Re: Using RADIUS CoA for reauthenticate STA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Aug 31, 2022, at 11:55 AM, Daniil Sliusar <sliusardaniil@xxxxxxxxx> wrote:
> There is anyone who used CoA to reauthenticate subscribers without their disassoc / deauth
> from Wi-Fi network? Could you please provide an example?  

  I'll speak from the RADIUS perspective.

  CoA is about changing authorization.  i.e. "change from 10Mbps to 100Mbps".  It's not about reauthenticating subscribers.

  If you want to reauthenticate subscribers, you have to use disconnect messages.  There are no provisions for reauthenticating users while keeping their connection "up". 

  The underlying protocols simply don't work that way, and don't support it.  It's impossible.

> I'm confused about the RADIUS CoA interface, that was implemented in commit "HS 2.0: CoA-Request
> processing for Terms and Conditions filtering" (f456940ef359b420b54df2f2578b49c6ff2baa04).
> There are no examples or any info on Google about it. We use build with CONFIG_HS20 enabled.  
> Current examples: 
>>> echo "Calling-Station-ID=7e:1a:bb:1d:4f:33" | radclient -x IP:3799 disconnect XXXXX
> Works well. 
> But:
>>> echo "Calling-Station-ID=7e:1a:bb:1d:4f:33" | radclient -x IP:3799 coa XXXXX
> Stuck on 
>>> hostapd: DAS: No supported authorization change attribute in CoA-Request from

  I'd look at the hostap code to see what authorization changes it supports.

  But it doesn't make much sense to say "Change authorization for user X", and then have no *new* authorization attributes in the packet.  hostap is correct to complain here.

  Alan DeKok.

Hostap mailing list

[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux