Re: Client-IP-Address occasionally incorrect

Fri, 26 Apr 2002 10:05:53 -0700 

FWIW, I just tried it again on that same RADIUS server .  I changed my
DEFAULT entry in my users file from:

    DEFAULT Auth-Type := PAM

to

    Simultaneous-Use := 1, Auth-Type := PAM

and POOF...for any particular RAS I'd get three valid packets, than a bogus
one, then another two or three good ones, then another bogus - just like I
saw when I tried this last.  The NAS-IP-Address would always be correct, but
the Client-IP-Address would be garbage.  Oh, and the
Acct-Session-Time, -Input-Octets, -Output-Octets, -Input-Packets,
and -Output-Packets would all be 0.

I turned it off before I did too much damage, so I didn't have time to
packet sniff or anything.

This was a right around 0.4 CVS version, but the exact date escapes me right
now.

I can provide complete config files if anyone is interested, but I'm going
to try this with the current CVSs first.

Oh, and Linux 2.4.9.

Chris Kalin

----- Original Message -----
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, April 26, 2002 11:32 AM
Subject: Re: Client-IP-Address occasionally incorrect


> Oleg Derevenetz <[EMAIL PROTECTED]> wrote:
> > When I enabled Simultaneous-Use check for some user classes, I've
> > got the same problem as Mervyn Jack - invalid packets with fake
> > Client-IP-Address.
>
>   That's really weird.  The Client-IP-Address is taken from
> request->packet->src_ipaddr, which is taken directly from the
> recv_from() system call.
>
>   So if the address is wrong, then it sounds to me like the OS is
> lying to the server about where the packet came from.
>
> >        Client-IP-Address = 70.114.105.32 [FAKE !]
>
>   Does this address have *any* relation to addresses on your network,
> or is it random (and changing) garbage?
>
> > These packets arrived only when user with Simultaneuos-Use (atuser in
this
> > case) tried to login and checkrad returned OK (this user already exists
on
> > NAS).
>
>   I find it *really* bizarre that the NAS is sending fake accounting
> records when it's queried via checkrad.
>
>   Have you used 'tcpdump' from another machine, to verify that the
> packet is sent on the wire, and isn't some artifact of the server
> and/or OS?
>
>   If the packet *is* coming from the NAS, have you asked Ascend/Cisco
> for support?
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to