NAS-Identifier instead of IP
alex at digriz.org.uk
Wed Jul 27 10:51:02 CEST 2011
Gunther <freeradius at caribsms.com> wrote:
> Here comes the problem!
> Now radiusd receives a request from a different client/NAS, but with
> the same IP address:
> Since the IP is already in the memory resident client/nas list, there
> is no need to search the database again.
> The different NAS-Identifier and different shared secret is ignored
> and the Access-Request is accepted.
Your pants *might* explode but a glance at the source says you could
* set client lifetime to '-1' (means the check in
main/listen.c:client_listener_find() possibly is bypassed),
Alan, possibiliy unintended, made it an int and so setting it to
a negative value could make the lookup expire instantly
* subscribe to the school-of-commenting and comment out from
if ((client->created + client->lifetime) > now) return client;
.sigmonster says: Do not attempt this in your home.
More information about the Freeradius-Devel