On 06/09/2011 05:37 PM, Dyonisius Visser wrote: > Well, I installed a second instance on a dual stack host, and I tested > various combinations:
Thanks for the summary. > BindAddress 192.87.30.31,ipv6:2001:610:148:dead::31 > I.e. hardcoded addresses - this works, both IPv4 and IPv6 clients work > > BindAddress ipv6::: > IPv4 blocked (NOTICE: Request from unknown client 192.87.30.32: ignored) This should work if you specify your client like this: <Client ipv6:::ffff:192.87.30.32> Since the request arrived over IPv4 but was delivered to the application by IPv6 wildcard socket, the IPv4 address is presented as an IPv6 address. See http://tools.ietf.org/html/rfc4291#section-2.5.5 section "2.5.5.2. IPv4-Mapped IPv6 Address". The purpose of this mapping is to let the application to know was the message received over IPv6 or IPv4 since the socket can handle both protocols. > BindAddress 0.0.0.0 > This is the default. IPv4 clients work. IPv6 clients DO NOT work, > and worse, nothing is logged by radiator, no "request from unknown > client 2001:610:blah:blah" > > BindAddress ipv6:::,0.0.0.0 > Startup gives some errors, and only IPv6 works: > Thu Jun 9 16:25:54 2011: DEBUG: Finished reading configuration file > '/etc/radiator/radius.cfg' > Thu Jun 9 16:25:54 2011: DEBUG: Reading dictionary file > '/etc/radiator/db/dictionary' > Thu Jun 9 16:25:54 2011: DEBUG: Creating authentication port ipv6::::1812 > Thu Jun 9 16:25:54 2011: DEBUG: Creating accounting port ipv6::::1813 > Thu Jun 9 16:25:54 2011: DEBUG: Creating authentication port 0.0.0.0:1812 > Thu Jun 9 16:25:54 2011: ERR: Could not bind authentication socket: > Address already in use > Thu Jun 9 16:25:54 2011: DEBUG: Creating accounting port 0.0.0.0:1813 > Thu Jun 9 16:25:54 2011: ERR: Could not bind accounting socket: > Address already in use > Thu Jun 9 16:25:54 2011: NOTICE: Server started: Radiator 4.8 on radius > Thu Jun 9 16:25:55 2011: NOTICE: Request from unknown client > 145.100.98.42: ignored > > BindAddress 0.0.0.0,ipv6::: > Also some errors, only IPv4 works, and also nothing logged when an > IPv6 client connects: > Thu Jun 9 16:27:42 2011: DEBUG: Finished reading configuration file > '/etc/radiator/radius.cfg' > Thu Jun 9 16:27:42 2011: DEBUG: Reading dictionary file > '/etc/radiator/db/dictionary' > Thu Jun 9 16:27:42 2011: DEBUG: Creating authentication port 0.0.0.0:1812 > Thu Jun 9 16:27:42 2011: DEBUG: Creating accounting port 0.0.0.0:1813 > Thu Jun 9 16:27:42 2011: DEBUG: Creating authentication port ipv6::::1812 > Thu Jun 9 16:27:42 2011: ERR: Could not bind authentication socket: > Address already in use > Thu Jun 9 16:27:42 2011: DEBUG: Creating accounting port ipv6::::1813 > Thu Jun 9 16:27:42 2011: ERR: Could not bind accounting socket: > Address already in use > Thu Jun 9 16:27:42 2011: NOTICE: Server started: Radiator 4.8 on radius > > > So the only way I can radiator to accept requests from both protocols, > is to hardcode the interface addresses. > > Would it be possible to have radiator listen to 4+6 without hard coding? > > I think that option (whatever it looks like) should be the default. > > If possible, can the behavior of the current default ('BindAddress > 0.0.0.0') be changed so that it actually logs ignored incoming > requests? > I've spend quite some time figuring out what is going on, and only > tcpdump revealed that requests are actually reaching my box. > > Thanks :-) > -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator