Re: Packet of Disconnect PHP
Its possible... IIRC (and this was a long long time a go) type is just an integer value http://www.php.net/manual/en/function.radius-create-request.php and also though there are two constants defined, it can actually be *any* integer value, so just use type 40 for POD. You'll need to make sure you have the right combination of attributes to identify the user, some NAS are *VERY* picky. -Arran PS I think the RADIUS stuff is an extension, so you'll need to install it using PECL. On 3 Aug 2011, at 01:03, mark fennema wrote: Hello, I'm working on getting a hotspot set up, and I need the ability to have a user log themselves out, so that they can connect on another computer. I have it set up so that the user can enter their information and have it log them out, but it doesn't disconnect them from the router, so they can continue using the internet until they disconnect from the wireless, so I need to send a packet of disconnect. Is there a way to do this in php? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Half the complexity of Diameter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Packet of Disconnect PHP
I didn't even know there were Radius functions in PHP...
Anyway, I did do my POD with PHP:
First get all the information you need from the database:
SELECT
`radcheck`.`username`,
`radcheck`.`attribute`,
`radcheck`.`value`*1024*1024*1024,
`radacct`.`framedipaddress`,
`radacct`.`xascendsessionsvrkey`,
`radacct`.`nasipaddress`,
`radacct`.`acctstoptime`,
`radacct`.`realm`
FROM
`radcheck`
CROSS JOIN
`radacct`
ON
`radcheck`.`username` = `radacct`.`username`
WHERE
.
Then you can use this to pipe it through radclient, assuming your web server
hosting this script is the same as your Radius server this is quite easy:
$disconnect=exec('
echo User-Name = '.$row[0].', Framed-IP-Address =
'.$row[3].', X-Ascend-Session-Svr-Key = '.$row[4].', NAS-IP-Address =
'.$row[5].' | radclient -x NAS.IP.ADD.RESS:PORT disconnect SECRET
');
This way I am iterating through a list of accounts returned by the query (do
some calculations) and then kick them off the network.
Maybe not the most sophisticated method but it does the trick.
Hope this helps
Kind regards
Marius Pesé
Mindspring Computing
-Original Message-
From: freeradius-users-bounces+marius=mindspring.co...@lists.freeradius.org
[mailto:freeradius-users-bounces+marius=mindspring.co...@lists.freeradius.org]
On Behalf Of Arran Cudbard-Bell
Sent: Wednesday, August 03, 2011 8:21 AM
To: FreeRadius users mailing list
Subject: Re: Packet of Disconnect PHP
Its possible... IIRC (and this was a long long time a go) type is just an
integer value http://www.php.net/manual/en/function.radius-create-request.php
and also though there are two constants defined, it can actually be *any*
integer value, so just use type 40 for POD.
You'll need to make sure you have the right combination of attributes to
identify the user, some NAS are *VERY* picky.
-Arran
PS I think the RADIUS stuff is an extension, so you'll need to install it using
PECL.
On 3 Aug 2011, at 01:03, mark fennema wrote:
Hello, I'm working on getting a hotspot set up, and I need the ability
to have a user log themselves out, so that they can connect on another
computer. I have it set up so that the user can enter their
information and have it log them out, but it doesn't disconnect them
from the router, so they can continue using the internet until they
disconnect from the wireless, so I need to send a packet of
disconnect. Is there a way to do this in php?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Arran Cudbard-Bell
a.cudba...@freeradius.org
RADIUS - Half the complexity of Diameter
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Packet of Disconnect PHP
If you're using Mikrotik, you can use Mikrotik API for this...
It works very good...
Especially if you need to disconnect all users
On 8/3/2011 8:50 AM, Marius Pesé wrote:
I didn't even know there were Radius functions in PHP...
