Re: Re: RADIUS based station ­reauth request

newuse at qip.ru newuse at qip.ru
Sun May 6 10:16:27 EDT 2012


Thanks, but is there any way to force given station reauth by it's MAC? May be via CLI?
I need to be able to block authorized station in any time (not by max Session-Timeout), is it possible?

Сбт 05 Май 2012 18:15:38 +0400, Jouni Malinen <j at w1.fi> написал:
> On Tue, May 01, 2012 at 01:19:19AM +0400, newuse at qip.ru wrote:
> > Is it possible to setup hostapd so, that stations reauth period could be set to zero by RADIUS request?
> 
> What are you trying to do? Reauthentication period can be set with the
> Session-Timeout attribute in the Access-Accept message when
> Termination-Action attribute with value RADIUS-Request is also included.
> However, it should be noted that zero value would mean that the station
> would be in a constant loop of doing reauthentication.. If you are
> trying to disable reauthentication, you can set the Session-Timeout
> value to large enough number to avoid hitting it in practice.
> 
> > Is it possible to request station reauth by given MAC via special RADIUS-server request?
> 
> No. I'm not sure whether there really is a mechanism defined in RADIUS
> for this type of operation. Change-of-Authorization message could
> potentially be used to do something like this (e.g., change
> Session-Timeout to a small value and then restore the longer value at
> the completion of successful reauthentication). However, hostapd does
> not yet support this mechanism.
> 
> -- 
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap


More information about the HostAP mailing list