fail to send close messages to the radius server
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Thu Jan 14 08:25:26 PST 2016
On Wed, 2016-01-13 at 04:16 +0800, Yick Xie wrote:
> Hi Nikos,
>
> > That's because the address is assigned after authentication (e.g.,
> > the
> > address may be assigned by radius itself).
>
> I just thought the ocserv would send update messages to the radius
> server immediately after authentication. Whatever it's not a big
> trouble.
Hi,
I've done that in the master branch.
> Sorry I haven't realized that before, because I misunderstood the
> ocserv is supposed to maintain sorts of cookie-IP related entries.
> Anyway it still makes sense to use IP ban cmd to deal with it, yet
> that cmd seems not available now in occtl.
It is available in the latest 0.10.x releases and in 0.11.x.
> At last, I want to share another idea. I glanced the freeradius wiki
> and found the default SQL-schema includes ConnectInfo_start and
> ConnectInfo_stop attributes, the former of which in my opinion can be
> utilized to record the User-agent via "Connect-Info". Sometimes the
> admin cannot check the log punctually and totally got no clues of
> what's the client's application or platform, considering AnyConnect
> covers so many OS and versions even as well as BlackBerry. Then UA
> attribute must be helpful to collect more info about whether a
> problem
> come from one specific APP/version or our server, meanwhile such
> extension will be harmless to the freeradius infrastructure. What do
> you think about it ? Perhaps I missed something about the protocol?
Please open an issue/feature request in gitlab.com/ocserv/ocserv and
place all that information there. It looks indeed useful.
regards,
Nikos
More information about the openconnect-devel
mailing list