(RADIATOR) Problem with authentication - Source IP differs due to OSPF

Hugh Irvine hugh at open.com.au
Tue Sep 25 22:08:44 CDT 2001 

Hello Jason -

Why don't you just add a Client DEFAULT clause?

# define a DEFAULT client as a catch-all

<Client DEFAULT>
	Secret ....
	.....
</Client>

hth

Hugh


On Wednesday 26 September 2001 11:35, Separovic, Jason wrote:
> I'm having a problem with authenticating Enterasys SSR8600s. I set the
> source address on the router to it's loopback. This is the same as the
> client address I put into radiator. But when the router sends an
> authentication request it sends it on the closest interface due to OSPF
> (which is usually not its loopback). This is a problem with how to router
> sends requests to radius. I need some sort of workaround until Enterasys
> fixes this problem. Can I get Radiator to authenticate against the
> NAS-IP-address value and not the Socket address value? I'm fairly confident
> in writing in perl but I don't won't to go changing things willy nilly. I
> thought a simple way to do this would be to get radiator to do the client
> lookup using the NAS-IP-address value and not the Socket address value. Is
> this a simple fix? If so where is the reference made?
>
> Thanks
> Jason
>
>
>
> *** Received from 203.94.128.21 port 1870 ....
> Code:       Accounting-Request
> Identifier: 6
> Authentic:  <23><24><131>C'8<245>>*<3>Z<235><203><179><166><213>
> Attributes:
>         Acct-Status-Type = Stop
>         Acct-Session-Id = "0"
>         Acct-Authentic = RADIUS
>         Acct-Authentic = Local
>         User-Name = "root"
>         Service-Type = NAS-Prompt-User
>         NAS-IP-Address = 172.17.128.1
>
> Fri Sep 21 16:16:29 2001: NOTICE: Request from unknown client
> 203.94.128.21: ignored
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list