problem with disconnect radius user from radclient

amigota · Tue Jun 30, 2009 8:10 am

Hi guys
I'm now using MT OS 2.9.27 with a freeradius server box. I point MT to my radius sever.

MT OS ----------------Freeradius 192.168.2.2
192.168.2.1
|
|
|
Clients

Everything is working well, but i just want to disconnect online user from command (my NAS is 192.168.2.1)

echo user-name=test | radclient -x 192.168.2.1:1700 disconnect mysecret

The result:

Sending Disconnect-Request of id 37 to 192.168.2.1 port 1700
        User-Name = "test"
rad_recv: Disconnect-NAK packet from host 192.168.2.1:1700, id=37, length=42
        Error-Cause = Unsupported-Extension
        NAS-Identifier = "MikroTik"
        NAS-IP-Address = 192.168.2.1

Why I can't disconnect user??
I read some forum that it MT OS 2.9.. support with the radius diconnect message. Why there is 'Unsupported-Extension', while I use /Radius --> Incomming --> Accept??
How can i do it?

userman · Tue Jun 30, 2009 3:24 pm

Are you using HotSpot? Because only HotSpot supports Radius incomming (CoA and Disconnect requests) at the time. PPP does not.

amigota · Thu Jul 02, 2009 6:10 am

Yes, i'm using HotSpot. I've tried to use port 1700 or 3799, but there is the same problem.
When i request to disconnect user 'test' once, the Status of Radius Incomming is:

Requests     : 1
Bad Requests : 0
Acks         : 0
Naks         : 1

userman · Fri Jul 03, 2009 9:17 am

can you "dump" (print the details of) request, which is sent from Free Radius to User Manager? Because NAK is sent also, when there is at least one attribute in the request, which is not supported by HotSpot. Such a behavior is defined in RFC5176 (http://www.ietf.org/rfc/rfc5176.txt).

amigota · Sat Jul 04, 2009 5:26 pm

In my radius server, i typed:

echo user-name=test | radclient -x 192.168.2.1:1700 disconnect mysecret
Sending Disconnect-Request of id 37 to 192.168.2.1 port 1700
        User-Name = "test"
rad_recv: Disconnect-NAK packet from host 192.168.2.1:1700, id=37, length=42
        Error-Cause = Unsupported-Extension
        NAS-Identifier = "MikroTik"
        NAS-IP-Address = 192.168.2.1

userman · Mon Jul 06, 2009 1:30 pm

Disconnect request works for a specific session, not for all the sessions of specified user.

You send only User-Name as session identification attribute. But it is not enough. To identify session correctly, these attributes must be included in Disconnect-Request:
*) IP address
*) NAS Port Type
*) NAS Port
*) Calling Station ID
*) Called Station ID
*) ACCT Session ID
*) NAS Port ID, if it is not empty

Required values for these attributes should be stored in the Radius Server data base. For example, User Manager stores these values for every session to be able to send Disconnect Request for it. In your case these values should be stored in FreeRadius data base.

amigota · Fri Jul 10, 2009 5:11 am

Yes, it works. Thank you for your help.

anrichp · Sat Jul 11, 2009 8:29 pm

hey amigota can you please post your script that you send to the mikrotik to disconnect a user, or rather the packet.txt file

amigota · Mon Jul 13, 2009 8:05 am

The command is:

echo User-Name=test,Framed-IP=192.168.2.199 | radclient -x 192.168.2.1:1700 disconnect mysecret

m4rk0 · Fri Sep 04, 2009 5:09 am

Hello,

I have FreeRadius + mysql module...

Does anyone have script to disconnect all online users at once?

Thank You in advance!

shivachitta · Wed Nov 25, 2009 8:58 am

Hello,

I have FreeRadius + mysql module...

Does anyone have script to disconnect all online users at once?

Thank You in advance!

hi,

i too need the solution
please tel me if u found any answer...

amigota · Sun Jan 03, 2010 10:30 am

Hi all

As my young experience, I used to disconnect radius users from Mikrotik by this command below:

echo User-Name=test,Framed-IP=192.168.2.199 | radclient -x 192.168.2.1:1700 disconnect mysecret

Where:
192.168.2.1 is NAS Address
1700 is your CAO port or disconnect port that you have to enable in Mikrotik

Or you guys can use php code and you have to grant root permission to www user to run this script.
Note: This is very risk usage.

