Freeradius Terminate a User Session using Radclient
Sometimes a user session must be terminated. A lot of reason to do it and I leave it to you to choose what the reason is but I know someday you want to kill his session not for nothing. If you use icradius there is tools name as radkill to do it. You also can use snmp protocol to kill him but there is an easier way for Freeradius user through radclient command.
root@salji:# radclient -h
Usage: radclient [options] server[:port] <command> [<secret>]
<command> One of auth, acct, status, coa, or disconnect.
-c count Send each packet ‘count’ times.
-d raddb Set dictionary directory.
-f file Read packets from file, not stdin.
-i id Set request id to ‘id’. Values may be 0..255
-n num Send N requests/s
-p num Send ‘num’ packets from a file in parallel.
-q Do not print anything out.
-r retries If timeout, retry sending the packet ‘retries’ times.
-s Print out summary information of auth results.
-S file read secret from file, not command line.
-t timeout Wait ‘timeout’ seconds before retrying (may be a floating point number).
-v Show program version information.
-x Debugging mode.
If the chillispot server is on the same machine as freeradius, we can run this command:
# echo “User-Name = raihan” | radclient -x 127.0.0.1:3779 disconnect theradiussecret
If the command is accepted by server, you can get this output.
# echo “User-Name = raihan” | radclient -x 127.0.0.1:3779 disconnect theradiussecret
Sending Disconnect-Request of id 63 to 127.0.0.1 port 3779
User-Name = “raihan”
rad_recv: Disconnect-ACK packet from host 127.0.0.1:3779, id=63, length=20
But firstly, You must starts chillispot server with this option, –coaport=3779 (or any port you desire) to make chillispot server accept your command.
# chilli –fg –coaport 3779
If the chillispot is separated from freeradius, the NAS wont have radclient command to do the job. But we can allow the chillispot to accept kill request from other nodes using –coanoipcheck option. Meaning, you can run the command from any machine, but with some security issue emerge. Well, some iptables rules can fix it.
chilli –fg –coaport 3779 –coanoipcheck
Sometimes a user session must be terminated. A lot of reason to do it and I leave it to you to choose what the reason is but I know someday you want to kill his session not for nothing. If you use icradius there is tools name as radkill to do it. You also can use snmp protocol to kill him but there is an easier way for Freeradius user through radclient command.
root@salji:# radclient -h
Usage: radclient [options] server[:port] <command> [<secret>]
<command> One of auth, acct, status, coa, or disconnect.
-c count Send each packet ‘count’ times.
-d raddb Set dictionary directory.
-f file Read packets from file, not stdin.
-i id Set request id to ‘id’. Values may be 0..255
-n num Send N requests/s
-p num Send ‘num’ packets from a file in parallel.
-q Do not print anything out.
-r retries If timeout, retry sending the packet ‘retries’ times.
-s Print out summary information of auth results.
-S file read secret from file, not command line.
-t timeout Wait ‘timeout’ seconds before retrying (may be a floating point number).
-v Show program version information.
-x Debugging mode.
If the chillispot server is on the same machine as freeradius, we can run this command:
# echo “User-Name = raihan” | radclient -x 127.0.0.1:3779 disconnect theradiussecret
If the command is accepted by server, you can get this output.
# echo “User-Name = raihan” | radclient -x 127.0.0.1:3779 disconnect theradiussecret
Sending Disconnect-Request of id 63 to 127.0.0.1 port 3779
User-Name = “raihan”
rad_recv: Disconnect-ACK packet from host 127.0.0.1:3779, id=63, length=20
But firstly, You must starts chillispot server with this option, –coaport=3779 (or any port you desire) to make chillispot server accept your command.
# chilli –fg –coaport 3779
If the chillispot is separated from freeradius, the NAS wont have radclient command to do the job. But we can allow the chillispot to accept kill request from other nodes using –coanoipcheck option. Meaning, you can run the command from any machine, but with some security issue emerge. Well, some iptables rules can fix it.
chilli –fg –coaport 3779 –coanoipcheck
扫一扫
2942
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