Anyway, I did do my POD with PHP:
First get all the information you need from the database:
SELECT
`radcheck`.`username`,
`radcheck`.`attribute`,
`radcheck`.`value`*1024*1024*1024,
`radacct`.`framedipaddress`,
`radacct`.`xascendsessionsvrkey`,
`radacct`.`nasipaddress`,
`radacct`.`acctstoptime`,
`radacct`.`realm`
FROM
`radcheck`
CROSS JOIN
`radacct`
ON
`radcheck`.`username` = `radacct`.`username`
WHERE
.
Then you can use this to pipe it through radclient, assuming your web server
hosting this script is the same as your Radius server this is quite easy:
$disconnect=exec('
echo User-Name = '.$row[0].', Framed-IP-Address =
'.$row[3].', X-Ascend-Session-Svr-Key = '.$row[4].', NAS-IP-Address = '.$row[5].' |
radclient -x NAS.IP.ADD.RESS:PORT disconnect SECRET
');
This way I am iterating through a list of accounts returned by the query (do
some calculations) and then kick them off the network.
Maybe not the most sophisticated method but it does the trick.
Hope this helps
Kind regards
Marius Pesé
Mindspring Computing
-Original Message-
From: freeradius-users-bounces+marius=mindspring.co...@lists.freeradius.org
[mailto:freeradius-users-bounces+marius=mindspring.co...@lists.freeradius.org]
On Behalf Of Arran Cudbard-Bell
Sent: Wednesday, August 03, 2011 8:21 AM
To: FreeRadius users mailing list
Subject: Re: Packet of Disconnect PHP
Its possible... IIRC (and this was a long long time a go) type is just an
integer value http://www.php.net/manual/en/function.radius-create-request.php
and also though there are two constants defined, it can actually be *any*
integer value, so just use type 40 for POD.
You'll need to make sure you have the right combination of attributes to
identify the user, some NAS are *VERY* picky.
-Arran
PS I think the RADIUS stuff is an extension, so you'll need to install it using
PECL.
On 3 Aug 2011, at 01:03, mark fennema wrote:
Hello, I'm working on getting a hotspot set up, and I need the ability
to have a user log themselves out, so that they can connect on another
computer. I have it set up so that the user can enter their
information and have it log them out, but it doesn't disconnect them
from the router, so they can continue using the internet until they
disconnect from the wireless, so I need to send a packet of
disconnect. Is there a way to do this in php?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Arran Cudbard-Bell
a.cudba...@freeradius.org
RADIUS - Half the complexity of Diameter
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Packet of Disconnect PHP
Hello, I'm working on getting a hotspot set up, and I need the ability to have a user log themselves out, so that they can connect on another computer. I have it set up so that the user can enter their information and have it log them out, but it doesn't disconnect them from the router, so they can continue using the internet until they disconnect from the wireless, so I need to send a packet of disconnect. Is there a way to do this in php? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS 2 server + FreeRADIUS client - something like POD (packet of disconnect)
On Mon, Nov 17, 2008 at 02:28:20AM +0200, NiTr0 wrote: I use FreeRADIUS v2.0.1 on server side and FreeRADIUS client library v1.1.6 with pptpd/pppd on client side. Is there something like Mpd-drop-user attribute for MPD5? Or I must hangup sessions only by unusual way with 3rd-party client-server apps (for ex., telnet, snmp, etc)? I don't know what MPD5 or Mpd-drop-user are. The FreeRadius radclient tool can generate PoD packets, but pptpd/pppd does not support them. You'll need to use something else e.g. SSH kill - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS 2 server + FreeRADIUS client - something like POD (packet of disconnect)
I use FreeRADIUS v2.0.1 on server side and FreeRADIUS client library v1.1.6 with pptpd/pppd on client side. Is there something like Mpd-drop-user attribute for MPD5? Or I must hangup sessions only by unusual way with 3rd-party client-server apps (for ex., telnet, snmp, etc)? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
packet of disconnect for pptpd
hi ho can i send a packet of disconnect with radclient for pptpd - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Packet of Disconnect
Can freeradius handle a Disconnect Request (Attribute 40). If so how ? This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.net/legal/email.aspx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Packet of Disconnect
