Re: 2.0.0 documentation for radiusd.conf.

Arran Cudbard-Bell <A.Cudbard-Bell@sussex.ac.uk> · Thu, 14 Jun 2007 15:47:20 +0100

rad_recv: Access-Request packet from host 139.184.6.42 port 1141, id=42, 

length=151

         User-Name = "ac221"
         NAS-IP-Address = 127.0.0.1
         NAS-Port = 1
         Called-Station-Id = "00-14-C2-B6-7D-32:eduroam"
         Calling-Station-Id = "00-19-E3-0C-CD-58"
         Framed-MTU = 1400
         NAS-Port-Type = Wireless-802.11
         Connect-Info = "CONNECT 54Mbps 802.11g"
         EAP-Message = 0x0200000a016163323231
         Message-Authenticator = 0xae11e154e1819b9fde40d27a0147ad04
   Processing the authorize section of radiusd.conf
+- entering group authorize
++? if ("%{NAS-IP-Address}" == "127.0.0.1")
         expand: %{NAS-IP-Address} -> 127.0.0.1
? Evaluating ("%{NAS-IP-Address}" == "127.0.0.1") -> TRUE
++? if ("%{NAS-IP-Address}" == "127.0.0.1") -> TRUE
++- entering if ("%{NAS-IP-Address}" == "127.0.0.1")
         expand: %{Packet-Src-IP-Address} -> 139.184.6.42
Bus error

*narrowed*

authorize {

# Some devices send their loopback address as Nas IP Address, overwrite 

this with packet source.

if("%{NAS-IP-Address}" == "127.0.0.1"){
     update request {
         NAS-IP-Address := "%{Packet-Src-IP-Address}"
     }
}
}

Heh, located the issue with the access point...

If you tell it to fail over to it's internal RADIUS server after trying 

the primary and secondary, it'll send 127.0.0.1 to the primary and 

secondary too ... fun.

My faith has wained quite a bit in the quality of HP products since 

starting this project *sigh*.

--
Arran Cudbard-Bell (A.Cudbard-Bell@sussex.ac.uk)
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900