FreeRADIUS/pam_radius

Incorrect NAS-IP-Address Attribute (4) Value in PAM RADIUS Module on Ubuntu 24.04

Closed this issue · 1 comments

I am encountering an issue with the PAM RADIUS module on Ubuntu 24.04. Specifically, the NAS-IP-Address Attribute (4) is not being set correctly. The displayed value is 10.108.112.153, but the actual value I expect is different.

NAS-IP-Address Attribute (4), length: 6, Value: 10.108.112.153
0x0000: 0a6c 7099

Details:

Operating System: Ubuntu 24.04
PAM RADIUS Module: libpam-radius-auth/noble,now 2.0.1-1 amd64 [installed]
Error Description: The NAS-IP-Address field is being set to an incorrect value. It should be 10.108.18.3

/etc/hosts File Configuration:
127.0.0.1 localhost
10.108.18.3 clientradius

The value of NAS-IP-Address is taken from the first IP address found for the server, via the gethostname() API.

This isn't something you can fix in the module. You have to ensure that any DNS lookup for the hostname returns the IP address you want to use.

Adding an entry to /etc/hosts does not necessarily make the OS return that IP when lookup up hostname -> IP address. The OS may also do DNS lookups, which can return other values.

The solution here is to fix the OS so that it returns the correct IP address for the host. The PAM module is just doing OS API calls to get the IP, and definitely does not "invent" any IP, or get any IP "wrong". It asks the OS for an IP, and then uses whatever IP the OS has returned.