Ashwin Gobind [EMAIL PROTECTED] wrote: Can freeradius handle a Disconnect Request (Attribute 40). No. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Packet of Disconnect
When will it be able to? jay At 10:48 AM 10/13/2005, you wrote: Ashwin Gobind [EMAIL PROTECTED] wrote: Can freeradius handle a Disconnect Request (Attribute 40). No. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Packet of Disconnect
Jay Barnell [EMAIL PROTECTED] wrote: When will it be able to? When a patch is sent in. As always, patches are welcome. radclient can *send* those packets, but the server can't receive them. Why? Read the RFC's for how those packets are supposed to be implemented. When a server receives a disconnect packet, it has to check to see IF it had an Access-Request with the same contents, WOULD that request be forward to the IP that the disconnect request came from. That's hard. It's easier to punt on the problem. We could implement limited support for disconnect, where local administrators (not remote ones) would be allowed to send disconnect packets. But if that's the requirement, those admins can already use radclient to send packets directly to the NAS. So I'm not sure there's *any* benefit to adding disconnect support to the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Packet of Disconnect
On Tue, Mar 01, 2005 at 12:52:52PM +1100, Mitchell, Michael J wrote: The information is in the PoD request. Kind of. From the NAS's perspecitive, the PoD only needs to contains the Acct-Session-Id. However obviously in order to proxy a request we at least need the NAS-IP-Address. I use this to map back to a Realm or a NAS which will ultimately handle the PoD. To ensure that bad things don't happen, the PoD *should* be treated sort of like an Access-Accept, and the server should see where the packet is proxied to. IF the home server is where the PoD request came from, then it's a real PoD request, and is sent to the NAS. Otherwise, it's dropped. I must admit, my solution is not that comprehensive, and I'm not sure if it would even be possible. A PoD doesn't REQUIRE a User-Name attribute, so it would be difficult in that instance to map a PoD back to an appropriate home server for the specified session (NAS-IP-Address Acct-Session-Id). The only attributes that are guaranteed (in my case) are NAS-IP-Address and Acct-Session-Id. My solution met my needs at the time as I had very specific requirements, and using freeRADIUS was the quickest way to a solution, as freeRADIUS obviously already has all the proxy and RADIUS packet handling logic, and is nice and modular, so its easy to add this stuff quickly (even if its not the best solution). I also haven't tried proxying directly to a NAS. Should be easy enough to set this up in our test lab though. Alan would be disgusted at my current butcher job ;-). However, I'll review what I have done (it was several months ago now) and report back as soon as I can (may take a few days though) - hopefully with something a little more elegant than I have currently. I'm also thinking about multi-level proxies... For the setup I'm using, the NAS talks to a pool of RADIUS proxies, which talk to my RADIUS server, which may then (based on realm) proxy to _another_ RADIUS server. I can't talk directly to the NAS (or at least, I doubt I can) so I can generate PoD and send them to the proxy server pool attached to the NAS, but if the one I'm proxying to wants to PoD, then I need some kind of reverse-realm map so I can determine where the PoD has to go, as unlike an Access-Accept, there's no Access-Request structure sitting in memory describing where to reply to. In my case, the reverse map can key by either NAS-IP-Address or Realm... I look forward to whatever you come up with. ^_^ Maybe an extension of the clients.conf? Your NAS or PoD next hop should be in there already... ^_^ There's also _another_ NAS + proxy pool that proxies to me, but they don't do PoD. (They have a webpage, but I've not been game to set up a wget-of-death). -- Paul TBBle Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Packet of Disconnect
Hello, Does FreeRadius supports Packet of Disconnect Proxy? I have used successfully radclient (v1.72.2) to generate PoD packets to NAS, but I was unable to understand if Freeradius supports to proxy this packets from radclient to NAS? It seems that FR server ignores this requests: rad_recv: Disconnect-Request packet from host 192.168.78.36:33057, id=97, length=47 Unknown packet code 40 from client naskilt:33057 - ID 97 : IGNORED Regards, Paulo Rolo
