dupe client entry in clients.conf
Alan DeKok
aland at nitros9.org
Fri May 5 20:03:12 CEST 2006
"Duane Cox" <duanec at mail.illicom.net> wrote:
> Would it be valid to list a host twice in clients.conf. Each listing would
> have a unique shared secret and shortname?
No. The shared secret is keyed off of the IP, and the IP's have to
be unique.
> host 192.168.1.1 has two applications that run. One is a NMS monitoring
> package (sends rad packets to the radius server to verify it's running and
> operating with the db correctly). The second is an authentication and
> bandwidth provisioning system.
RADIUS assumes that all client software on an IP is the "same"
application. e.g. a NAS, not a desktop. So running RADIUS on systems
with multiple clients is awkward.
> I could configure both apps to use the same shared secret and shortname if I
> have to, but I like that fact that I can look at the radius logs and see the
> logs from the specific apps.
Can't you look at the *contents* of the packet to see which one it
is? That's what the NAS-Identifier string is for. The different apps
could (i.e. should) send different NAS-Identifiers.
> I have added both clients to clients.conf and restarted radius. I didn't
> see any errors or warnings about it.
The second will be silently ignored.
Alan DeKok.
More information about the Freeradius-Users
mailing list