Dynamic Clients
Kev Pearce
email.me at kevp.com
Thu Aug 14 14:54:53 CEST 2014
> That constraint is still there in v3.0.x. Why would you want to add a
client that doesn't match the src IP address of the packet you just
received?
Because the NASes will be NATted over the internet, the real IP might be a
private RFC1918 address, but the source IP address will be a public IP.
Multiple NASes would be seen as the same public IP address but have their
own NAS-IP-Address values.
Ok message understood.
I'll stick with one secret for all clients (per virutal server at least),
then use the radcheck query to check per nas based on NAS-IP-Address, which
is available and safe as the packet will have passed the 'known secret'
stage.
I can live with this.
And then I don't need the rlm_raw module, so a less hacky build.
Cheers for all your input,
Kev/.
More information about the Freeradius-Users
mailing list