Hi Alan, Would it be right to say that a RADIUS server in 802.1X authentication allows a client to be authenticated but can not unauthenticate a authenticated client and let the AP(Nas) know about this unauthentication. I guess it comes down to RADIUS server responds to clients but does not initiate talking to clients.
So, if I log on with my XP laptop through 802.1X successfully and then a few minutes later, the system admin logged off all users (including me) with the intent to force reauthentications. But, my laptop thinks it's still authenticated and logged in. Is there a way from the RADIUS server to notify the client so, the client detects it's unauthenticated and tries to start 802.1X session again. Otherwise, I would need to disassociate and associate again. Thanks, Htin > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:freeradius- > [EMAIL PROTECTED] On Behalf Of Alan DeKok > Sent: Wednesday, May 26, 2004 1:56 PM > To: [EMAIL PROTECTED] > Subject: Re: [Q]: Assigning VLANs and restricting logins? > > "Chris Bshaw" <[EMAIL PROTECTED]> wrote: > > Is there any post-authentication mechanism I could use in FreeRadius to > > revoke the authentication....i.e. allow the user to authenticate long > enough > > to make the checks over IP via an Exec-Program-Wait and if they fail the > > checks, freeradius 'tells' (?) the access point to disconnect the > client? > > Nope. > > But you can run a script to tell another program that a user > authenticated. That other program can then wait however long it > wants, and do whatever it wants with the results. > > Alan DeKok. > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
