Hi,
I want to know if an user is authenticated or not. It seems it is not possible via snmp (I asked it before in this forum and I have no response) as there is no OID. I am wondering if it would be possible by requesting it through northbound interface. Has someone try it?
Regards
Alberto.
I want to know if an user is authenticated or not. It seems it is not possible via snmp (I asked it before in this forum and I have no response) as there is no OID. I am wondering if it would be possible by requesting it through northbound interface. Has someone try it?
Regards
Alberto.
- 42 Posts
- 1 Reply Like
Posted 6 years ago
Primož Marinšek, AlphaDog
- 413 Posts
- 49 Reply Likes
I doubt you'll get that via SNMP. IT doesn't even make much sense to be able to get it that way. You can get that via syslog.
- 42 Posts
- 1 Reply Like
Thanks,
Why not? with other vendors snmp is one way.
Via syslog I am getting joins/disconnects but it is not the real authentication state. I would be easy to ask ZD the status instead of tracking it.
Regards
Alberto.
Why not? with other vendors snmp is one way.
Via syslog I am getting joins/disconnects but it is not the real authentication state. I would be easy to ask ZD the status instead of tracking it.
Regards
Alberto.
Primož Marinšek, AlphaDog
- 413 Posts
- 49 Reply Likes
A, ok. Misread your post a bit. I guess it makes some sense, but still not a whole lot.
I'd be interested in knowing why the state is important to you?
I'd be interested in knowing why the state is important to you?
- 42 Posts
- 1 Reply Like
I use freeradius to authenticate users and I have configured an unique session per user (Simultaneous-Use := 1). Freeradius has its own variable to handle who is authenticate (or you can use a database, of course). But what happens?...In some cases there is a inconsistency between what radius thinks and the reality. For example, in some cases user could be disconnected and the radius server restart at the same time, so I have sticky sessions because Radius thinks user is authenticated but he is not, so it keeps trying to login until radius memory is cleaned. So, the only way to keep consistency is asking ZD the real state of the client.
Primož Marinšek, AlphaDog
- 413 Posts
- 49 Reply Likes
- 42 Posts
- 1 Reply Like
Primož Marinšek, AlphaDog
- 413 Posts
- 49 Reply Likes
I'm just thinking you've got a strange problem. I'm actually not that involved in RADIUS but the whole idea is to basically derive keys. When those keys are made they are passed to the STA and some APs. So as long as those keys are valid the STA should be able to handshake and associate. What I don't know however is how restarting your FR affects clients and why what you say would affect them. So I'm actually thinking that this is something that can be solved within FR not Ruckus.
- 42 Posts
- 1 Reply Like
Well, this inconsistency between freeradius and controllers is known. Some workaround valid for other vendors is asking via snmp (or even cli commands) the state of the client. This is done running a script called checkrad.pl (http://www.opensource.apple.com/sourc...) but I can't fit it to Ruckus because I have no method to get auth state.
Primož Marinšek, AlphaDog
- 413 Posts
- 49 Reply Likes
- 42 Posts
- 1 Reply Like
Your are welcome. If you have any question, don't hesitate to ask me. Don't you use 802.1x authentication for your clients? I think it is not so common in a enterprise heterogeneous environment with mobile clients (smartphones, tablets, laptops ...) but for the WISP side, it is the best choice if CPE has capabilities.
Related Categories
-
ZoneDirector
- 2537 Conversations
- 724 Followers