Beginner need help
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Thu Sep 25 08:48:42 CEST 2014
Hi,
> My understanding is that source IP address of the Access-Request packets must be the NAS IP address which is "NAS-IP-Address". Apparently this is different to the Attribute description.
>
> Could anybody explain?
sure.
the NAS-IP-Address is set by the NAS - so it SHOULD be its IP address in a nice world. okay
thats clear....however, the packet might be reaching your RADIUS server via some other
route - lets say, eg a NAT gateway, a RADIUS server (it has been proxied) or from some
central controller (thinking of some of the WiFi solutions out there) - in which case
the NAS-IP-Address is NOT the source IP address of the packet.
the NAS-IP-Address is also part of the RADIUS datagram - so you've already started to
analyse the packet contents really before you can - eg how did you ensure the packet
contents were correct, verify the message authenticator or ensured the content values
by using the shared secret? you didnt.
the RADIUS datagram comes in. you see the source address of the packet. look up the client,
get its shared secret, work on the packet.
alan
More information about the Freeradius-Users
mailing list