>Hi. >Sorry 'cause i'm late. Some troubles. >Well i worked as following explained to perform a test (problem we talk about) but also to check if password would have been passed encrypted in >the internet. > >|--------------------| >|NAS-USG100|( USGWAN -79.xxx.xxx.xxx )---(INTERNET)----(78.yyy.yyy.yyy) RADIUS >|--------------------| > ( USGLAN:172.16.68.253) > | > (WEB-HTTPS) > | > | >172.16.68.16 > >I mirrored both of WAN ports of USG, say WAN1 and WAN2 and had something to give to wireshark :-) > >I open Web LogIN page of USG and provide fake user and password (not present on ActiveDirectory or local USBdb), say gigino / 12345678 > >I obtaint this (USG) > >79.xxx.xxx.xxx 78.yyy.yyy.yyy RADIUS Access-Request(1) .... >AVP: l=8 t=User-Name(1): gigino >AVP: l=18 t=User-Password(2): Encrypted <- Yippieeeee >AVP: l=6 t=NAS-IP-Address(4): 172.16.68.10 <- (PDC of my internal domain) >AVP: l=10 t=NAS-Identifier(32): weblogin >AVP: l=6 t=NAS-Port(5): 20915 >AVP: l=6 t=NAS-Port-Type(61): Virtual(5) >AVP: l=6 t=Service-Type(6): Authenticate-Only(8) >AVP: l=14 t=Calling-Station-Id(31): 172.16.68.16 > >. . . on remote radius server i obtain > >Ready to process requests. >rad_recv: Access-Request packet from host 79.xxx.xxx.xxx ... > User-Name = "gigino" > User-Password = "gigino" > NAS-IP-Address = 172.16.68.10 > NAS-Identifier = "weblogin" > NAS-Port = 20915 > NAS-Port-Type = Virtual > Service-Type = Authenticate-Only > Calling-Station-Id = "172.16.68.16" > >+- entering group authorize {...} >++[preprocess] returns ok >++[chap] returns noop >++[mschap] returns noop > [suffix] No '@' in User-Name = "gigino", looking up realm NULL >[suffix] No such realm "NULL" >++[suffix] returns noop >[eap] No EAP-Message, not doing EAP >++[eap] returns noop >++[unix] returns notfound > >-------------------------------------------------------------- > >I presumed NAS-IP-Address: 172.16.68.253 !!!!!!!! > >What do you think? >
<tim> What do I think? The USG is sending the RADIUS request and is setting the NAS-IP-Address attribute to the IP Address of the PDC. FreeRADIUS uses the source IP address of the RADIUS packet to determine the IP address of the NAS, not the NAS-IP-Address attribute. The IP addresses in the clients.conf file and the nas table in MySQL are checked using the source IP address of the RADIUS packet. So, you can either ignore this or talk to Facetime about configuring RADIUS client. Based on your messages, everything seems to work. Congratulations! Tim
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html