(RADIATOR) Problem with authentication - Source IP differs due to OSPF

Separovic, Jason jseparov at uecomm.com.au
Tue Sep 25 20:35:31 CDT 2001


I'm having a problem with authenticating Enterasys SSR8600s. I set the
source address on the router to it's loopback. This is the same as the
client address I put into radiator. But when the router sends an
authentication request it sends it on the closest interface due to OSPF
(which is usually not its loopback). This is a problem with how to router
sends requests to radius. I need some sort of workaround until Enterasys
fixes this problem. Can I get Radiator to authenticate against the
NAS-IP-address value and not the Socket address value? I'm fairly confident
in writing in perl but I don't won't to go changing things willy nilly. I
thought a simple way to do this would be to get radiator to do the client
lookup using the NAS-IP-address value and not the Socket address value. Is
this a simple fix? If so where is the reference made?

Thanks
Jason



*** Received from 203.94.128.21 port 1870 ....
Code:       Accounting-Request
Identifier: 6
Authentic:  <23><24><131>C'8<245>>*<3>Z<235><203><179><166><213>
Attributes:
        Acct-Status-Type = Stop
        Acct-Session-Id = "0"
        Acct-Authentic = RADIUS
        Acct-Authentic = Local
        User-Name = "root"
        Service-Type = NAS-Prompt-User
        NAS-IP-Address = 172.17.128.1

Fri Sep 21 16:16:29 2001: NOTICE: Request from unknown client 203.94.128.21:
ignored
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list