freeradius,使用radclient斷開使用者連接配接

Freeradius Terminate a User Session using Radclient

Sometimes a user session must be terminated. A lot of reason to do it and I leave it to you to choose what the reason is but I know someday you want to kill his session not for nothing. If you use icradius there is tools name as  radkill to do it. You also can use snmp protocol to kill him but there is an easier way for Freeradius user through radclient command.

[email protected]:# radclient -h

Usage: radclient [options] server[:port] <command> [<secret>]

<command> One of auth, acct, status, coa, or disconnect.

-c count Send each packet ‘count’ times.

-d raddb Set dictionary directory.

-f file Read packets from file, not stdin.

-i id Set request id to ‘id’. Values may be 0..255

-n num Send N requests/s

-p num Send ‘num’ packets from a file in parallel.

-q Do not print anything out.

-r retries If timeout, retry sending the packet ‘retries’ times.

-s Print out summary information of auth results.

-S file read secret from file, not command line.

-t timeout Wait ‘timeout’ seconds before retrying (may be a floating point number).

-v Show program version information.

-x Debugging mode.

If the chillispot server is on the same machine as freeradius, we can run this command:

# echo “User-Name = raihan” | radclient -x 127.0.0.1:3779 disconnect theradiussecret

If the command is accepted by server, you can get this output.

# echo “User-Name = raihan” | radclient -x 127.0.0.1:3779 disconnect theradiussecret

Sending Disconnect-Request of id 63 to 127.0.0.1 port 3779

User-Name = “raihan”

rad_recv: Disconnect-ACK packet from host 127.0.0.1:3779, id=63, length=20

But firstly, You must starts chillispot server with this option, –coaport=3779 (or any port you desire) to make chillispot server accept your command.

# chilli –fg –coaport 3779

If the chillispot is separated from freeradius, the NAS wont have radclient command to do the job. But we can allow the chillispot to accept kill request from other nodes using –coanoipcheck option. Meaning, you can run the command from any machine, but with some security issue emerge. Well, some iptables rules  can fix it.

chilli –fg –coaport 3779 –coanoipcheck