[RADIATOR] BindAddress question

Heikki Vatiainen hvn at open.com.au
Thu Jun 9 12:50:10 CDT 2011 

On 06/09/2011 05:37 PM, Dyonisius Visser wrote:
> Well, I installed a second instance on a dual stack host, and I tested
> various combinations:

Thanks for the summary.

> BindAddress 192.87.30.31,ipv6:2001:610:148:dead::31
>     I.e. hardcoded addresses - this works, both IPv4 and IPv6 clients work
> 
> BindAddress ipv6:::
>    IPv4 blocked (NOTICE: Request from unknown client 192.87.30.32: ignored)

This should work if you specify your client like this:

<Client ipv6:::ffff:192.87.30.32>

Since the request arrived over IPv4 but was delivered to the application
by IPv6 wildcard socket, the IPv4 address is presented as an IPv6
address. See

http://tools.ietf.org/html/rfc4291#section-2.5.5

section "2.5.5.2. IPv4-Mapped IPv6 Address". The purpose of this mapping
is to let the application to know was the message received over IPv6 or
IPv4 since the socket can handle both protocols.


> BindAddress 0.0.0.0
>   This is the default. IPv4 clients work. IPv6 clients DO NOT work,
> and worse, nothing is logged by radiator, no "request from unknown
> client 2001:610:blah:blah"
> 
> BindAddress ipv6:::,0.0.0.0
>   Startup gives some errors, and only IPv6 works:
> Thu Jun  9 16:25:54 2011: DEBUG: Finished reading configuration file
> '/etc/radiator/radius.cfg'
> Thu Jun  9 16:25:54 2011: DEBUG: Reading dictionary file
> '/etc/radiator/db/dictionary'
> Thu Jun  9 16:25:54 2011: DEBUG: Creating authentication port ipv6::::1812
> Thu Jun  9 16:25:54 2011: DEBUG: Creating accounting port ipv6::::1813
> Thu Jun  9 16:25:54 2011: DEBUG: Creating authentication port 0.0.0.0:1812
> Thu Jun  9 16:25:54 2011: ERR: Could not bind authentication socket:
> Address already in use
> Thu Jun  9 16:25:54 2011: DEBUG: Creating accounting port 0.0.0.0:1813
> Thu Jun  9 16:25:54 2011: ERR: Could not bind accounting socket:
> Address already in use
> Thu Jun  9 16:25:54 2011: NOTICE: Server started: Radiator 4.8 on radius
> Thu Jun  9 16:25:55 2011: NOTICE: Request from unknown client
> 145.100.98.42: ignored
> 
> BindAddress 0.0.0.0,ipv6:::
>   Also some errors, only IPv4 works, and also nothing logged when an
> IPv6 client connects:
> Thu Jun  9 16:27:42 2011: DEBUG: Finished reading configuration file
> '/etc/radiator/radius.cfg'
> Thu Jun  9 16:27:42 2011: DEBUG: Reading dictionary file
> '/etc/radiator/db/dictionary'
> Thu Jun  9 16:27:42 2011: DEBUG: Creating authentication port 0.0.0.0:1812
> Thu Jun  9 16:27:42 2011: DEBUG: Creating accounting port 0.0.0.0:1813
> Thu Jun  9 16:27:42 2011: DEBUG: Creating authentication port ipv6::::1812
> Thu Jun  9 16:27:42 2011: ERR: Could not bind authentication socket:
> Address already in use
> Thu Jun  9 16:27:42 2011: DEBUG: Creating accounting port ipv6::::1813
> Thu Jun  9 16:27:42 2011: ERR: Could not bind accounting socket:
> Address already in use
> Thu Jun  9 16:27:42 2011: NOTICE: Server started: Radiator 4.8 on radius
> 
> 
> So the only way I can radiator to accept requests from both protocols,
> is to hardcode the interface addresses.
> 
> Would it be possible to have radiator listen to 4+6 without hard coding?
> 
> I think that option (whatever it looks like) should be the default.
> 
> If possible, can the behavior of the current default ('BindAddress
> 0.0.0.0') be changed so that it actually logs ignored incoming
> requests?
> I've spend quite some time figuring out what is going on, and only
> tcpdump revealed that requests are actually reaching my box.
> 
> Thanks :-)
> 


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list