showing NAS-IP of 127.0.01 instead of

Discussion:

Matt Ashfield

2009-11-25 18:03:36 UTC

Hi,

I'm running FreeRADIUS Version 2.1.5. We are trying to do system
authentication for some users. Doing this by creating huntgroups based on
NAS-IP-Address, and then telling that huntgroup to use System for
authentication.

The problem is that although the Access-Request packet is shown as coming
from the correct host, that host's ip address is not showing up as the
NAS-IP-Address for that request. Instead, it's showing as 127.0.0.1 as seen
below:

rad_recv: Access-Request packet from host 192.168.27.7 port 53201, id=130,
length=51

User-Name = "xm7z1"

User-Password = "abc.123"

NAS-IP-Address = 127.0.0.1

I'm wondering what could cause this? Any help is appreciated.

Thanks

Matt

Garber, Neal

2009-11-25 18:27:01 UTC

Permalink

The problem is that although the Access-Request packet is shown as coming from the correct host,
that host's ip address is not showing up as the NAS-IP-Address for that request. Instead, it's showing
I'm wondering what could cause this? Any help is appreciated.

The NAS is sending that attribute within the request - ask the NAS vendor why they are sending 127.0.0.1. I've seen this issue with Lantronix console servers (not sure if that's the NAS you are using). They eventually updated their firmware to use the correct address. As a workaround, I did the following in the authorize section of the default server (before preprocess if you want huntgroup name lookup to work properly):

if (NAS-IP-Address == "127.0.0.1") {
update request {
NAS-IP-Address := "%{Client-IP-Address}"
}
}

Matt Ashfield

2009-11-25 18:31:11 UTC

Permalink

I just figured that out via a sniff. Thanks for the note. I'll go after the
requesting software now.

From: Garber, Neal [mailto:***@energyeast.com]
Sent: November 25, 2009 2:27 PM
To: '***@unb.ca'; 'FreeRadius users mailing list'
Subject: RE: showing NAS-IP of 127.0.01 instead of

Post by Matt Ashfield
The problem is that although the Access-Request packet is shown as coming

from the correct host,

Post by Matt Ashfield
that host's ip address is not showing up as the NAS-IP-Address for that

request. Instead, it's showing

Post by Matt Ashfield
I'm wondering what could cause this? Any help is appreciated.

The NAS is sending that attribute within the request - ask the NAS vendor
why they are sending 127.0.0.1. I've seen this issue with Lantronix console
servers (not sure if that's the NAS you are using). They eventually updated
their firmware to use the correct address. As a workaround, I did the
following in the authorize section of the default server (before preprocess
if you want huntgroup name lookup to work properly):

if (NAS-IP-Address == "127.0.0.1") {

update request {

NAS-IP-Address := "%{Client-IP-Address}"

}

}

Continue reading on narkive:

Search results for 'showing NAS-IP of 127.0.01 instead of' (Questions and Answers)

228

replies

What is your idea to reduce terrorism in our india? plz give Seariously!?

started 2008-11-26 20:35:56 UTC

current events

replies

How to set up a home networking & share files?

started 2006-09-07 15:47:02 UTC

computer networking

replies