenVPN.
The authentication is repeated accordingly to the option "reneg-sec", so if
the account of the user is revoked on the radius server the authentication
will fail.
Maybe the difference between time exceedance and reauthentication is
acceptable. The maximum error would be the value of "reneg-sec".
Regards,
Ralf
On Wednesday, 2. January 2008 20:34:08 you wrote:
> I would like to start out by saying congratulations on releasing the new
> version today.
>
> I am looking froward to using Radiusplugin in my setup. It almost does
> everything I could want. It authenticates the user, counts the data
> transmitted, and ... I am trying to figure out how to kill the user when
> there time has ended. I did look around trying to figure out how to make
> sure the user was disconnected when their time ran out, but I did not see
> any info. Also info on what these "vendor specific attributes by
> additional scripts" seams sparse.
>
> I would be happy to accomplish this via a expat script that Radiusplugin
> calls with the username to kill as a variable. What I would be happy to do
> is when a user's time runs out, freeradius sends the packet of disconnect
> and then the Radiusplugin executes a script with the user name to kill sent
> as a variable. I can not have users stay connected after their account has
> been revoked.
>
> I would be killing the user via the management interface, so if this is a
> new feature it could also be built in directly to no bother with a expat
> script, and just put in the config file the location, port and pass of the
> management interface.
>
> /usr/local/bin/kill-openvpn-user username
>
> Thanks for your help. If this feature to kill users who receive a packet
> of disconnect is not built into Radiusplugin I would be willing to
> compensate your for your time. I have not actually got the Radiusplugin
> working yet because I do not have freeradius going yet, lets to get done.
>
> http://wiki.freeradius.org/Packet_of_Disconnect
>
> Thanks
> -Bryon
- [Radiusplugin-users] Re: Radiusplugin packet of disconnect,
Ralf Lübben <=