rlm_python: Access Request source IP Address is missing from authorize(p) function argument

Gleb Lisikh in4bit.general at gmail.com
Sat Jun 13 03:53:08 CEST 2020

Hi Alan,

In the current lab setup I do get NAS MAC in a request packet in
Well... this is not MAC field strictly speaking, of course, but the MAC is
there because of the way NAS identifies itself in this case, and  which
obviously cannot be relied upon in all the cases. I was merely looking for
more ways of validating NAS, because IP address can change, so can MAC, but
unlikely both at the same time.

Hope this makes sense. Making progress slowly but surely - thanks to you !


On Sun, May 31, 2020 at 12:23 PM Alan DeKok <aland at deployingradius.com>

> > On May 31, 2020, at 12:09 PM, Gleb Lisikh <in4bit.general at gmail.com>
> wrote:
> >
> > I might need source MAC
>   That's just not available.  The only way to get that is with PCAP.  The
> standard socket APIs don't supply that.
>   And I'm curious why source MAC matters.  If you need to see which
> machine sent the RADIUS packet, look at (a) source IP, or (b)
> NAS-Identifier.
>   The NAS-Identifier is supposed to identity a NAS.  Source MAC tells you
> pretty much nothing.
>   Alan DeKok.

More information about the Freeradius-Users mailing list