[RADIATOR] [External] Re: Client definition stanza

Johnson, Neil M neil-johnson at uiowa.edu
Thu Feb 27 10:06:40 UTC 2020 

No problem Hugh!

Sent from my iPhone

> On Feb 26, 2020, at 8:27 PM, Hugh Irvine <hugh at open.com.au> wrote:
> 
> 
> Hi Neil -
> 
> Apologies - shouldn’t have answered before coffee….
> 
> Heikki will get back to you later.
> 
> ;-/
> 
> Hugh
> 
> 
>> On 27 Feb 2020, at 06:09, Johnson, Neil M <neil-johnson at uiowa.edu> wrote:
>> 
>> Hugh,
>> 
>> I ended having to spilt the configuration into separate <Client> stanza’s:
>> 
>> ## LC Data Center client definitions
>> # LC Nexus in-rack switches
>> <Client 172.24.144.0/24>
>>    IdenticalClients fd9a:2c75:7d0c:6400::/64
>>    Identifier LC_NET_Clients
>>    Secret <SECRET>
>>    DupInterval 0
>> </Client>
>> 
>> # LC Nexus in-rack switches (Research)
>> <Client 172.24.145.0/24>
>>    IdenticalClients fd9a:2c75:7d0c:6600::/64
>>    Identifier LC_NET_Clients
>>    Secret <SECRET>
>>    DupInterval 0
>> </Client>
>> 
>> That seems to work.
>> 
>> -- 
>> Neil Johnson
>> 319 384-0938
>> neil-johnson at uiowa.edu
>> 
>> 
>> From: radiator <radiator-bounces at lists.open.com.au> on behalf of Neil Johnson <neil-johnson at uiowa.edu>
>> Date: Wednesday, February 26, 2020 at 12:33 PM
>> To: Hugh Irvine <hugh at open.com.au>
>> Cc: "radiator at lists.open.com.au" <radiator at lists.open.com.au>
>> Subject: Re: [RADIATOR] [External] Re: Client definition stanza
>> 
>> 
>> Hugh,
>> 
>> You may want to update your documentation as well. Because on page 92 under the section for the IdenticalClients statement it says:
>> “You can have any number of IdenticalClients lines”
>> 
>> -Neil
>> 
>> -- 
>> Neil Johnson
>> 319 384-0938
>> neil-johnson at uiowa.edu
>> 
>> 
>> From: radiator <radiator-bounces at lists.open.com.au> on behalf of Neil Johnson <neil-johnson at uiowa.edu>
>> Date: Wednesday, February 26, 2020 at 12:21 PM
>> To: Hugh Irvine <hugh at open.com.au>
>> Cc: "radiator at lists.open.com.au" <radiator at lists.open.com.au>
>> Subject: Re: [RADIATOR] [External] Re: Client definition stanza
>> 
>> Additional data point, if I use IPv4 addresses it works fine.
>> 
>> -Neil
>> 
>> 
>> -- 
>> Neil Johnson
>> 319 384-0938
>> neil-johnson at uiowa.edu
>> 
>> 
>> From: Neil Johnson <neil-johnson at uiowa.edu>
>> Date: Wednesday, February 26, 2020 at 12:04 PM
>> To: Hugh Irvine <hugh at open.com.au>
>> Cc: "radiator at lists.open.com.au" <radiator at lists.open.com.au>
>> Subject: Re: [External] Re: [RADIATOR] Client definition stanza
>> 
>> 
>> Hugh,
>> 
>> I changed the stanza as requested:
>> 
>> <Client 172.24.144.0/24>
>>    IdenticalClients 172.24.145.0/24, fd9a:2c75:7d0c:6400::/64, fd9a:2c75:7d0c:6600::/64
>>    Identifier LC_NET_Clients
>>    Secret <SECRET>
>>    DupInterval 0
>> </Client>
>> 
>> Same results. Connections from fd9a:2c75:7d0c:6400::1a are reported as from an unknown client, but connections from fd9a:2c75:7d0c:6600::b work fine?
>> 
>> From the log:
>> 
>> Wed Feb 26 11:55:40 2020: NOTICE: Request from unknown client fd9a:2c75:7d0c:6400::1a: ignored
>> 
>> Wed Feb 26 11:58:26 2020: AUTH: User lu_nmjoo SUCCESSFULLY authenticated to device fd9a:2c75:7d0c:6600::b ()
>> 
>> I am running version 4.22
>> 
>> -Neil
>> 
>> -- 
>> Neil Johnson
>> 319 384-0938
>> neil-johnson at uiowa.edu
>> 
>> 
>> From: Hugh Irvine <hugh at open.com.au>
>> Date: Tuesday, February 25, 2020 at 6:35 PM
>> To: Neil Johnson <neil-johnson at uiowa.edu>
>> Cc: "radiator at lists.open.com.au" <radiator at lists.open.com.au>
>> Subject: [External] Re: [RADIATOR] Client definition stanza
>> 
>> 
>> Hello Neil -
>> 
>> IdenticalClients expects a list - in your case the last line has replaced the other lines.
>> 
>> Try this:
>> 
>> 
>> <Client 172.24.144.0/24>
>>    # LC Research Switches
>>    IdenticalClients 172.24.145.0/24, fd9a:2c75:7d0c:6600::/64, fd9a:2c75:7d0c:6400::/64
>>    …..
>> 
>> 
>> regards
>> 
>> Hugh
>> 
>> 
>>> On 26 Feb 2020, at 10:12, Johnson, Neil M <neil-johnson at uiowa.edu> wrote:
>>> Given the following stanza:
>>> 
>>> <Client 172.24.144.0/24>
>>>     IdenticalClients fd9a:2c75:7d0c:6400::/64
>>>     # LC Research Switches
>>>     IdenticalClients 172.24.145.0/24
>>>     IdenticalClients fd9a:2c75:7d0c:6600::/64
>>>     #
>>>     Identifier LC_NET_Clients
>>>     Secret <SECRET>
>>>     DupInterval 0
>>> </Client>
>>> 
>>> Why would connections from fd9a:2c75:7d0c:6400::1a be reported as from an unknown client, but connections from fd9a:2c75:7d0c:6600::b work fine?
>>> 
>>> Thanks!
>>> -Neil
>>> 
>>> -- 
>>> Neil Johnson
>>> Network Architect
>>> The University of Iowa
>>> 319 384-0938
>>> neil-johnson at uiowa.edu
>>> 
>>> 
>>> _______________________________________________
>>> radiator mailing list
>>> radiator at lists.open.com.au
>>> https://lists.open.com.au/mailman/listinfo/radiator
>> 
>> 
>> --
>> 
>> Hugh Irvine
>> hugh at open.com.au
>> 
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>> DIAMETER, SIM, etc. 
>> Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc.
> 
> 
> --
> 
> Hugh Irvine
> hugh at open.com.au
> 
> Radiator: the most portable, flexible and configurable RADIUS server 
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER, SIM, etc. 
> Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc.
>

More information about the radiator mailing list