diff options
| author | Felix Fietkau <nbd@openwrt.org> | 2013-08-06 18:55:30 +0000 |
|---|---|---|
| committer | Felix Fietkau <nbd@openwrt.org> | 2013-08-06 18:55:30 +0000 |
| commit | 388917caf95296a1e2a2a0dedeb8c83ed231326c (patch) | |
| tree | 3b84f740e50e8dc6c38b1c11300e99fcafa2ff87 /package | |
| parent | 485af0c163b39d6b35484528f39a1fcae669d44b (diff) | |
| download | master-187ad058-388917caf95296a1e2a2a0dedeb8c83ed231326c.tar.gz master-187ad058-388917caf95296a1e2a2a0dedeb8c83ed231326c.tar.bz2 master-187ad058-388917caf95296a1e2a2a0dedeb8c83ed231326c.zip | |
hostapd: Settings for DAE/CoA server
hostapd supports "Dynamic Authorization Extensions", making it possible
to forcibly disconnect a user by sending it a RADIUS "Disconnect-Request"
packet.
I've added three new variables to enable setting of the
"radius_das_client" and "radius_das_port" variables in the hostapd
configuration, which enable these extensions.
* dae_client - IP of the client that can send disconnect requests
* dae_secret - shared secret for DAE packets
These are combined into the "radius_das_client" option in hostapd.conf
To enable the server, both dae_client and dae_secret must be set.
* dae_port - optional, default value is 3799 as specified in RFC 5176
Signed-off-by: Martijn van de Streek <martijn@vandestreek.net>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37734 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package')
| -rw-r--r-- | package/network/services/hostapd/files/hostapd.sh | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh index 94f75c1c95..e25e870aa2 100644 --- a/package/network/services/hostapd/files/hostapd.sh +++ b/package/network/services/hostapd/files/hostapd.sh @@ -108,6 +108,13 @@ hostapd_set_bss_options() { [ -n "$acct_port" ] && append "$var" "acct_server_port=$acct_port" "$N" config_get acct_secret "$vif" acct_secret [ -n "$acct_secret" ] && append "$var" "acct_server_shared_secret=$acct_secret" "$N" + config_get dae_client "$vif" dae_client + config_get dae_secret "$vif" dae_secret + [ -n "$dae_client" -a -n "$dae_secret" ] && { + config_get dae_port "$vif" dae_port + append "$var" "radius_das_port=${dae_port:-3799}" "$N" + append "$var" "radius_das_client=$dae_client $dae_secret" "$N" + } config_get nasid "$vif" nasid append "$var" "nas_identifier=$nasid" "$N" append "$var" "eapol_key_index_workaround=1" "$N" |