Re: Multiple clients on same IP address
Fahd Kasri fahd.ka...@weblib.eu wrote: Is it possible to have multiple Radius clients behind a router connect to a distant Freeradius server (these clients would therefore have the same IP address and be the same client in clients.conf)? I've this and apparently it works, but could there be any problems in the long run? They would either: * need to use the same shared secret * connect to different IP's provisioned by FreeRADIUS (the server is bind()'ed to more than one address) * send traffic to different port numbers being listened to by FreeRADIUS (listens on ports other than the 'official' ones) You can use a combination of the above (if you are crazy), but you will need to use at lease *one*. The alternative is to kill NAT...for it is evil[1]. Cheers [1] if the network is 'trusted' then use an IPIP/GRE tunnel to get the traffic to the RADIUS server -- Alexander Clouter .sigmonster says: A dead man cannot bite. -- Gnaeus Pompeius (Pompey) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Multiple clients on same IP address
That's what I thought. I tried the first solution (wanting to avoid the two others), and apparently the configuration works. Just wanted to know if there could be any problems with two or more clients using the exact some configuration. Thanks for the info. 2009/12/21 Alexander Clouter a...@digriz.org.uk Fahd Kasri fahd.ka...@weblib.eu wrote: Is it possible to have multiple Radius clients behind a router connect to a distant Freeradius server (these clients would therefore have the same IP address and be the same client in clients.conf)? I've this and apparently it works, but could there be any problems in the long run? They would either: * need to use the same shared secret * connect to different IP's provisioned by FreeRADIUS (the server is bind()'ed to more than one address) * send traffic to different port numbers being listened to by FreeRADIUS (listens on ports other than the 'official' ones) You can use a combination of the above (if you are crazy), but you will need to use at lease *one*. The alternative is to kill NAT...for it is evil[1]. Cheers [1] if the network is 'trusted' then use an IPIP/GRE tunnel to get the traffic to the RADIUS server -- Alexander Clouter .sigmonster says: A dead man cannot bite. -- Gnaeus Pompeius (Pompey) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Fahd Kasri Directeur Technique Weblib http://www.weblib.eu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Multiple clients on same IP address
Fahd Kasri fahd.ka...@weblib.eu wrote: That's what I thought. I tried the first solution (wanting to avoid the two others), and apparently the configuration works. Just wanted to know if there could be any problems with two or more clients using the exact some configuration. Thanks for the info. Depends on what you want to do with the accounting data. You might find that tracking your users when NAS-IP-Address is the same becomes really awkward[1]. Anything that keys off that attribute (such as Acct-Unique-Session-Id, as Acct-Session-Id is rarely unique) might cause your grief. So, authentication should work...you might have some problems with simulateous logins *possibly* and your accounting records might be a pain to work with. You need to define what 'work' means for yourself and decide from there. Cheers [1] then you hope your venduh lets you amend the NAS-Identifier attribute -- Alexander Clouter .sigmonster says: TAILFINS!! ... click ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html