[RADIATOR] [External] Re: Client definition stanza

Hugh Irvine hugh at open.com.au
Thu Feb 27 02:27:42 UTC 2020 

Hi Neil -

Apologies - shouldn’t have answered before coffee….

Heikki will get back to you later.

;-/

Hugh


> On 27 Feb 2020, at 06:09, Johnson, Neil M <neil-johnson at uiowa.edu> wrote:
> 
> Hugh,
>  
> I ended having to spilt the configuration into separate <Client> stanza’s:
>  
> ## LC Data Center client definitions
> # LC Nexus in-rack switches
> <Client 172.24.144.0/24>
>     IdenticalClients fd9a:2c75:7d0c:6400::/64
>     Identifier LC_NET_Clients
>     Secret <SECRET>
>     DupInterval 0
> </Client>
>  
> # LC Nexus in-rack switches (Research)
> <Client 172.24.145.0/24>
>     IdenticalClients fd9a:2c75:7d0c:6600::/64
>     Identifier LC_NET_Clients
>     Secret <SECRET>
>     DupInterval 0
> </Client>
>  
> That seems to work.
>  
> -- 
> Neil Johnson
> 319 384-0938
> neil-johnson at uiowa.edu
>  
>  
> From: radiator <radiator-bounces at lists.open.com.au> on behalf of Neil Johnson <neil-johnson at uiowa.edu>
> Date: Wednesday, February 26, 2020 at 12:33 PM
> To: Hugh Irvine <hugh at open.com.au>
> Cc: "radiator at lists.open.com.au" <radiator at lists.open.com.au>
> Subject: Re: [RADIATOR] [External] Re: Client definition stanza
>  
>  
> Hugh,
>  
> You may want to update your documentation as well. Because on page 92 under the section for the IdenticalClients statement it says:
> “You can have any number of IdenticalClients lines”
>  
> -Neil
>  
> -- 
> Neil Johnson
> 319 384-0938
> neil-johnson at uiowa.edu
>  
>  
> From: radiator <radiator-bounces at lists.open.com.au> on behalf of Neil Johnson <neil-johnson at uiowa.edu>
> Date: Wednesday, February 26, 2020 at 12:21 PM
> To: Hugh Irvine <hugh at open.com.au>
> Cc: "radiator at lists.open.com.au" <radiator at lists.open.com.au>
> Subject: Re: [RADIATOR] [External] Re: Client definition stanza
>  
> Additional data point, if I use IPv4 addresses it works fine.
>  
> -Neil
>  
>  
> -- 
> Neil Johnson
> 319 384-0938
> neil-johnson at uiowa.edu
>  
>  
> From: Neil Johnson <neil-johnson at uiowa.edu>
> Date: Wednesday, February 26, 2020 at 12:04 PM
> To: Hugh Irvine <hugh at open.com.au>
> Cc: "radiator at lists.open.com.au" <radiator at lists.open.com.au>
> Subject: Re: [External] Re: [RADIATOR] Client definition stanza
>  
>  
> Hugh,
>  
> I changed the stanza as requested:
>  
> <Client 172.24.144.0/24>
>     IdenticalClients 172.24.145.0/24, fd9a:2c75:7d0c:6400::/64, fd9a:2c75:7d0c:6600::/64
>     Identifier LC_NET_Clients
>     Secret <SECRET>
>     DupInterval 0
> </Client>
>  
> Same results. Connections from fd9a:2c75:7d0c:6400::1a are reported as from an unknown client, but connections from fd9a:2c75:7d0c:6600::b work fine?
>  
> From the log:
>  
> Wed Feb 26 11:55:40 2020: NOTICE: Request from unknown client fd9a:2c75:7d0c:6400::1a: ignored
>  
> Wed Feb 26 11:58:26 2020: AUTH: User lu_nmjoo SUCCESSFULLY authenticated to device fd9a:2c75:7d0c:6600::b ()
>  
> I am running version 4.22
>  
> -Neil
>  
> -- 
> Neil Johnson
> 319 384-0938
> neil-johnson at uiowa.edu
>  
>  
> From: Hugh Irvine <hugh at open.com.au>
> Date: Tuesday, February 25, 2020 at 6:35 PM
> To: Neil Johnson <neil-johnson at uiowa.edu>
> Cc: "radiator at lists.open.com.au" <radiator at lists.open.com.au>
> Subject: [External] Re: [RADIATOR] Client definition stanza
>  
>  
> Hello Neil -
>  
> IdenticalClients expects a list - in your case the last line has replaced the other lines.
>  
> Try this:
>  
>  
> <Client 172.24.144.0/24>
>     # LC Research Switches
>     IdenticalClients 172.24.145.0/24, fd9a:2c75:7d0c:6600::/64, fd9a:2c75:7d0c:6400::/64
>     …..
>  
>  
> regards
>  
> Hugh
>  
>  
>> On 26 Feb 2020, at 10:12, Johnson, Neil M <neil-johnson at uiowa.edu> wrote:
>> Given the following stanza:
>>   
>> <Client 172.24.144.0/24>
>>      IdenticalClients fd9a:2c75:7d0c:6400::/64
>>      # LC Research Switches
>>      IdenticalClients 172.24.145.0/24
>>      IdenticalClients fd9a:2c75:7d0c:6600::/64
>>      #
>>      Identifier LC_NET_Clients
>>      Secret <SECRET>
>>      DupInterval 0
>> </Client>
>>   
>> Why would connections from fd9a:2c75:7d0c:6400::1a be reported as from an unknown client, but connections from fd9a:2c75:7d0c:6600::b work fine?
>>   
>> Thanks!
>> -Neil
>>   
>> -- 
>> Neil Johnson
>> Network Architect
>> The University of Iowa
>> 319 384-0938
>> neil-johnson at uiowa.edu
>>   
>>   
>> _______________________________________________
>> radiator mailing list
>> radiator at lists.open.com.au
>> https://lists.open.com.au/mailman/listinfo/radiator
>  
>  
> --
>  
> Hugh Irvine
> hugh at open.com.au
>  
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER, SIM, etc. 
> Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc.


--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc. 
Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc.

More information about the radiator mailing list