# -*- text -*- ###################################################################### # # This virtual server simplifies the process of sending CoA-Request or # Disconnect-Request packets to a NAS. # # This virtual server will receive CoA-Request or Disconnect-Request # packets that contain *minimal* identifying information. e.g. Just # a User-Name, or maybe just an Acct-Session-Id attribute. It will # look up that information in a database in order to find the rest of # the session data. e.g. NAS-IP-Address, NAS-Identifier, NAS-Port, # etc. That information will be added to the packet, which will then # be sent to the NAS. # # This process is useful because NASes require the CoA packets to # contain "session identification" attributes in order to to do CoA # or Disconnect. If the attributes aren't in the packet, then the # NAS will NAK the request. This NAK happens even if you ask to # disconnect "User-Name = bob", and there is only one session with a # "bob" active. # # Using this virtual server makes the CoA or Disconnect process # easier. Just tell FreeRADIUS to disconnect "User-Name = bob", and # FreeRADIUS will take care of adding the "session identification" # attributes. # # The process is as follows: # # - A CoA/Disconnect-Request is received by FreeRADIUS. # - The radacct table is searched for active sessions that match each of # the provided identifier attributes: User-Name, Acct-Session-Id. The # search returns the owning NAS and Acct-Unique-Id for the matching # session/s. # - The original CoA/Disconnect-Request content is written to a detail file # with custom attributes representing the NAS and Acct-Session-Id. # - A detail reader follows the file and originates CoA/Disconenct-Requests # containing the original content, relayed to the corresponding NAS for # each session using the custom attributes. # # This simplifies scripting directly against a set of NAS devices since a # script need only send a single CoA/Disconnect to FreeRADIUS which will # then: # # - Lookup all active sessions belonging to a user, in the case that only a # User-Name attribute is provided in the request # - Handle routing of the request to the correct NAS, in the case of a # multi-NAS setup # # For example, to disconnect a specific session: # # $ echo 'Acct-Session-Id = "769df3 312343"' | \ # radclient 127.0.0.1 disconnect testing123 # # To perform a CoA update of all active sessions belonging to a user: # # $ cat <