Re: Packet of Disconnect
Hi Paulo, Freeradius doesn't support it ... However, I've got a version of freeRADIUS that I patched/hacked to do it. If you, or anyone are interested, I can provide some patches, unsupported basis that are specific to my requirements... However don't expect this to be something that is ever included in the freeRADIUS source... so you'd have to support it yourself... or pay someone ( like me ;-) ) to do maintenance or further development... Contact me off-list if you're interested in these patches, as this doesn't really belong here. Of course if Alan is interested in adding this functionality to freeRADIUS (I think you've expressed reluctance in the past?) then I'm happy to clean my work up and supply some more formal patches. regards, Mike Paulo Rolo wrote: Hello, Does FreeRadius supports Packet of Disconnect Proxy? I have used successfully radclient (v1.72.2) to generate PoD packets to NAS, but I was unable to understand if Freeradius supports to proxy this packets from radclient to NAS? It seems that FR server ignores this requests: rad_recv: Disconnect-Request packet from host 192.168.78.36:33057, id=97, length=47 Unknown packet code 40 from client naskilt:33057 - ID 97 : IGNORED Regards, Paulo Rolo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Packet of Disconnect
Michael Mitchell [EMAIL PROTECTED] wrote: Of course if Alan is interested in adding this functionality to freeRADIUS (I think you've expressed reluctance in the past?) then I'm happy to clean my work up and supply some more formal patches. I've been reluctant to have the server decide to send PoD packets on its own. If your patches provide a way for a proxying server to receive PoD packets from a home server, and forward them to the NAS, then that can go in. Most of the questions in the past about disconnects have been how do I get the server to disconnect users. And the answer is you don't. You run an external script, like radclient with PoD packets. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Packet of Disconnect
[EMAIL PROTECTED] (Paul Hampson) wrote: I haven't looked at the PoD support too closely, but how does FreeRADIUS know where the PoD is to be proxied to? The information is in the PoD request. To ensure that bad things don't happen, the PoD *should* be treated sort of like an Access-Accept, and the server should see where the packet is proxied to. IF the home server is where the PoD request came from, then it's a real PoD request, and is sent to the NAS. Otherwise, it's dropped. Yuck, and double-yuck. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Packet of Disconnect
The information is in the PoD request. Kind of. From the NAS's perspecitive, the PoD only needs to contains the Acct-Session-Id. However obviously in order to proxy a request we at least need the NAS-IP-Address. I use this to map back to a Realm or a NAS which will ultimately handle the PoD. To ensure that bad things don't happen, the PoD *should* be treated sort of like an Access-Accept, and the server should see where the packet is proxied to. IF the home server is where the PoD request came from, then it's a real PoD request, and is sent to the NAS. Otherwise, it's dropped. I must admit, my solution is not that comprehensive, and I'm not sure if it would even be possible. A PoD doesn't REQUIRE a User-Name attribute, so it would be difficult in that instance to map a PoD back to an appropriate home server for the specified session (NAS-IP-Address Acct-Session-Id). The only attributes that are guaranteed (in my case) are NAS-IP-Address and Acct-Session-Id. My solution met my needs at the time as I had very specific requirements, and using freeRADIUS was the quickest way to a solution, as freeRADIUS obviously already has all the proxy and RADIUS packet handling logic, and is nice and modular, so its easy to add this stuff quickly (even if its not the best solution). I also haven't tried proxying directly to a NAS. Should be easy enough to set this up in our test lab though. Alan would be disgusted at my current butcher job ;-). However, I'll review what I have done (it was several months ago now) and report back as soon as I can (may take a few days though) - hopefully with something a little more elegant than I have currently. Regards, Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
