NAS-Identifier instead of IP
Alexander Clouter
alex at digriz.org.uk
Wed Jul 27 10:51:02 CEST 2011
Gunther <freeradius at caribsms.com> wrote:
>
> [snipped]
>
> Here comes the problem!
>
> Now radiusd receives a request from a different client/NAS, but with
> the same IP address:
>
> Since the IP is already in the memory resident client/nas list, there
> is no need to search the database again.
>
> The different NAS-Identifier and different shared secret is ignored
> and the Access-Request is accepted.
>
Your pants *might* explode but a glance at the source says you could
either:
* set client lifetime to '-1' (means the check in
main/listen.c:client_listener_find() possibly is bypassed),
Alan, possibiliy unintended, made it an int and so setting it to
a negative value could make the lookup expire instantly
* subscribe to the school-of-commenting and comment out from
main/listen.c:client_listener_find()
----
if ((client->created + client->lifetime) > now) return client;
----
Cheers
--
Alexander Clouter
.sigmonster says: Do not attempt this in your home.
More information about the Freeradius-Devel
mailing list