stuartc <[EMAIL PROTECTED]> wrote:
> No it has to be done above....Send a request one ip and get a response
> from one of two different masters... so I could infact send a request to
> one master and get a response from there other, there is no way round it.
I'm *amazed* that this works for any other RADIUS server which uses
their "services". Do the other servers really allow responses from
*any* IP address?
> I am a dead man, simple as that...
No, you just have some coding to do. You've got to figure out which
IP's are the problem.
Here's what you do. In 'proxy.conf', add another realm for the
bullshit IP address sending the response. The name of the realm
doesn't matter, as it won't be used for anything but fixing up the
bullshit.
Give this realm the SAME secret as the realm which you're sending
the packets to. This is important.
Go to src/main/radiusd.c, function rad_process(). Look for:
case PW_AUTHENTICATION_ACK:
case PW_ACCESS_CHALLENGE:
case PW_AUTHENTICATION_REJECT:
case PW_ACCOUNTING_RESPONSE:
...
break;
Just BEFORE the 'break' add:
if (request->packet->src_ipaddr == htonl(0x01020304)) {
request->packet->src_ipaddr = htonl(0x05060708);
}
where the FIRST IP address '0x01020304' (for 1.2.3.4) is the IP of
the bullshit server sending the responses, and the SECOND IP is the IP
of the server you sent the request to. Note that you CANNOT put the
addresses in as '1.2.3.4', you've got to convert them by hand to a
32-bit number, and put that number in, instead.
If there is more than one problem IP, add more 'if' statements. As
the IP's are hard-coded into the server, you will have to edit them &&
recompile the server if they change. But it should work.
If you ever meet in person the people who created this stupidity,
you have my permission to tell them exactly what I think of their
"service": shoddy, and non-standards compliant.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
