On Tue, Aug 30, 2011 at 06:43:40PM +0200, Arran Cudbard-Bell wrote: > On 30 Aug 2011, at 18:21, Morty wrote:
> > but this device apparently also doesn't set > > NAS-IP-Address or NAS-Identifier, so the usual huntgroup mechanism > > doesn't work. > Then its not in compliance with RFC 2865 and you should go beat > Cisco up about it. Yup, we've been pursuing that angle in parallel. :) I figured/hoped, though, that someone else had already been through this and that there was a workaround. The Packet-Src-IP-Address you describe below sounds like just the ticket. > Can't you include both AVPs with the += operator? Or does the Cisco > device throw a hissy fit? I had tried sending both. The Cisco devices threw a hissy fit. :) Or more specifically, they ignored whichever attribute was second. Whichever order I put the VSAs in, I wasn't able to get read-write on something. > If the packets aren't going through a proxy or NAT then you can use > Packet-Src-IP-Address instead of NAS-IP-Address. Excellent, thanks! Proxies are not an issue today. They may be an issue in the future, though. It's likely that my proxy will itself by running freeradius. Does Client-IP-Address have the same problem with proxies? If yes, is there a workaround I can use on the proxy itself to populate NAS-IP-Address based on Packet-Src-IP-Address? > Oh come on the Cistron page hasn't received any love since 06, you > know you want to switch :) Oh, I *definitely* want to switch. :) - Morty - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
