Dualstack NAS ignored by RADIUS server when using IPv4

Ondrej Famera famera at fi.muni.cz
Mon Feb 11 12:47:51 CET 2013

Hi Alan, 

On 02/11/2013 11:25 AM, A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
>> By adding folloving to nas table it works:
>>  id |         nasname   | shortname | type  | ports  |    secret     | community | description |    server    
>> ----+-------------------+-----------+-------+--------+---------------+-----------+-------------+--------------
>>   2 |          |   dev1    | other | <NULL> | shared_secret | <NULL>    | <NULL>      | inner-tunnel
> but did you either
> 1) restart the RADIUS server after this entry got added (plain SQL entries are not dynamic!)
- yes, I restart RADIUS after adding/removing record from DB, but result is that only one address 
is resolved per hostname (so dualstack hostname get resolved only to single IPv6 address - in
context of RADIUS server, regular DNS query returns both IPv4 and IPv6 address)

> or
> 2) configure the dynamic clients module so that your entries could be read from SQL dynamically?

- i haven't tried this yet, but it looks like i still need to resolve hostnames to addresses
somewhere while my goal was to avoid this and let the RADIUS to do this stuff
- furthermore i have a different secret for every hostname on the same network (like 
and according to documentation (raddb/sites-available/dynamic_clients) i need to assign secrets 
to addresses not hostnames, so it looks again as no-go solution for me
- thanks for suggesting this as improvement for not needing to restart radius every time i add new nas,
i should do some research into it

> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Ondrej Famera
unix at fi

More information about the Freeradius-Users mailing list