Ted Cabeen <[EMAIL PROTECTED]> wrote: > That's not a bad idea, but the problem is that I don't know the IPs > that the requests will be originating from. The outsourced dialup > provider has thousands of NASes across the US, and I don't have a list > of every NAS they have.
The NASes should be irrelevant. The server doesn't know that they exist. That's why they're not listed in the "clients.conf" file, only the servers which proxy to you are listed. > Looking at the code, I just noticed that > radutmp is also always trusted when the request comes from an unknown > NAS, which happens as well/ Hmm... the more I look at that code, the more I think it's wrong. The current code tries to poke the NAS, even if the request came through a proxy server. This is very, very, wrong. It should *never* do that. Instead, it should default to using the NAS type of the proxying server, which can be listed as "other" (fail-reject), or a new "fail-ok", as I suggested. > Essentially, what I want to do is to never trust the radutmp file. > Right now, the server can't be configured to do that. For now, I guess source code edits to session.c, rad_check_ts() are your best bet. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
