Beginner need help

Frank Wei Frank.Wei at 4rf.com
Thu Sep 25 07:14:50 CEST 2014 

Hi,

I'm confused about the definition of "NAS-IP-Address" in RFC 2865:

/////////////////////////////////////////////////////////////////////////
This Attribute indicates the identifying IP Address of the NAS
which is requesting authentication of the user, and SHOULD be
unique to the NAS within the scope of the RADIUS server. NAS-IPAddress
is only used in Access-Request packets. Either NAS-IPAddress
or NAS-Identifier MUST be present in an Access-Request
packet.

Note that NAS-IP-Address MUST NOT be used to select the shared
secret used to authenticate the request. The source IP address of
the Access-Request packet MUST be used to select the shared
secret.
/////////////////////////////////////////////////////////////////////////
The description first said NAS-IP-Address is the IP Address of the NAS which is requesting authentication of the user.
Then description said the source IP address (not the NAS-IP-Address) of the Access-Request packet MUST be used to select the shared secret.

My understanding is that source IP address of the Access-Request packets must be the NAS IP address which is "NAS-IP-Address". Apparently this is different to the Attribute description.

Could anybody explain?

Best Regards,


-----Original Message-----
From: freeradius-users-bounces+frank.wei=4rf.com at lists.freeradius.org [mailto:freeradius-users-bounces+frank.wei=4rf.com at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Tuesday, 23 September 2014 12:45 a.m.
To: FreeRadius users mailing list
Subject: Re: Beginner need help

Himanshu Pandey wrote:
> I modified users configuration file and radiusd.conf.

  If you don't know what you're doing, DO NOT EDIT THE FILES.

  This isn't difficult.

> I have attached radiusd.conf file.

  I'm not going to read it.  The default radiusd.conf file works.  Use it.

> Please tell me what shall I not modify in
> radiusd.conf file. Actually I did some modifications in radiusd.conf
> file since I was getting some error in starting the radius server.

  Nonsense.  The default configuration works.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The information in this email communication (inclusive of attachments) is confidential to 4RF Limited and the intended recipient(s). If you are not the intended recipient(s), please note that any use, disclosure, distribution or copying of this information or any part thereof is strictly prohibited and that the author accepts no liability for the consequences of any action taken on the basis of the information provided. If you have received this email in error, please notify the sender immediately by return email and then delete all instances of this email from your system. 4RF Limited will not accept responsibility for any consequences associated with the use of this email (including, but not limited to, damages sustained as a result of any viruses and/or any action or lack of action taken in reliance on it).

More information about the Freeradius-Users mailing list