Dear friends, I have added clients client private-network-1 { ipaddr = 192.168.0.244 netmask = 24 secret = testing123-1 shortname = private-network-1 } To the clients.conf. And run command "radius -X". From the debug message I can see the added client loaded. Then from my NAS (with IP 192.168.0.244) I sent a "authentication only" request to the server. The server showed me a message: Ignored,.....Unrecognized client "192.168.0.244" port "1222". What is wrong with my config? Regards, Frank -----Original Message----- From: freeradius-users-bounces+frank.wei=4rf.com@lists.freeradius.org [mailto:freeradius-users-bounces+frank.wei=4rf.com@lists.freeradius.org] On Behalf Of A.L.M.Buxey@lboro.ac.uk Sent: Thursday, 25 September 2014 6:49 p.m. To: FreeRadius users mailing list Subject: Re: Beginner need help Hi,
My understanding is that source IP address of the Access-Request packets must be the NAS IP address which is "NAS-IP-Address". Apparently this is different to the Attribute description.
Could anybody explain?
sure. the NAS-IP-Address is set by the NAS - so it SHOULD be its IP address in a nice world. okay thats clear....however, the packet might be reaching your RADIUS server via some other route - lets say, eg a NAT gateway, a RADIUS server (it has been proxied) or from some central controller (thinking of some of the WiFi solutions out there) - in which case the NAS-IP-Address is NOT the source IP address of the packet. the NAS-IP-Address is also part of the RADIUS datagram - so you've already started to analyse the packet contents really before you can - eg how did you ensure the packet contents were correct, verify the message authenticator or ensured the content values by using the shared secret? you didnt. the RADIUS datagram comes in. you see the source address of the packet. look up the client, get its shared secret, work on the packet. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html The information in this email communication (inclusive of attachments) is confidential to 4RF Limited and the intended recipient(s). If you are not the intended recipient(s), please note that any use, disclosure, distribution or copying of this information or any part thereof is strictly prohibited and that the author accepts no liability for the consequences of any action taken on the basis of the information provided. If you have received this email in error, please notify the sender immediately by return email and then delete all instances of this email from your system. 4RF Limited will not accept responsibility for any consequences associated with the use of this email (including, but not limited to, damages sustained as a result of any viruses and/or any action or lack of action taken in reliance on it).