dupe client entry in clients.conf

Alan DeKok aland at nitros9.org
Fri May 5 20:03:12 CEST 2006


"Duane Cox" <duanec at mail.illicom.net> wrote:
> Would it be valid to list a host twice in clients.conf.   Each listing would
> have a unique shared secret and shortname?

  No.  The shared secret is keyed off of the IP, and the IP's have to
be unique.

> host 192.168.1.1 has two applications that run.  One is a NMS monitoring
> package (sends rad packets to the radius server to verify it's running and
> operating with the db correctly).  The second is an authentication and
> bandwidth provisioning system.

  RADIUS assumes that all client software on an IP is the "same"
application.  e.g. a NAS, not a desktop.  So running RADIUS on systems
with multiple clients is awkward.

> I could configure both apps to use the same shared secret and shortname if I
> have to, but I like that fact that I can look at the radius logs and see the
> logs from the specific apps.

  Can't you look at the *contents* of the packet to see which one it
is?  That's what the NAS-Identifier string is for.  The different apps
could (i.e. should) send different NAS-Identifiers.

> I have added both clients to clients.conf and restarted radius.  I didn't
> see any errors or warnings about it.

  The second will be silently ignored.

  Alan DeKok.




More information about the Freeradius-Users mailing list