Re: [Help-gnu-radius] combining Simultaneous-Use attribute

[List User]

As soon as added IP address of the NAS to the NASLIST file, Simultaneous-Use
started to work! In my set up (with altered radius, any IP can connect), is
there an easy way to enforce logins without knowing IP before hands? Or I
have to alter radius to accomplish it?

thanks

----- Original Message ----- 
From: "List User" <address@hidden>
To: "Sergey Poznyakoff" <address@hidden>
Cc: <address@hidden>
Sent: Thursday, October 23, 2003 5:51 PM
Subject: Re: [Help-gnu-radius] combining Simultaneous-Use attribute


> 10.0.0.250 and  10.0.0.244 are IP addresses of the client machine. Client
> computers (where the same user logs in) are connecting to NAS. NAS has two
> interfaces:
>
> 1. 10.0.0.1 which client machines are connected to
> 2. 192.168.222.2 - which communicates with the Raduis (192.168.222.4)
>
> Radius log:
>
> ct 22 17:27:47 Auth.notice: (AUTHREQ 192.168.222.2 40 mama): Login OK
> [mama], CLID unknown
> Oct 22 17:27:56 Auth.notice: check_ts(): unknown NAS
> Oct 22 17:27:56 Auth.notice: (AUTHREQ 192.168.222.2 41 mama): Login OK
> [mama], CLID unknown
> Oct 22 17:28:07 Auth.notice: (AUTHREQ 192.168.222.2 42 mama): Login OK
> [mama], CLID unknown
> Oct 22 17:38:55 Auth.notice: (AUTHREQ 192.168.222.2 43 mama): Login OK
> [mama], CLID unknown
>
>
> !!!! NOTE NOTE NOTE !!!!
>
> In my setup I don't know the IP addresses of the NAS devices. I have
altered
> radius source code to allow a common secret for all NAS regadless IPs (we
> could not wait til next version of radius). I have altered sources as
> follow:
>
> CLIENT *client_lookup_ip(UINT4 ipaddr) (in files.c) I have added a
condition
> to break for loop:
>
> if (strstr (cl->longname, "255.255.255.255"))
>
> With above said, my NASLIST file is empty. Is having exact IPs addresses
of
> the NAS devices required for Simultaneou-Use to work? I don't have to
store
> this value in SQL, but I must allow only 1 login.
>
> Is there a way to accomplish it?
>
> I can alter sources to hard code one login, if needed.
>
> Thanks
>
>
>
> ----- Original Message ----- 
> From: "Sergey Poznyakoff" <address@hidden>
> To: "List User" <address@hidden>
> Cc: <address@hidden>
> Sent: Thursday, October 23, 2003 12:38 AM
> Subject: Re: [Help-gnu-radius] combining Simultaneous-Use attribute
>
>
> > List User <address@hidden> wrote:
> >
> > > It did not help. I don't have to recompile radius to reflect changes
in
> the
> > > dictionary file, do I?
> >
> > No, you don't have to recompile it.
> >
> > > My config info is shown below:
> >
> > > address@hidden /usr/local/etc/raddb]#radwho -A
> > >
> > > Login      Name              Proto TTY   When      From      Location
> > > mama       mama              42949 0002  Wed 17:11 192.168.2
10.0.0.250
> > > mama       mama              42949 0001  Wed 17:11 192.168.2
10.0.0.244
> >
> > The Proto value is bogus... The NAS seems to send invalid value
> > in Framed-Protocol pair.
> >
> > How are the NASes 10.0.0.250 and 10.0.0.244 declared in your naslist
file?
> > What do you see in your logs?
> >
> > Regards,
> > Sergey
> >
>