Checkrad and IPv6 NAS IP address

Alan DeKok aland at deployingradius.com
Sun Sep 5 22:58:24 CEST 2021 

On Sep 5, 2021, at 12:54 PM, Fabricio Viana <fabricioviana at hotmail.com> wrote:
> All packets arriving for FreeRadius have only the NAS-IPv6-Address attribute. NAS-IP-Address attribute is not sent by Mikrotik in this scenario.

  That's fine.

> I am able to authenticate clients successfully, as well as using the radclient command to disconnect. I'm using MySQL database and changed the query to store the NAS-IPv6-Address attribute in the nasipaddress field of the radacct table.

  That's only necessary if you're running a very old version of FreeRADIUS.  The default queries have supported NAS-IPv6-Address for a long time.

> The problem is with checkrad: when I need to check for simultaneous connections I get the following error:
> 
> (0) sql: Executing select query: SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = 'joseph.test' AND acctstoptime IS NULL
> checkrad: Unknown NAS 255.255.255.255, not checking
> 
>  The IP address that is in the nasipaddress field is 2804:444:1:1::2 and not 255.255.255.255.

  Yes.  Unfortunately, the checkrad / Simultaneous-Use code in rlm_sql.c hasn't been updated for v4.

> Looking for the error message I found the session.c file in the Freeradius project on Github (https://github.com/redBorder/freeradius/blob/master/src/main/session.c).

  Huh?  The main FreeRADIUS GitHub repository is at https://github.com/FreeRADIUS/freeradius-server/  It's pointed to from http://freeradius.org.

  I don't recommend looking at third-party repositories for FreeRADIUS.  They are many years out of date.

> It seemed to me that checkrad is always waiting for IPv4. In any case I could be wrong because I don't know the C language.
> 
> My checkrad script isn't even called.
> 
> Below is the Access-Request package and the freeradius -X command output.
> 
> Would anyone know how to get around this problem? Check simultaneous users using MySQL and IPv6 as NAS IP address?

  Patch rlm_sql.c to accept IPv6 addresses.  This requires code changes.  I'll take a look.

  Alan DeKok.

More information about the Freeradius-Users mailing list