[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnu-radius] NAS-IP-Address vs. Client-IP-Address
From: |
Charles Sprickman |
Subject: |
Re: [Help-gnu-radius] NAS-IP-Address vs. Client-IP-Address |
Date: |
Sun, 25 Apr 2004 20:25:56 -0400 (EDT) |
On Thu, 22 Apr 2004, Charles Sprickman wrote:
> Howdy,
>
> Quick question (I hope)... Under FreeRadius, I see an attribute in the
> standard dictionary called "Client-IP-Address". This seems different from
> NAS-IP-Address in that on our outsourced dial clients, NAS-IP contains the
> actual NAS-IP, whereas Client-IP contains the IP of the radius server that
> is proxying to us. This is very handy for us as it lets me very quickly
> pick out these connections with a simple sql query. We use this to alert
> people that they have used more than their allotted free minutes of
> roaming as well.
Just to add to this, I just realized all the work I've done with getting
gnu-radius running is moot. In my huntgroups file, I try to tag incoming
requests based on NAS-IP-Address. The problem is that all of those that
are outsourced dial report the actual NAS IP. I can't possibly build a
list, as the two resellers we use both contract out to multiple providers
and it's enough of a challenge just keeping the dialup numbers straight.
I've also verified that our perl scripts that extract roaming usage from
the accounting DB rely on having the *proxying* radius server's IP in
there and not the actual NAS IP.
Perhaps I'd be better served by hacking up the source to just make
NAS-IP-Address = source of the request? I've been watching tcpdump on
incoming requests from our resellers, and there's nothing in the sent
attributes to indicate the IP of the proxying server. So this seems like
a value that the radius server would have to craft internally.
I see there's already a slight workaround for when the NAS-IP-Address
attribute is missing.
from acct.c:
/* If we didn't find out the NAS address, use the originator's
IP address. */
if (nas_address == 0) {
nas_address = radreq->ipaddr;
ut.nas_address = htonl(nas_address);
}
I would assume that I'd have to do something similar elsewhere (radiusd.c?
radius.c?).
Sounds like a handy config knob, doesn't it? :)
Thanks,
Charles
> Grepping dict/* shows no such attribute in the Gnu-Radius dictionaries.
> If I simply add it (in FreeRadius it's id 1052), will that likely work?
> Or is that an attribute that FreeRadius is generating internally?
>
> Sorry to keep bugging you Sergey, it seems like you're single-handedly
> manning this list. :) Your other suggestions are working perfectly; I
> should be cutting over to gnu completely in a week or two and in the next
> few days I'll be turning it up for accounting only on one of our radius
> servers.
>
> Thanks,
>
> Charles
>
> ___
> Charles Sprickman
> NetEng/SysAdmin
> Bway.net - New York's Best Internet - www.bway.net
> address@hidden - 212.655.9344
>
>
>
> _______________________________________________
> Help-gnu-radius mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/help-gnu-radius
>