[RADIATOR] how to terminate user session

Thomas Kurian thomas at kccg.com
Tue Feb 19 06:50:47 CST 2013 

Dear All,
My radiator is currently handling only accounting function .But 
authentication of users is done by another 3rd party AAA server. Both of 
these AAA servers are integrated to the cisco ISG (NAS) . My requirement 
is to further use my radiator to terminate/disconnect live user 
sessions. Can you send me an example of the configuration lines to be 
added in radius.cfg, explaining how it is done and where to place it in 
my radiator config seen below?

Please explain both scenarios with COA configuration & packet of 
disconnect configuration . Can this be done only with radpwtst command 
(explain how) or is there another method?

Also explain what entries are to be entered for the respective 
attributes for the below command (saw this from old radiator archives 
but its not properly explained):-

radpwtst -trace 4 -bind_address 192.168.249.12 -auth_port 3799 -noauth 
-noacct -s somenas -secret somesecret -time -code Disconnect-Request 
User-Name="adc" NAS-IP-Address="192.168.238.141" Event-Timestamp=1212606218



Following is my current config file: -


AcctPort 1813
AuthPort 1812

LogDir /var/log/radius
DbDir /etc/radiator
# Use a low trace level in production systems. Increase
# it to 4 or 5 for debugging, or use the -trace flag to radiusd
Trace 4

# You will probably want to add other Clients to suit your work site,
# one for each NAS you want to work with


<Client DEFAULT>
Secret ******
DupInterval 0
</Client>


<Client 10.50.1.4>
Secret *****
DupInterval 0
NasType Cisco
IgnoreAcctSignature
</Client>

# Accept processing of other accounting requests of the genre stop



<Realm>
<AuthBy SQL>

DBSource dbi:ODBC:*****
DBUsername *****
DBAuth *****


AccountingStopsOnly
AccountingTable ACCOUNTING
AcctColumnDef USERNAME, User-Name
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef TIME_STAMP,Event-Timestamp,integer-date
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id



AcctSQLStatement update quotasubscribers set monthlycounter = 
monthlycounter + 0%{Acct-Output-Octets}, totalcounter = totalcounter + 
0%{Acct-Output-Octets}, timestamp = %{Event-Timestamp} \
where username='%n' \
And Type = 'Q'



</AuthBy>
#Log accounting to a detail file
AcctLogFileName %L/detail


</Realm>


-- 
Thank you,

Thomas Kurian
IT Security Engineer (B.Tech. – Electrical)
Kuwaiti Canadian Consulting Group (www.kccg.com)
T: +965 22435566
F: +965 22415149
E: thomas at kccg.com

More information about the radiator mailing list