[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnu-radius] RE: Problem wiht NAS-Identifier
From: |
Sergey Poznyakoff |
Subject: |
Re: [Help-gnu-radius] RE: Problem wiht NAS-Identifier |
Date: |
Thu, 08 Aug 2002 09:54:25 +0300 |
> NAS-Identifier, i'ts work pretty good. but is there anyway to make =
> NAS-Identifier work ?
It depends only on your NAS, namely whether it sends NAS-Identifier or
it does not. Notice the following:
1) RFC2865 requires that "Either NAS-IP-Address or NAS-Identifier MUST be
present in an Access-Request packet". Thus, if your raddb/users
profile works with NAS-IP-Address then it is *guaranteed not to work*
with NAS-Identifier and vice-versa. Generally speaking it is safer
to use NAS-IP-Address.
2) NAS-Identifier does not represent the IP of the requesting NAS (as
you seem to imply in your previous posting). According to RFC, it is
merely "a string identifying the NAS originating the Access-Request".
It may contain almost anything.
> and , if i have more than one NAS-IP-Address can i put all of them in a =
> single line? or in sperate "Default "? as shown in example below,
>
> DEFAULT Auth-Type = Local, Password-Location = SQL,
> NAS-IP-Address = 192.168.0.126 172.16.0.126 =
> 10.100.0.126,
> Simultaneous-Use = 1
> Service-Type = Framed-User,
> Framed-Protocol = PPP
>
No, it would produce an error. NAS-IP-Address has IP data type and its
value must be exactly one IP address. There are several possibilities
1) If users coming from all your NASes are authenticated via the same
profile, you shouldn't use NAS-IP-Address at all:
DEFAULT Auth-Type = Local,
Password-Location = SQL,
Simultaneous-Use = 1
Service-Type = Framed-User,
Framed-Protocol = PPP
2) Otherwise, if they are to pass through different profiles, use
raddb/huntgroups to group your NASes into clusters, e.g.:
#raddb/huntgroups
NASGROUP1 NAS-IP-Address = 192.168.0.126 NULL
NASGROUP1 NAS-IP-Address = 172.16.0.126 NULL
NASGROUP1 NAS-IP-Address = 10.100.0.126 NULL
NASGROUP2 NAS-IP-Address = 192.168.0.1 NULL
NASGROUP2 NAS-IP-Address = 192.168.0.2 NULL
#raddb/users
DEFAULT Huntgroup-Name = NASGROUP1,
Auth-Type = Local,
Password-Location = SQL,
Simultaneous-Use = 1
Service-Type = Framed-User,
Framed-Protocol = PPP
DEFAULT Huntgroup-Name = NASGROUP2,
Auth-Type = <whatever>
...
Regards,
Sergey