NAS-IP-Address or NAS-Identifier in Access-Request?

Eric Geier me at egeier.com
Tue Aug 16 21:48:47 CEST 2011


Understood, thanks!

Can I log the source IP address to the Post-Auth DB table?

Thanks,
Eric


-----Original Message-----
From: freeradius-users-bounces+me=egeier.com at lists.freeradius.org
[mailto:freeradius-users-bounces+me=egeier.com at lists.freeradius.org] On
Behalf Of Alan DeKok
Sent: Tuesday, August 16, 2011 10:38 AM
To: FreeRadius users mailing list
Subject: Re: NAS-IP-Address or NAS-Identifier in Access-Request?

Eric Geier wrote:
> Yes I read that in the RFC, but was wondering what vendors usually do, 
> what's the most typical, etc. I'm also wondering the same about the 
> Calling-Station-Id and Called-Station-ID. But sounds like those aren't 
> included very often, completely optional.

  There's no way to know what is typical.  There are many dozens of vendors,
each  of whom has many dozens of products using RADIUS.  Each product may
have dozens of different firmware revisions, each of which behaves slightly
differently.

> But now that I've thought of it, if there isn't a NAS-IP-Address then 
> authentication wouldn't work, right? Cause FR needs to lookup the 
> shared secret based upon the NAS-IP-Address?

  No.  The shared secret is looked up by source IP address.  The
NAS-IP-Address can be anything.  It is pretty much ignored by the core
RADIUS protocol.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list