lifetime of dynamic clients

steve at comitcon.be steve at comitcon.be
Wed Oct 2 20:14:26 CEST 2013 

For those interested:

Information gotten from

http://sourceforge.net/apps/trac/hotcakes/wiki/YfiTechDynamicClients

In regards to the usage of Called_Station_Id, rlm_raw and SQL checks.

Kind regards

Steve
>
>> 1. FreeRadius lacks the ability to actually run Nas's behind a link with
>> a
>> dynamic IP. Although not recommended, this software does not support a
>> proper way of dealing with this.
>
>   Nonsense.  This is a fundamental limitation of the RADIUS protocol.
>
>   If you want to use dynamic IPs, use a VPN, or TLS (RFC 6614)
>
>> This is indeed a fake. I have added this in mysql in the nas table under
>> the field community (described in ify /yfi setup). The connection
>> actually
>> works. I can (ab)use this field as much as desired
>
>   Because RADIUS depends on source IP.
>
>>>   Of course.  RADIUS depends on IP addresses, not on Called-Station-Id.
>>>  This is documented in the "dynamic_clients" configuration.  Right at
>>> the top of the virtual server.
>>
>> Yes, I have read the documentation (multiple sources, google etc...) I
>> was
>> just wondering what happens when you use the raw module.
>
>   It's not distributed with the server.  So it's not a supported module.
>  And no, I don't use it.
>
>   And no, you haven't read the documentation.  The files I mentioned
> *clearly* states that the dynamic clients use and cache the source IP.
> They say NOTHING about checking the Called-Station-Id for each packet.
>
>> Is a client defined by a NAS or a user?
>
>   RADIUS clients are defined by source IP.  The documentation you
> allegedly read makes this clear.  So there's no need to ask the above
> question... because the documentation already answers it.
>
>> The output shows indeed when it goes through the the dynamic server
>> section and once it is authenticated it only runs through the default
>> (which is understandable)
>
>   So... *nothing* else in the debug output is useful to you.
>
>   I guess you've read it as carefully as you've read the documentation.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list