checkrad not called after upgrade to 2.x and virtual servers.

Alan DeKok aland at
Wed Jun 25 09:16:11 CEST 2008

Matthew Schumacher wrote:
> I have a fairly standard implementation other than a custom checkrad
> script and virtual servers.  Today when debugging some simultaneous use
> issues I discovered that radiusd isn't calling checkrad and is logging
> this when I run in debug mode:
> checkrad: Unknown NAS x.x.x.x, not checking

  Ah... the NAS isn't defined globally, so it isn't being used.

> I couldn't find anything in the documentation that refers to a change in
> checkrad behavior when dealing with virtual servers, so I'm assuming
> that if the client is defined and the dsl virtual server can find it and
> authenticate customers against it then shouldn't the client.c code also
> find it and pass session and username to checkrad?

  In theory, yes.  The issue (IIRC) is that the client is either tied to
a virtual server, or to a specific "listen" section.  The API used by
checkrad hasn't been updated to handle some of the new features, so the
client isn't being found.

  Part of the issue is that in 2.0, the client can be defined *multiple*
times, with *different* shared secrets.  It can be difficult to say
which one to use.

  If it's OK to find the client that is tied to the virtual server, that
should be possible.

  Alan DeKok.

More information about the Freeradius-Devel mailing list