GNU Radius Reference Manual: 4.4 NAS List

4.4 NAS List — ‘`raddb/naslist`’

The ‘raddb/naslist’ file contains a list of NASes known to the Radius server. Each record in the file consist of the following four fields, the first two being mandatory, the last two being optional:

NAS name

Specifies either a hostname or IP address for a single NAS or a CIDR net block address for a set of NASes. The word ‘DEFAULT’ may be used in this field to match any NAS. (3)

Short Name

This field defines a short name under which this NAS will be listed in logfiles. The short name is also used as a name of the subdirectory where the detailed logs are stored.

Type

Specifies the type of this NAS. Using this value radiusd determines the way to query NAS about the presence of a given user on it (see section Multiple Login Checking). The two special types: ‘true’ and ‘false’, can be used to disable NAS querying. When the type field contains ‘true’, radiusd assumes the user is logged in to the NAS, when it contains ‘false’, radiusd assumes the user is not logged in. Otherwise, the type is used as a link to ‘nastypes’ entry (see section NAS Types — ‘raddb/nastypes’).

If this field is not present ‘true’ is assumed.

Arguments

Additional arguments describing the NAS. Multiple arguments must be separated by commas. No intervening whitespace is allowed in this field.

There are two groups of nas arguments: nas-specific arguments and nas-querying arguments. Nas-specific arguments are used to modify a behavior of radiusd when sending or receiving the information to or from a particular NAS.

Nas-querying arguments control the way radiusd queries a NAS for confirmation of a user's session (see section Multiple Login Checking). These arguments override the ones specified in ‘nastypes’ and can thus be used to override the default values.

The nas-specific arguments currently implemented are:

broken_pass: This is a boolean argument that controls the encryption of user passwords, longer than 16 octets. By default, radiusd uses method specified by RFC 2865. However some NASes, most notably MAX Ascend series, implement a broken method of encoding long passwords. This flag instructs radiusd to use broken method of password encryption for the given NAS.
compare-auth-flag=flag: Instructs radius to use attributes marked with a given user-defined flag when comparing authentication requests. It overrides compare-attribute-flag (see section auth statement) for this particular NAS. See section Extended Comparison, for a detailed description of its usage.
compare-acct-flag=flag: Instructs radius to use attributes marked with a given user-defined flag when comparing accounting requests. It overrides compare-attribute-flag (see section acct statement) for this particular NAS. See section Extended Comparison, for a detailed description of its usage.

See section Checking for Duplicate Requests, for general description of request comparison methods.

For the list of nas-querying arguments, See section Full list of allowed arguments.

[ < ]

[ > ]

[ << ]

[ Up ]

[ >> ]

[Top]

[Contents]

[Index]

[ ? ]

4.4.1 Example of ‘`naslist`’ file

# raddb/naslist: contains a list of Network Access Servers 
#
# Each record consists of following fields:
#
#       i.      A valid hostname or IP address for the client.
#       ii.     The short name to use in the logfiles for this NAS.
#       iii.    Type of device. Valid values are `true', `false' and
#               those defined in raddb/nastypes file.

# NAS Name              Short Name      Type
#----------------       ----------      ----
myhost.dom.ain          myhost          unix
merlin                  merlin          max 
11.10.10.10             arthur          livingston