stuartc <[EMAIL PROTECTED]> wrote: > > - There will NEVER be a 'Acct-Session-Id' in an authentiction packet > > Please see debug below, on all stages of the call the Acct-Session-Id = > "00000660" is clear...
Weird... and I can't find anything in the RFC's forbidding this. I *thought* it was forbidden, but then again, I may just be tired and confused. > All I wanna do is use this to disconnect the call <shrug> So send an access reject packet. > I can't send an access reject it is too late in the training up process I > want to reject on the number dialed but after the call has been answered > by the NAS, I still don't understand. If you get an access request packet, and you don't want the user to connect, then send an access reject. If the user has already authenticated and connected, then RADIUS as it stands today CANNOT disconnect the user, and you must use some other method. So (to be clear), you're saying that you see TWO authentication requests. The first one for the act of dialing in, and the second for the user trying to use that line for network data? And you want to authenticate the first packet, but not the second one? Even then, that's NOT what I'm seeing in your debug logs. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
