Ted Cabeen <[EMAIL PROTECTED]> wrote: > The documentation for the functionality of the "other" nastype when > used with Simultaneous login blocking is substantially lacking. The > documentation in doc/Simultaneous-Use mentions that "other" means > don't check.
Pretty much. > However, the checkrad.pl script has an entry in it for "other". > This is misleading because it implies that the "other" nastype is > handled by the script. If you run it, or look at the source, you will see that checkrad *always* returns "true" for "other". > However, if you look in the code in src/main/session.c, there is a > block that prevents outright the running of checkrad when the > nastype is other. Having the same check in multiple places makes the code more robust. > Also, placing the "other" nastype check inside radiusd itself makes it > impossible for the admin to change the behavior of the "other" nastype > without patching the code. You shouldn't change "other". You should add a new type, with a new name. > In my environment, we use some outsourced dialup that provides no > access to the NAS boxes for checkrad processing. So they're type "other". > Would it be possible to either add an option to control the treatment > of nastypes of type "other", run checkrad for every duplicate login > check or to more clearly document this? I'm not sure what the problem is. You seem to want to re-define the meaning of "other", and I can't see why that would do anything useful. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
