Thanks! -- Neil Johnson 319 384-0938 [email protected]<mailto:[email protected]>
From: radiator <[email protected]> on behalf of Heikki Vatiainen <[email protected]> Date: Thursday, February 27, 2020 at 4:46 AM To: "[email protected]" <[email protected]> Subject: [External] Re: [RADIATOR] Client definition stanza On 26.2.2020 1.12, Johnson, Neil M wrote: Given the following stanza: <Client 172.24.144.0/24> IdenticalClients fd9a:2c75:7d0c:6400::/64 # LC Research Switches IdenticalClients 172.24.145.0/24 IdenticalClients fd9a:2c75:7d0c:6600::/64 # Identifier LC_NET_Clients Secret <SECRET> DupInterval 0 </Client> Why would connections from fd9a:2c75:7d0c:6400::1a be reported as from an unknown client, but connections from fd9a:2c75:7d0c:6600::b work fine? Jumping back to the start of this thread; your configuration is fine and it should work. The reason it does not is that when there are two IPv6 address blocks, the latest overwrites the previous ones. For this reason client ..::b works and ::1a does not. If there had been more IPv6 blocks, only the last one would have worked. The manual is also correct: it's possible to have one or more IdenticalClients parameters with one or more address or address blocks for each parameter. While this was tested with a mix of IdenticalClients, the tests did not use IdenticalClients with two IPv6 blocks. For this reason the bug was not detected and has been broken for the earlier versions too. The only thing I'd remove from the above config is 'DupInterval 0'. For typical use the default 10 seconds is fine. Value zero was for radpwtst testing when radpwtst requests had identifier and other values that made subsequent tests look like duplicate requests. Duplicate detection has since version 4.0 followed RFC 5080 In short, after IPv6 address/mask fix, the config above should work fine. I'll let the list know when the fix is available. Thanks for the report and all the debug work, Heikki -- Heikki Vatiainen <[email protected]<mailto:[email protected]>> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory, EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc. _______________________________________________ radiator mailing list [email protected]<mailto:[email protected]> https://lists.open.com.au/mailman/listinfo/radiator
_______________________________________________ radiator mailing list [email protected] https://lists.open.com.au/mailman/listinfo/radiator