Example:

	//function to force disconnect a user
	function disconnect_user($username, $framed_ip, $nasaddr, $coaport, $sharedsecret) {
		$command = "sudo echo User-Name=$username,Framed-IP=$framed_ip|/usr/local/bin/radclient -x $nasaddr:$coaport disconnect $sharedsecret";
		exec($command);
	}

        //function to force disconnect all users
	function disconnect_all_users(){
		$sharedsecret = "yourradiussecret";
		$coaport = 1700;
		$nasaddr = "192.168.20.1";
		$r_who_online = "SELECT * FROM radacct WHERE (AcctStopTime is NULL) ORDER BY RadAcctId ASC";
		$who_online = $db->Execute($r_who_online);
		foreach($who_online as $u) {
			$command = "sudo echo User-Name=$u["UserName"],Framed-IP=$u["Framed-IP"]|/usr/local/bin/radclient -x $nasaddr:$coaport disconnect $sharedsecret";
                        exec($command);
		}
	}

Hope this can help you.

sparki · Sun May 16, 2010 12:54 am

I tried the solutions above and kept getting -

echo "User-Name=username,Framed-IP=192.168.1.101" | radclient -x 192.168.1.2:3799 disconnect secret
Sending Disconnect-Request of id 14 to 192.168.1.1 port 3799
User-Name = "username"
rad_recv: Disconnect-NAK packet from host 192.168.1.2:3799, id=14, length=41
Error-Cause = Unsupported-Extension
NAS-Identifier = "NAS1"
NAS-IP-Address = 192.168.1.2

After some searching I discovered that Framed-IP should read Framed-IP-Address

echo "User-Name=username,Framed-IP-Address=192.168.1.101" | radclient -x 192.168.1.2:3799 disconnect secret

And it works !!!!! Yeeeehhaaaaa

agindanoe · Mon Mar 21, 2016 5:57 am

I tried the solutions above and kept getting -

echo "User-Name=username,Framed-IP=192.168.1.101" | radclient -x 192.168.1.2:3799 disconnect secret
Sending Disconnect-Request of id 14 to 192.168.1.1 port 3799
User-Name = "username"
rad_recv: Disconnect-NAK packet from host 192.168.1.2:3799, id=14, length=41
Error-Cause = Unsupported-Extension
NAS-Identifier = "NAS1"
NAS-IP-Address = 192.168.1.2

After some searching I discovered that Framed-IP should read Framed-IP-Address

echo "User-Name=username,Framed-IP-Address=192.168.1.101" | radclient -x 192.168.1.2:3799 disconnect secret

And it works !!!!! Yeeeehhaaaaa

glad to hear that works !

I follow step in this thread, I can't connect to NAS 192.168.10.2 with radclient, but I IP 192.168.10.1 can received remote request, with NAK result in radius debug mikrotik.

when radius server (192.168.10.14) request disconnect, I get radius debug unknown address and IP address request change to

radius debug received remote request from 192.168.10.1:xxxxxx with unknown address, dropping

it radius debug shouldn't 192.168.10.1 but 192.168.10.14 to be accepted by NAS 192.168.10.2

is anybody can help me with this case? or any something miss in mikrotik configuration. Thanks

mukeshsh · Wed Aug 02, 2017 3:04 pm

i'm using same code for disconnecting user but getting below error

array(16) {
[0]=>
string(60) "radclient: Failed to send packet for ID 168: (unknown error)"
[1]=>
string(60) "radclient: Failed to send packet for ID 168: (unknown error)"
[2]=>
string(60) "radclient: Failed to send packet for ID 168: (unknown error)"
[3]=>
string(54) "radclient: no response from server for ID 168 socket 3"
[4]=>
string(63) "Sending Disconnect-Request of id 168 to 192.168.1.240 port 1700"
[5]=>
string(32) " User-Name = "54:14:73:57:DC:C2""
[6]=>
string(34) " Framed-IP-Address = 192.168.0.244"
[7]=>
string(42) "rad_send() failed: Operation not permitted"
[8]=>
string(63) "Sending Disconnect-Request of id 168 to 192.168.1.240 port 1700"
[9]=>
string(32) " User-Name = "54:14:73:57:DC:C2""
[10]=>
string(34) " Framed-IP-Address = 192.168.0.244"
[11]=>
string(42) "rad_send() failed: Operation not permitted"
[12]=>
string(63) "Sending Disconnect-Request of id 168 to 192.168.1.240 port 1700"
[13]=>
string(32) " User-Name = "54:14:73:57:DC:C2""
[14]=>
string(34) " Framed-IP-Address = 192.168.0.244"
[15]=>
string(42) "rad_send() failed: Operation not permitted"
}

problem with disconnect radius user from radclient

problem with disconnect radius user from radclient

Re: problem with disconnect radius user from radclient

Re: problem with disconnect radius user from radclient

Re: problem with disconnect radius user from radclient

Re: problem with disconnect radius user from radclient

Re: problem with disconnect radius user from radclient

Re: problem with disconnect radius user from radclient

Re: problem with disconnect radius user from radclient

Re: problem with disconnect radius user from radclient

Re: problem with disconnect radius user from radclient

Re: problem with disconnect radius user from radclient

Re: problem with disconnect radius user from radclient

Re: problem with disconnect radius user from radclient

Re: problem with disconnect radius user from radclient

Re: problem with disconnect radius user from radclient

Who is online