NAS-IP-Address does not correspond to the IP of the NAS Server

Question

NAS-IP-Address does not correspond to the IP of the NAS Server

Prototype333 opened this issue 2 years ago · 1 comments

Describe the bug
I'm using the latest image from dockerhub. When the keycloak radius server receives an access-request from a NAS server, the NAS-IP-Address is always set to 127.0.1.1. This causes the ACCEPT_NAS-IP-Address attribute to reject the login, even though the request comes from the IP specified in the attributes value.

To Reproduce
Steps to reproduce the behavior:

Spin up the docker container, create a realm, add the radius client and create a user
Set the ACCEPT_NAS-IP-Address attribute of the user to the IP of the NAS Server
Send an access request from the NAS Server (ip != 127.0.1.1)
Notice that the request is rejected even though the users credentials are correct
Check the debug log for the entry containing the ipAddress of the NAS Server (see screenshot)

Expected behavior
The NAS-IP-Address should correspond to the IP address of the NAS-Server and should not be 127.0.1.1

Screenshots

Answer 1 · 2023-03-23T12:25:32.000Z

Problem Solved. The NAS Server did not set the NAS-IP-Address attribute in the accept-request by default. After configuring it, everything worked as expected.