[RADIATOR] Disconnect user via radpwtst or other method?

Andrew D. Clark adc at umn.edu
Fri Mar 27 10:18:42 CST 2009 

On Friday 27 March 2009 10:49:42 Tim Dancer wrote:
> Hi all,
>
> Is it possible to disconnect a user from the radius side using
> radpwtst? How do people normally handle this function?
>
> Thanks,
> Tim
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator

This is usually accomplished through methods such as RADIUS dynamic 
authorization (aka Packet of Disconnect or Change of Authorization).  See 
RFC3576.  In general, there's a RADIUS server running on the NAS that 
processes CoA messages, and then some RADIUS client sends a CoA message (such 
as Disconnect-Request) with the attributes the NAS requires to process the 
disconnect.  radpwtst can generate such messages, but be clear on what is the 
RADIUS server and what is the RADIUS client in this case.

Here's a sample showing a successful disconnect request with an ACK (this is 
using a Trapeze NAS - note the NAS is the RADIUS server in this case).

adc at bastion-2:~$ radpwtst -trace 4 -bind_address 192.168.249.12  -auth_port 
3799 -noauth -noacct -s somenas -secret somesecret -time -code 
Disconnect-Request User-Name="adc" NAS-IP-Address="192.168.238.141" 
Event-Timestamp=1212606218

Wed Jun  4 14:01:32 2008: DEBUG: Reading dictionary 
file '/etc/radiator/dictionary'
sending Disconnect-Request...
Wed Jun  4 14:01:32 2008: DEBUG: Packet dump:
*** Sending to 192.168.238.141 port 3799 ....
Code:       Disconnect-Request
Identifier: 2
Authentic:  <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Attributes:
        User-Name = "adc"
        NAS-IP-Address = 192.168.238.141
        Event-Timestamp = 1212606218

Wed Jun  4 14:01:32 2008: DEBUG: Packet dump:
*** Received from 192.168.238.141 port 3799 ....
Code:       Disconnect-Request-ACKed
Identifier: 2
Authentic:  &<132>O<242><233>nB<188><206><8>Uk<137>Z<175><170>
Attributes:
        Event-Timestamp = 1212606092

OK
time for 1 iterations: 0 s


-- 
Andrew D. Clark
Network Operations Engineer
University of Minnesota, Networking/Telecom Services
2218 University Ave SE
Minneapolis, MN 55414-3029
Phone: 612-626-4880

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20090327/35146f49/attachment.html>

More information about the radiator mailing list