Obtaining RADIUS attributes without authenticating
https://stackoverflow.com/questions/10372494
-
04-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
My application is using a RADIUS client implementation in order to authenticate users (using username/password and a shared secret). In the response from the server (Access-Accept), various attributes are provided, and I use them for getting a few relevant user properties.
The problem: once in a while, I need to refresh the value of the "Class" attribute. I don't have the full credentials any more, only the user name, and I don't want to force the users to re-authenticate. Is there any way to fetch this attribute without the password?
Solution
The Class attribute is a session cookie which is returned by the RADIUS server in the authentication packets and then sent back by the RADIUS client in the accounting packets. I am pretty sure you cant refresh the Class attributes without re-authenticating.
OTHER TIPS
If you want to change the value of the class attribute for an established session you may be able to issue a CoA request (dependent on NAS support).
