[ previous ] [ next ] [ threads ]
 
 From:  "Jonathan De Graeve" <Jonathan dot De dot Graeve at imelda dot be>
 To:  "Lee Sharp" <leesharp at hal dash pc dot org>, "m0n0wall" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] new RADIUS images
 Date:  Fri, 11 Nov 2005 15:50:50 +0100
I pretty sure they just saw NAS-IP-Address from the radius server as a
server assigned attribute (not from the m0n0wall, because he doesn't
sent that)

When in access-requests / accounting-requests NAS-IP-Address is missing
(then NAS-Identifier must be set, which is) the RADIUS will assign the
NAS-IP-Address with value of the source-ip of the packet. No matter
which interface the packet goes out on the m0n0wall, the NAS-IP will
always be correct in this matter ;)

It's only a problem when you have dynamic ip, and still want to lock on
NAS-IP-Address (which can be static)

J.


--
Jonathan De Graeve
Network/System Administrator
Imelda vzw
Informatica Dienst
015/50.52.98
Jonathan dot de dot graeve at imelda dot be

> -----Oorspronkelijk bericht-----
> Van: Lee Sharp [mailto:leesharp at hal dash pc dot org]
> Verzonden: vrijdag 11 november 2005 15:31
> Aan: m0n0wall
> Onderwerp: Re: [m0n0wall] new RADIUS images
> 
> From: "Jonathan De Graeve" <Jonathan dot De dot Graeve at imelda dot be>
> 
> > Are you sure?
> 
> > Since the NAS-IP-Address appeared just recently in my images (before
> > 2005/11/07 there wasn't any)
> 
> The 3rd parts RADIUS server was accepting login (and said they were
> getting
> NAS-IP) with 1.2b10.wd2.21-radius2 for a while.  Then again, they have
> consistently been less than helpful, so it may be RADIUS assuming it
like
> you said.
> 
>                         Lee
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>