The documentation for the functionality of the "other" nastype when used with Simultaneous login blocking is substantially lacking. The documentation in doc/Simultaneous-Use mentions that "other" means don't check. However, the checkrad.pl script has an entry in it for "other". This is misleading because it implies that the "other" nastype is handled by the script. However, if you look in the code in src/main/session.c, there is a block that prevents outright the running of checkrad when the nastype is other. This is not very clear.
Also, placing the "other" nastype check inside radiusd itself makes it impossible for the admin to change the behavior of the "other" nastype without patching the code. In my environment, we use some outsourced dialup that provides no access to the NAS boxes for checkrad processing. Would it be possible to either add an option to control the treatment of nastypes of type "other", run checkrad for every duplicate login check or to more clearly document this? -- Ted Cabeen http://www.pobox.com/~secabeen [EMAIL PROTECTED] Check Website or Keyserver for PGP/GPG Key BA0349D2 [EMAIL PROTECTED] "I have taken all knowledge to be my province." -F. Bacon [EMAIL PROTECTED] "Human kind cannot bear very much reality."-T.S.Eliot [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
