It won't match .20 because that is the ID of the nas unit sending the
information, so only 1 ip can be sending the packet. IdenticalClients is
useful if you have a large number of dial-up boxes that all have the same
attributes (type, secret, etc.) You'd fill up a file big-time with
<Client></Client> clauses otherwise. Since I'm matching based on the ID
of the unit sending the request, it seems logical to be able to make a
match on it when I'm in my Handler's regardless of where I define it in
the configuration files.
--------------------------------------------------------------------------
Aaron Holtz
ComNet Inc.
UNIX Systems Administration/Network Operations
"It's not broken, it just lacks duct tape."
--------------------------------------------------------------------------
On Oct 29, Jason Godsey molded the electrons to say....
>
>
>On Fri, 29 Oct 1999, Aaron Holtz wrote:
>
>> Date: Fri, 29 Oct 1999 09:03:24 -0400 (EDT)
>> From: Aaron Holtz <[EMAIL PROTECTED]>
>> To: Hugh Irvine <[EMAIL PROTECTED]>
>> Cc: [EMAIL PROTECTED]
>> Subject: Re: (RADIATOR) Client-Id matching in Handler's not working
>>
>> Hugh,
>>
>> I've discovered the problem - only Clients designated by a
>> <Client></Client> clause work - anything labled as an IdenticalClients
>> does not work. Example:
>>
>> <Client 111.111.111.20>
>> Secret pw
>> </Client>
>>
>>
>> That would match Client-Id for 111.111.111.20 whether it is with a regex
>> or direct. However,
>>
>> <Client 111.111.111.3>
>> IdenticalClients 111.111.111.20
>> Secret pw
>> </Client>
>
>Will it match 111.111.111.3 even when they are dialed into .20?
>If so, this is the behavior I'd want. If you want to match .20, then
>it's not identical to .3
>
>Just my point of view.
>Jason
>
>
>>
>>
>> That would NOT match 111.111.111.20 because it isn't on the Client line.
>> Can a patch be made to include the IdenticalClients listed to work with
>> the Client-Id check item? It seems practical that IdenticalClients
>> should/could be subject to checks just like the listed Client IP's would
>> be. Thoughts?
>>
>> --------------------------------------------------------------------------
>> Aaron Holtz
>> ComNet Inc.
>> UNIX Systems Administration/Network Operations
>> "It's not broken, it just lacks duct tape."
>> --------------------------------------------------------------------------
>>
>>
>> On Oct 29, Hugh Irvine molded the electrons to say....
>>
>> >
>> >Hello Aaron -
>> >
>> >On Thu, 28 Oct 1999, Aaron Holtz wrote:
>> >> After making changes to match on Client-Id instead of Nas-IP-Address, I
>> >> don't seem to be able to make any matches whether I do exact matches or a
>> >> regex. Trace 4 dump:
>> >>
>> >
>> >I have just tested this here with no problems. Note that the Client-Id check
>> >item was added to Radiator 2.14.1. From the revision history:
>> >
>> > Added support for NasType and Client-Id check items
>> >
>> > (http://www.open.com.au/radiator/history.html)
>> >
>> >hth
>> >
>> >Hugh
>> >
>> >
>> >--
>> >Radiator: the most portable, flexible and configurable RADIUS server
>> >anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> >Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
>> >NT, Rhapsody
>> >
>>
>>
>> ===
>> Archive at http://www.thesite.com.au/~radiator/
>> To unsubscribe, email '[EMAIL PROTECTED]' with
>> 'unsubscribe radiator' in the body of the message.
>>
>
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
