Hello all, I am seeing some curious behavior with Huntgroups and how it relates to the NAS-IP-Address attribute. This behavior is noticable in a certain RADIUS test utility I have used. This tool sends a NAS-IP-Address attribute inside of an Authentication request. What I see is that FreeRADIUS verifies that my true (public) IP address is in clients.conf. It then proceeds to look up my Huntgroup based on the NAS-IP-Address inside the RADIUS packet instead of the true IP address.
I first noticed this because my test utility picked up my client IP and put it into the request. This IP is NAT'ed by our firewall and shows up at the FreeRADIUS server with a public address that is correctly verified in the clients.conf file. However FreeRADIUS then looks for a Huntgroup match using the private IP address. Is this behavior by design or is it a bug? Thanks, Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
