-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Fabio Massimo Di Nitto wrote:
| Joost De Cock wrote:
| | On Tuesday 11 January 2005 10:02, you shoved this in my mailbox:
| |
| |>Joost De Cock wrote:
| |>| Package: libpam-radius-auth
| |>| Version: 1.3.16-2
| |>| Severity: important
| |>|
| |>|
| |>| I'm trying to set up Radius authentication on a stock Debian Sarge
| |>| installation.
| |>| The PAM Radius module sends out the loopback IP address as the 'NAS IP
| |>| Address' Radius Attribute. The RFC has the following to say about this
| |>| attribute:
| |>|
| |>| This Attribute indicates the identifying IP Address of the NAS
| |>| which is requesting authentication of the user, and SHOULD
| |>| be unique to the NAS within the scope of the RADIUS
| |>| server.
| |>|
| |>| So our Radius server (a vasco) responds with 'cannot lookup client
| |>| details' since that 127.0.0.1 address doesn't make sense.
Hi Joost,
I am checking the code right now and there are a couple of "misterious" things
that i would like to check together with you.
The ipaddr definition starts a bit up in the code:
~ gethostname(hostname, sizeof(hostname) - 1);
then a bit later:
~ if ((conf->server->ip.s_addr == ntohl(0x7f000001)) || (!hostname[0])) {
~ ipaddr = 0x7f000001;
so what we should check is:
a) what is the result of hostname on your machine? you can check that on any
shell.
if it returns localhost than it is clear why the lib is sending 127.0.0.1 as
NAS IP
and the machine needs to properly resolv the hostname. Perhaps it is a
misconfiguration
in /etc/hosts or in the dns.
b) can you try defining the client_id= option in the config file? and set it to
your ip?
~ do not use hostname here since apparently the code doesn't try to resolve
it.
I never realized how hugly is this code :(
Thanks
Fabio
- --
Self-Service law:
The last available dish of the food you have decided to eat, will be
inevitably taken from the person in front of you.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB7jsxhCzbekR3nhgRAnBYAJwO79mSwhCkB1Ar+rnMhX4yE3vrFgCeKiUL
EWbgejw2dAn+7dUAlz7Es1Q=
=JNVv
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
