Dualstack NAS ignored by RADIUS server when using IPv4
Ondrej Famera
famera at fi.muni.cz
Mon Feb 11 12:47:51 CET 2013
Hi Alan,
On 02/11/2013 11:25 AM, A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
>
>> By adding folloving to nas table it works:
>> id | nasname | shortname | type | ports | secret | community | description | server
>> ----+-------------------+-----------+-------+--------+---------------+-----------+-------------+--------------
>> 2 | 10.0.0.2 | dev1 | other | <NULL> | shared_secret | <NULL> | <NULL> | inner-tunnel
>
>
> but did you either
>
> 1) restart the RADIUS server after this entry got added (plain SQL entries are not dynamic!)
- yes, I restart RADIUS after adding/removing record from DB, but result is that only one address
is resolved per hostname (so dualstack hostname get resolved only to single IPv6 address - in
context of RADIUS server, regular DNS query returns both IPv4 and IPv6 address)
> or
>
> 2) configure the dynamic clients module so that your entries could be read from SQL dynamically?
- i haven't tried this yet, but it looks like i still need to resolve hostnames to addresses
somewhere while my goal was to avoid this and let the RADIUS to do this stuff
- furthermore i have a different secret for every hostname on the same network (like 10.0.0.0/24)
and according to documentation (raddb/sites-available/dynamic_clients) i need to assign secrets
to addresses not hostnames, so it looks again as no-go solution for me
- thanks for suggesting this as improvement for not needing to restart radius every time i add new nas,
i should do some research into it
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Ondrej Famera
unix at fi
More information about the Freeradius-Users
mailing list