I actually saw this same problem way back in the post 0.3 CVS days (and before), and I wasn't even involving checkrad. I would turn on Simultaneous-Use, and I would immediately begin to get completely bogus Client-Ip-Addresses in my accounting packets...IPs that had nothing to do with my network (I remember 0.0.0.0 being one of the examples). And I would get them from my MAX TNTs, my PM3s, my Cisco AS5200s, and the various RADIUS servers that proxied to me. Some packets would be fine, others would be bogus. It was so weird and pervasive I just canned the implementation and didn't really troubleshoot past isolating Simultaneous-Use as the cause. I've actually been meaning to revisit this now that .5 is out and see if life is better. Although it is reassuring to see that it didn't only bite me. :)
Chris Kalin ----- Original Message ----- From: "Alan DeKok" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 26, 2002 11:32 AM Subject: Re: Client-IP-Address occasionally incorrect > Oleg Derevenetz <[EMAIL PROTECTED]> wrote: > > When I enabled Simultaneous-Use check for some user classes, I've > > got the same problem as Mervyn Jack - invalid packets with fake > > Client-IP-Address. > > That's really weird. The Client-IP-Address is taken from > request->packet->src_ipaddr, which is taken directly from the > recv_from() system call. > > So if the address is wrong, then it sounds to me like the OS is > lying to the server about where the packet came from. > > > Client-IP-Address = 70.114.105.32 [FAKE !] > > Does this address have *any* relation to addresses on your network, > or is it random (and changing) garbage? > > > These packets arrived only when user with Simultaneuos-Use (atuser in this > > case) tried to login and checkrad returned OK (this user already exists on > > NAS). > > I find it *really* bizarre that the NAS is sending fake accounting > records when it's queried via checkrad. > > Have you used 'tcpdump' from another machine, to verify that the > packet is sent on the wire, and isn't some artifact of the server > and/or OS? > > If the packet *is* coming from the NAS, have you asked Ascend/Cisco > for support? > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
