[RADIATOR] Multiple client identifiers with same IP
Hugh Irvine
hugh at open.com.au
Thu Oct 8 18:07:57 CDT 2009
Hello Jim -
No this won't work, the second definition will overwrite the first one.
Yes you will need to use just the one Identifier and add an additional
check in the Handler definition.
regards
Hugh
BTW - you should always test any configuration modifications in the
lab before deploying in production.
On 9 Oct 2009, at 00:19, Jim Tyrrell wrote:
> Is it valid to have multiple Client identifiers with the same IP?
>
> I have a client identifier which refers to a group of LNS, however I
> wanted to change the behaviour of a specific LNS for a specific
> handler
> so I added another identifier for the specific LNS as below:
>
> -----------------------------------------
> <Client 10.0.0.1>
> Identifier LNSgroup
> Secret secretpass
> IdenticalClients 10.0.0.2
> IdenticalClients 10.0.0.3
> </Client>
>
> <Client 10.0.0.1>
> Identifier LNS1
> Secret secretpass
> </Client>
>
> <Handler Client-Identifier = LNS1, Realm =
> /(realm1.com|realm2.com|realm3.com)/>
> AuthByPolicy ContinueAlways
> <AuthBy TEST>
> <blah>
> </AuthBy>
> </Handler>
>
> <Handler Client-Identifier = LNSgroup, Realm =
> /(realm1.com|realm2.com|realm3.com)/>
> AuthByPolicy ContinueAlways
> <AuthBy TEST>
> <blah>
> </AuthBy>
> </Handler>
>
> <Handler Client-Identifier = LNSgroup, Realm =
> /(realmX.com|realmY.com|realmZ.com)/>
> AuthByPolicy ContinueAlways
> <AuthBy TEST>
> <blah>
> </AuthBy>
> </Handler>
> -----------------------------------------
>
> I could of sworn I had done something like this before but when I
> tried
> it I ended up with all requests being rejected for Realms X,Y & Z from
> LNS1, not sure if Realms 1,2&3 and the other LNS were as well or not
> as
> I panicked and didnt wait to find out. :P
>
> They authentication didnt match any of the above handlers:
>
> Thu Oct 8 13:43:38 2009: DEBUG: Handling request with Handler ''
> Thu Oct 8 13:43:38 2009: INFO: Access rejected for user at realmX.com:
> No
> AuthBy found
>
> Is my config invalid? Should I have kept one Client identifier and
> instead added "NAS-Identifier=LNS1" to the 1st handler?
>
> I dont want to make that mistake again! :P
>
> Thanks.
>
> Jim.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator
)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list