I found %{Packet-Src-IP-Address} but when I include this in the
postauth_query, it doesn't work...the fields are blank in the DB when I view
it.How could I log the source IP address of successful authentications? - Eric -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Eric Geier Sent: Tuesday, August 16, 2011 3:49 PM To: 'FreeRadius users mailing list' Subject: RE: NAS-IP-Address or NAS-Identifier in Access-Request? Understood, thanks! Can I log the source IP address to the Post-Auth DB table? Thanks, Eric -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Alan DeKok Sent: Tuesday, August 16, 2011 10:38 AM To: FreeRadius users mailing list Subject: Re: NAS-IP-Address or NAS-Identifier in Access-Request? Eric Geier wrote: > Yes I read that in the RFC, but was wondering what vendors usually do, > what's the most typical, etc. I'm also wondering the same about the > Calling-Station-Id and Called-Station-ID. But sounds like those aren't > included very often, completely optional. There's no way to know what is typical. There are many dozens of vendors, each of whom has many dozens of products using RADIUS. Each product may have dozens of different firmware revisions, each of which behaves slightly differently. > But now that I've thought of it, if there isn't a NAS-IP-Address then > authentication wouldn't work, right? Cause FR needs to lookup the > shared secret based upon the NAS-IP-Address? No. The shared secret is looked up by source IP address. The NAS-IP-Address can be anything. It is pretty much ignored by the core RADIUS protocol. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
