-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Joost De Cock wrote: | Package: libpam-radius-auth | Version: 1.3.16-2 | Severity: important | | | I'm trying to set up Radius authentication on a stock Debian Sarge | installation. | The PAM Radius module sends out the loopback IP address as the 'NAS IP | Address' Radius Attribute. The RFC has the following to say about this | attribute: | | This Attribute indicates the identifying IP Address of the NAS | which is requesting authentication of the user, and SHOULD | be unique to the NAS within the scope of the RADIUS | server. | | So our Radius server (a vasco) responds with 'cannot lookup client | details' since that 127.0.0.1 address doesn't make sense.
this is weird.. i am using it at home and i would have noticed, but i will look into it..
| I've tried an entire day to resolve this, passing it all sorts of | parameters, but I couldn't get it to work. | I was so sure that the problem was caused by sending out the loopback | interface that I downloaded the src package, and hacked the | pam_radius_auth.c file with the following line below line 733: | | ipaddr = 0x0a6401df; | | Yep, that's right, I just hardcoded 10.100.1.223 since that's my ip | address and that's what I want the module to sent out. (I was really | losing it at this time).
yes i understand.
| If I had any skills at all, I'd try to be less of a brute, but I'm no | developer.
don't worry. your bug at least is cluefull :)
| | After this, I build the .deb package, installed it, and radius | authentication works flawlessly (as long as I don't change my IP | address) ; ) | | So, this feels like a bug to me. It shouldn't sent out the loopback | address, but the correct address.
i will check again what happens here and let you know.
| | Unless I'm running my Radius server on the same host, this keeps me from | using radius authentication.
agreed.
Thanks Fabio
- -- Self-Service law: The last available dish of the food you have decided to eat, will be inevitably taken from the person in front of you. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB45YWhCzbekR3nhgRAl59AKCfINxjvXt+hX+Gr59Jdn7PgAPJKwCfSm2d 4ntsshNiiCDUfI7/hEtRkXg= =xAUK -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
