NAS-Identifier instead of IP

Alexander Clouter alex at digriz.org.uk
Wed Jul 27 10:51:02 CEST 2011


Gunther <freeradius at caribsms.com> wrote:
>
> [snipped]
>
> Here comes the problem!
>
> Now radiusd receives a request from a different client/NAS, but with 
> the same IP address:
>
> Since the IP is already in the memory resident client/nas list, there 
> is no need to search the database again.
>
> The different NAS-Identifier and different shared secret is ignored 
> and the Access-Request is accepted.
> 
Your pants *might* explode but a glance at the source says you could 
either:
 * set client lifetime to '-1' (means the check in 
	main/listen.c:client_listener_find() possibly is bypassed),
	Alan, possibiliy unintended, made it an int and so setting it to 
	a negative value could make the lookup expire instantly
 * subscribe to the school-of-commenting and comment out from 
	main/listen.c:client_listener_find()
----
if ((client->created + client->lifetime) > now) return client;
----

Cheers

-- 
Alexander Clouter
.sigmonster says: Do not attempt this in your home.




More information about the Freeradius-Devel mailing list