of RADSEC and clients...

Alan Buxey a.l.m.buxey at lboro.ac.uk
Thu Jun 9 12:41:06 CEST 2011


hi,

first up, quick little wierd niggle.

if i define a client as a radsec client but make a silly
error, eg i use ip6addr rather than ipv6addr, then the server
still accepts the value and that remote IPv6 client can get access.


if, however, I make the same mistake in the home_server section
then radiusd barfs out saying 

/etc/raddb/sites-enabled/tls[309]: No ipaddr, ipv6addr, or virtual_server defined for home server "tls"


I verified this with a deliberate break, grepping for the output:

[root at server freeradius-server]# radiusd -fxx -l stdout | grep "IPv6 address"
	ipv6addr = roaming.me.com IPv6 address [2a01:600:100:128::188]
	ipv6addr = 2001:db8:101:80:20c:29ff::168 IPv6 address [2001:0db8:301:1080:20c:29ff::168]
	ipv6addr = :: IPv6 address [::]

[root at server freeradius-server]# !vi
vi /etc/raddb/sites-enabled/tls
[root at server freeradius-server]# radiusd -fxx -l stdout | grep "IPv6 address"
	ipv6addr = roaming.me.com IPv6 address [2a01:600:100:128::188]
	ipv6addr = :: IPv6 address [::]


also, for RADSEC the clients have their own configuration section......will these
be able to go into eg SQL naslist at some point (our current clients are all in postgresql
table....) or can the daemon handle them being defined and called in from eg clients-tls.conf ??


many thanks

alan



More information about the Freeradius-Devel mailing list