Alan first of all thank you for replying although I must sense quite some hostility in your replies. On the other hand, I have read previous emails coming from your end and this appears to be the way you respond.
Secondly I have read the documentation, but RTFM still appears to be the common way of responding (even after using Linux for over 15 years). Thirdly , the case below is a true real life situation, which does not only occur only for me, but also for other. Even though the module is not officially supported (maybe for the reason there are) it is in today's world . You can decide, be a bernstein (like qmail) or adopt to a real life situation. (Btw, if this was such uncommon, how come I find as many question on it as there are. If YFI is actually supporting this, there must be a need. Even if it is not meant like that. Fourhtly, the issue I have has nothing to do with the whole running of rlm_raw or any alike. Authentication works fine and as expected. And yes I have read the statements on caching , what is used and even the disclaimer that only the src ip is supported. So don't become patronising that I didn't. I also scrobbled google for quite some time and I have read the debug more than you can think. But guess what? If the only output after authentication is adding client xxx.xxx.xxx.xxx with shared secret it does not state a) lifetime b) anything else usefull. Now I am running radmin show client list and see the IP appear. I am now testing when it disappear. Please refrain from responding if it will only be a load of 'you did not do this or that', while you have no clue on what I read or already have done. If the response is coming to the basic question "how can I check the lifetime of a dynamic client" feel free. Elsewise, let's keep this clean for people willing to find the proper solution. Best regards Steve >> 1. FreeRadius lacks the ability to actually run Nas's behind a link with >> a >> dynamic IP. Although not recommended, this software does not support a >> proper way of dealing with this. > > Nonsense. This is a fundamental limitation of the RADIUS protocol. > > If you want to use dynamic IPs, use a VPN, or TLS (RFC 6614) > >> This is indeed a fake. I have added this in mysql in the nas table under >> the field community (described in ify /yfi setup). The connection >> actually >> works. I can (ab)use this field as much as desired > > Because RADIUS depends on source IP. > >>> Of course. RADIUS depends on IP addresses, not on Called-Station-Id. >>> This is documented in the "dynamic_clients" configuration. Right at >>> the top of the virtual server. >> >> Yes, I have read the documentation (multiple sources, google etc...) I >> was >> just wondering what happens when you use the raw module. > > It's not distributed with the server. So it's not a supported module. > And no, I don't use it. > > And no, you haven't read the documentation. The files I mentioned > *clearly* states that the dynamic clients use and cache the source IP. > They say NOTHING about checking the Called-Station-Id for each packet. > >> Is a client defined by a NAS or a user? > > RADIUS clients are defined by source IP. The documentation you > allegedly read makes this clear. So there's no need to ask the above > question... because the documentation already answers it. > >> The output shows indeed when it goes through the the dynamic server >> section and once it is authenticated it only runs through the default >> (which is understandable) > > So... *nothing* else in the debug output is useful to you. > > I guess you've read it as carefully as you've read the documentation. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
