lifetime of dynamic clients

Wed Oct 2 22:16:38 CEST 2013

steve at comitcon.be wrote:
> first of all thank you for replying although I must sense quite some
> hostility in your replies. On the other hand, I have read previous emails
> coming from your end and this appears to be the way you respond.

  Perhaps you could read the *content* of my messages, instead of
inventing some emotional projection.

> Secondly I have read the documentation, but RTFM still appears to be the
> common way of responding (even after using Linux for over 15 years).

  So you read the documentation saying that clients are defined by IP
addresses, and then asked whether or not clients are defined by NAS or
by user.

  Did you (a) NOT read the documentation, or (b) read it and not
understand it, or (c) read it, understand it, and ask a misleading question?

> Thirdly , the case below is a true real life situation, which does not
> only occur only for me, but also for other. Even though the module is not
> officially supported (maybe for the reason there are) it is in today's
> world . You can decide, be a bernstein (like qmail) or adopt to a real
> life situation. (Btw, if this was such uncommon, how come I find as many
> question on it as there are. If YFI is actually supporting this, there
> must be a need. Even if it is not meant like that.

  People do all kinds of crazy things.  That doesn't mean those things
are a good idea.  It's fairly conceited for you, a non-expert, to
lecture me about RADIUS.

> Fourhtly, the issue I have has nothing to do with the whole running of
> rlm_raw or any alike. Authentication works fine and as expected.

  I'm not really clear on the issue you're having, because your
statements are contradictory.

  Am I allowed to get frustrated at that?

> And yes I have read the statements on caching , what is used and even the
> disclaimer that only the src ip is supported. So don't become patronising
> that I didn't.

  Learn how to deal with people telling you you're wrong.  It's a skill
many adults have.

> I also scrobbled google for quite some time and I have read
> the debug more than you can think. But guess what? If the only output
> after authentication is
> adding client xxx.xxx.xxx.xxx with shared secret
> 
> it does not state
> a) lifetime
> b) anything else usefull.

  It shows the IP of the client.  It does NOT say "adding client keyed
by Called-Station-Id"

  See?  The debug output says what it means, and means what it says.
Because you're unwilling to take it at face value, you think it's useless.

  That says more about you than anything else.

> Now I am running radmin show client list and see the IP appear. I am now
> testing when it disappear.
> 
> Please refrain from responding if it will only be a load of 'you did not
> do this or that', while you have no clue on what I read or already have
> done.

  You have no business making that demand.  See the last paragraph of
this message for my response.

  You asked a question and you got told an answer.  When you made
mistakes, they were pointed out.  We CANNOT help you if your questions
are unclear, or if your statements are contradictory.  You have NO
BUSINESS getting offended when people try to help you.

> If the response is coming to the basic question
> "how can I check the lifetime of a dynamic client" feel free.
> 
> Elsewise, let's keep this clean for people willing to find the proper
> solution.

  Read the documentation.  Follow instructions.  Don't argue with the
experts.  It's not hard.

  If you fail to follow instructions, or if you keep arguing about the
instructions, or if you keep complaining when I answer your questions,
you will be unsubscribed and permanently banned from this list.  Such
behavior is anti-social, rude, and will NOT be tolerated.

  Alan DeKok.