[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Radiusplugin-users] Re: Radiusplugin packet of disconnect
|
From: |
Ralf Lübben |
|
Subject: |
Re: [Radiusplugin-users] Re: Radiusplugin packet of disconnect |
|
Date: |
Sat, 5 Jan 2008 13:18:43 +0100 |
|
User-agent: |
KMail/1.9.6 |
The disconnect after a failed reauthentication only works if you add the
option
--tls-exit
in your configuration files.
Ralf
On Thursday, 3. January 2008 16:40:59 Ralf Lübben wrote:
> Hello,
>
> thanks for your congratulations.
>
> Your requested feature would be great, but it also would be an great
> extension to the existing plugin.
> The feature would need an own process which waits for the disconnect packet
> and than disconnects the user through the management interface of OpenVPN.
>
> A simpler solution would be to use the option
>
> --reneg-sec
>
> of OpenVPN.
>
> The authentication is repeated accordingly to the option "reneg-sec", so if
> the account of the user is revoked on the radius server the authentication
> will fail.
> Maybe the difference between time exceedance and reauthentication is
> acceptable. The maximum error would be the value of "reneg-sec".
>
> Regards,
> Ralf
>
> On Wednesday, 2. January 2008 20:34:08 you wrote:
> > I would like to start out by saying congratulations on releasing the new
> > version today.
> >
> > I am looking froward to using Radiusplugin in my setup. It almost does
> > everything I could want. It authenticates the user, counts the data
> > transmitted, and ... I am trying to figure out how to kill the user when
> > there time has ended. I did look around trying to figure out how to make
> > sure the user was disconnected when their time ran out, but I did not see
> > any info. Also info on what these "vendor specific attributes by
> > additional scripts" seams sparse.
> >
> > I would be happy to accomplish this via a expat script that Radiusplugin
> > calls with the username to kill as a variable. What I would be happy to
> > do is when a user's time runs out, freeradius sends the packet of
> > disconnect and then the Radiusplugin executes a script with the user name
> > to kill sent as a variable. I can not have users stay connected after
> > their account has been revoked.
> >
> > I would be killing the user via the management interface, so if this is a
> > new feature it could also be built in directly to no bother with a expat
> > script, and just put in the config file the location, port and pass of
> > the management interface.
> >
> > /usr/local/bin/kill-openvpn-user username
> >
> > Thanks for your help. If this feature to kill users who receive a packet
> > of disconnect is not built into Radiusplugin I would be willing to
> > compensate your for your time. I have not actually got the Radiusplugin
> > working yet because I do not have freeradius going yet, lets to get done.
> >
> > http://wiki.freeradius.org/Packet_of_Disconnect
> >
> > Thanks
> > -Bryon
>
> _______________________________________________
> Radiusplugin-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/radiusplugin-users