"Python" simulates radius COA messages

Source: Internet
Author: User
Tags ack

The gateway device NAS in the RADIUS protocol is the client, and the service that implements the RADIUS protocol is the service side (for example, Freeradius), in which case the RADIUS server is not able to proactively send information to the NAS. A RADIUS extension is defined in rfc3576 Dynamic Authorization Extensions to radius, which Change-of-Authorization (CoA) can be initiated from RADIUS server to the RADIUS client. , such as user offline, the user's Internet bandwidth dynamic modification requirements can be done through the COA.

Here is the request to complete a COA with Pyrad, the requirement is to send the COA via Python to the gateway, the gateway correctly answers the ACK.

Note: The latest version of Pyrad in PyPI does not implement the COA, and you can install pyrad : http://github.com/andreynpetrov/pyrad.git this version on GitHub itself with this part of the implementation.

The code defined in the COA
-Disconnect-Request[RFC2882]   -Disconnect-ACK[RFC2882]   -Disconnect-NAK[RFC2882]    -CoA-Request[RFC2882]   coa-CoA-ACK[RFC2882]   coa-CoA-NAK[RFC2882]   coa不正常
Python simulated COA

The COA request here is customized by the gateway device manufacturer, which is used to complete the user authentication, and the package structure definition can only be implemented by reference to the RFC and the manufacturer's definition, which only records how the program is written. A few important points in debugging are: The Gateway vendor's dictionary, which is the correct white list for the meaning and value of the Vendor custom field in the dictionary. If it is not always possible to turn it on, grab the packet contrast and test again.

#coding: Utf-8ImportSocket, SYSImportPyrad.packet fromPyrad.clientImportClient fromPyrad.dictionaryImportDictionary#NAS and Radius same note the loading of the dictionaryDict_dir ="./dictionary"SECRET ="Test"Nasip ="172.16.15.188" def send_coa_auth(uname, acl="Auth_sla", qos="32m_full"):    "" " send COA message to NAS, the attributes is User-name Calling-station-id Benu-acl-poli Cy Benu-qos-policy "" "SRV = Client (Server=nasip, Secret=secret, Dict=dictionary (dict_dir)) req = srv. Createcoapacket (Code=pyrad.packet.coarequest, User_name=uname) req["Calling-station-id"] = uname req["Nas-ip-address"] = Nasip req["Benu-acl-policy"] = ACL# Benu begins with a vendor-defined fieldreq["Benu-qos-policy"] = QoSTry:Print "Sending COA request"Reply = srv. Sendpacket (req)exceptPyrad.client.Timeout:Print "DAS (NAS or Bas) does not reply"        return    exceptSocket.error, Error:Print "Network Error:"+ error[1]return    ifReply.code==pyrad.packet.coaack:Print "Coa accepted"    elifReply.code==pyrad.packet.coanak:Print "Coa Nak"    Else:PrintReply.codePrint "Attributes returned by NAS:"     forIinchReply.keys ():Print '%s:%s '% (I, reply[i][0])if__name__ = ="__main__": Send_coa_auth ("F8-CF-C5-83-09-B9")' # python coa_auth.pyimport settings failuresending COA requestcoa acceptedattributes returned by NAS: event-timestamp:1452219598 ""
Reference

Using Python to send COA messages dynamically changing RADIUS user attributes This blogger has a lot of relevant research to show thanks

"Python" simulates radius COA messages

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.