| Both sides previous revision Previous revision Next revision | Previous revision |
| radius:rad_kick [2024/02/13 04:29] – [CoovaChilli on MESHdesk and APdesk] system | radius:rad_kick [2024/02/13 04:47] (current) – system |
|---|
| | <nav type="pills" justified="false"> |
| | * [[:user_manuals|Back to Documentation]] |
| | * [[:radius:rad_kick|Disconnecting Active RADIUS Users]] |
| | </nav> |
| | |
| | ----- |
| | |
| ====== Disconnecting Active RADIUS Users ====== | ====== Disconnecting Active RADIUS Users ====== |
| ===== Introduction ===== | ===== Introduction ===== |
| |
| ==== Mikrotik ==== | ==== Mikrotik ==== |
| * With the Mikrotik RADIUS Clients we make use of the **RouterOS API Client** to communicate with the Mikrotik. (https://github.com/EvilFreelancer/routeros-api-php) | * For Mikrotik's RADIUS clients, we use the **RouterOS API** client to communicate with Mikrotik. (https://github.com/EvilFreelancer/routeros-api-php) |
| * This library is already included with RADIUSdesk. | * This library is already included in RADIUSdesk. |
| * Many times there will be a NAT connection between the Mikrotik and the RADIUSdesk server preventing the server to reach the Mikrotik directly. | * Often there is a NAT connection between the Mikrotik and the RADIUSdesk server, so that the server cannot reach the Mikrotik directly. |
| * Mikrotik fortunately supports a large amount of VPN technologies which you can choose from. | * Fortunately, Mikrotik supports a large number of VPN technologies from which you can choose. |
| * https://help.mikrotik.com/docs/display/ROS/Virtual+Private+Networks | * https://help.mikrotik.com/docs/display/ROS/Virtual+Private+Networks |
| * If needed, please select one of your choosing. Setting them up is well documented in the Mikrotik documentation in the link above. | * Please select one of your choice if required. The setup is well documented in the Mikrotik documentation at the link above. |
| * When adding a RADIUS Client and selecting the **Mikrotik-API** type you will be presented with a dialog to supply the detail for the API connection to the Mikrotik. | * When you add a RADIUS client and select the **Mikrotik API** type, a dialog will appear where you need to specify the details for the API connection to Mikrotik. |
| <panel type="primary"> | <panel type="primary"> |
| {{:radius:radius_clients:radius_client_mikrotik_api.png?nolink|}} | {{:radius:radius_clients:radius_client_mikrotik_api.png?nolink|}} |
| </panel> | </panel> |
| |
| * There is also a **Test API Connection** button which allows you to confirm that the API communication to the Mikrotik is indeed working. | * There is also a Test API connection button that you can use to confirm that the API communication with the Mikrotik is actually working. |
| * In the screenshot above you can see part of the reply from the Mikrotik indicating that the communication via the API is established and good. | * In the screenshot above, you can see part of the response from Mikrotik indicating that the API communication is established and good. |
| * We also added a Mikrotik API button to the toolbar for RADIUS Clients. | * We have also added a Mikrotik API button to the toolbar for RADIUS clients. |
| <panel type="primary"> | <panel type="primary"> |
| {{:radius:radius_clients:radius_client_api_button.png?nolink|}} | {{:radius:radius_clients:radius_client_api_button.png?nolink|}} |
| </panel> | </panel> |
| |
| * The button is disabled by default and becomes enabled when you select a RADIUS Client of type **Mikrotik-API**. | * The button is disabled by default and is enabled when you select a **Mikrotik API** type RADIUS client. |
| * Selecting it will open a new tab with two sub-tabs. One listing active **Hotspot** users and the other listing active **PPPoE** users. | * When you select it, a new tab with two sub-tabs opens. One contains the active hotspot users and the other contains the active PPPoE users. |
| * You can select and disconnect listed users in those sub-tabs. | * In these sub-tabs, you can select the listed users and disconnect them |
| <panel type="primary"> | <panel type="primary"> |
| {{:radius:radius_clients:radius_client_api_tab.png?nolink|}} | {{:radius:radius_clients:radius_client_api_tab.png?nolink|}} |
| |
| ===== Add Support for additional types ===== | ===== Add Support for additional types ===== |
| * This section is a technical section for those who wants to introduce new RADIUS Client types. | * This section is a technical section for those who want to introduce new RADIUS client types. |
| * The list in the drop-down is specified in the following file: ///var/www/rdcore/cake4/rd_cake/config/RadiusDesk.php// | * The list in the drop-down list is specified in the following file: ///var/www/rdcore/cake4/rd_cake/config/RadiusDesk.php// |
| <code php> | <code php> |
| //Define nas types | //Define nas types |
| $config['nas_types'][2] = ['name' => 'Mikrotik-API', 'id' => 'Mikrotik-API', 'active' => true]; | $config['nas_types'][2] = ['name' => 'Mikrotik-API', 'id' => 'Mikrotik-API', 'active' => true]; |
| </code> | </code> |
| * Then when selecting an active user in **Activity Monitor** to disconnect behind the scenes the code will determine the type of RADIUS Client based on the **nasidentifier** field. (This is in the radacct table and has to match the value in the dynamic-clients table) | * If you then select an active user in **Activity Monitor** to disconnect behind the scenes, the code determines the type of RADIUS client based on the **nasidentifier** field. (This field is located in the radacct table and must match the value in the dynamic-clients table) |
| * This all happens inside the ///var/www/rdcore/cake4/rd_cake/src/Controller/Component/KickerComponent.php// file. | * This is all done within the file ///var/www/rdcore/cake4/rd_cake/src/Controller/Component/KickerComponent.php//. |
| * Thus adding support for additional types will involve adding additional sections to the PHP code. | * So if you want to add support for more types, you will need to add additional sections to the PHP code. |
| * See the snippet below. | * Take a look at the following snippet. |
| <code php> | <code php> |
| //First we try to locate the client under dynamic_clients | //First we try to find the client under dynamic_clients |
| $dc = $this->DynamicClients->find() | $dc = $this->DynamicClients->find() |
| ->where(['DynamicClients.nasidentifier' => $nasidentifier]) | ->where(['DynamicClients.nasidentifier' => $nasidentifier]) |
| |
| </code> | </code> |
| * That's the only things involved in disconnecting an active RADIUS user. | * This is the only thing required to disconnect an active RADIUS user. |
| * The FUP implementation also utilizes this mechanism so this also serve as a core component for the FUP implementation to be successful. | * The FUP implementation also uses this mechanism, so this is also a core component for the success of the FUP implementation. |
| |