NAS-Identifier instead of IP

Alexander Clouter alex at
Wed Jul 27 10:51:02 CEST 2011

Gunther <freeradius at> wrote:
> [snipped]
> Here comes the problem!
> Now radiusd receives a request from a different client/NAS, but with 
> the same IP address:
> Since the IP is already in the memory resident client/nas list, there 
> is no need to search the database again.
> The different NAS-Identifier and different shared secret is ignored 
> and the Access-Request is accepted.
Your pants *might* explode but a glance at the source says you could 
 * set client lifetime to '-1' (means the check in 
	main/listen.c:client_listener_find() possibly is bypassed),
	Alan, possibiliy unintended, made it an int and so setting it to 
	a negative value could make the lookup expire instantly
 * subscribe to the school-of-commenting and comment out from 
if ((client->created + client->lifetime) > now) return client;


Alexander Clouter
.sigmonster says: Do not attempt this in your home.

More information about the Freeradius-Devel mailing list