Dear all, I have rebuild freeradius on debian 7.0. I have added rlm_raw and have a working dynamic client configuration where I use Called_Station_ID to authenticate / validate that a NAS is allowed to use this radius server.
I test using the following command on client A echo "NAS-IP-Address=10.1.2.236, Called-Station-Id=00:40:96:aa:bb:ee,User-Name='testradius',User-Password='test'," | radclient -c '1' -n '3' -r '3' -t '3' -x '46.18.36.232:1812' 'auth' 'mysecret' I can see in the logs that is is checking the first time I log on and it is properly giving the message adding client xxx.xxx.xxx.xxx with shared secret. Now, when I executed the same command on a different machine Client B, it runs through it again. (Same command, I only had 1 nas added to it ) It adds the new 'client' to the dynamic clients. I wait for a couple of minutes and I executed the following command of client A: echo "NAS-IP-Address=10.1.2.236, Called-Station-Id=00:40:96:aa:bb:cc,User-Name='testradius',User-Password='test'," | radclient -c '1' -n '3' -r '3' -t '3' -x '46.18.36.232:1812' 'auth' 'mysecret' This has a faulty Called-Station-Id in it. I would assume that it would not allow me to connect. But this appears to still work. I am wondering - The first time the IP address of client A is added to the list of known client - So the second time , it will check first in the list if the IP is known, if so it won't go checking using the process defined in dynamic clients? But no matter how long I wait, it appears that the cache if not cleared. I have added a lifetime of 60 in the dynamic client conf, so I would assume that if I wait for a minute, the IP of client A would not be known, and it would go through checking again. Am I wrong in this? If not can I read the cache to find out why it is keeping that record? Kind regards Steve - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html