help-gnu-radius
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnu-radius] combining Simultaneous-Use attribute

From: List User
Subject: Re: [Help-gnu-radius] combining Simultaneous-Use attribute
Date: Thu, 23 Oct 2003 17:51:38 -0700 
10.0.0.250 and  10.0.0.244 are IP addresses of the client machine. Client
computers (where the same user logs in) are connecting to NAS. NAS has two
interfaces:

1. 10.0.0.1 which client machines are connected to
2. 192.168.222.2 - which communicates with the Raduis (192.168.222.4)

Radius log:

ct 22 17:27:47 Auth.notice: (AUTHREQ 192.168.222.2 40 mama): Login OK
[mama], CLID unknown
Oct 22 17:27:56 Auth.notice: check_ts(): unknown NAS
Oct 22 17:27:56 Auth.notice: (AUTHREQ 192.168.222.2 41 mama): Login OK
[mama], CLID unknown
Oct 22 17:28:07 Auth.notice: (AUTHREQ 192.168.222.2 42 mama): Login OK
[mama], CLID unknown
Oct 22 17:38:55 Auth.notice: (AUTHREQ 192.168.222.2 43 mama): Login OK
[mama], CLID unknown


!!!! NOTE NOTE NOTE !!!!

In my setup I don't know the IP addresses of the NAS devices. I have altered
radius source code to allow a common secret for all NAS regadless IPs (we
could not wait til next version of radius). I have altered sources as
follow:

CLIENT *client_lookup_ip(UINT4 ipaddr) (in files.c) I have added a condition
to break for loop:

if (strstr (cl->longname, "255.255.255.255"))

With above said, my NASLIST file is empty. Is having exact IPs addresses of
the NAS devices required for Simultaneou-Use to work? I don't have to store
this value in SQL, but I must allow only 1 login.

Is there a way to accomplish it?

I can alter sources to hard code one login, if needed.

Thanks



----- Original Message ----- 
From: "Sergey Poznyakoff" <address@hidden>
To: "List User" <address@hidden>
Cc: <address@hidden>
Sent: Thursday, October 23, 2003 12:38 AM
Subject: Re: [Help-gnu-radius] combining Simultaneous-Use attribute


> List User <address@hidden> wrote:
>
> > It did not help. I don't have to recompile radius to reflect changes in
the
> > dictionary file, do I?
>
> No, you don't have to recompile it.
>
> > My config info is shown below:
>
> > address@hidden /usr/local/etc/raddb]#radwho -A
> >
> > Login      Name              Proto TTY   When      From      Location
> > mama       mama              42949 0002  Wed 17:11 192.168.2 10.0.0.250
> > mama       mama              42949 0001  Wed 17:11 192.168.2 10.0.0.244
>
> The Proto value is bogus... The NAS seems to send invalid value
> in Framed-Protocol pair.
>
> How are the NASes 10.0.0.250 and 10.0.0.244 declared in your naslist file?
> What do you see in your logs?
>
> Regards,
> Sergey
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]