The NAS (Network Access Server, AKA RADIUS client) is an important part of RADIUS security. The RADIUS server must be aware of a client machine before it will permit authentication or accounting packets to be processed. Packets from unknown clients are silently dropped, giving no hint of a RADIUS server's presence.
However, it might be useful to allow the dynamic assignment of client machines in a large and growing intranet. If, for example, every client could identify itself with the prefix "XYZ" in it's NAS-Identifier the RADIUS server could give temporary or permanent access to the server.
The NASInfo class has a number of methods to facilitate authentication, logging and other functions. NASInfo extends the PacketInfo class. PacketInfo has methods common to AuthInfo, ProxyInfo, AccountingInfo, ExtendedInfo, NASInfo, and other classes. the common methods listed below are not exhaustive but cover most of the methods useful in unknown NAS interception. The section 'NASInfo specific methods' covers the methods defined in the NASInfo class.
The NASCallBackFactory allows a callback hook to programmer code to permit or deny unknown clients access to the RADIUS server. The abstract NASCallBack class provides the unknownNAS() method which is called whenever an unknown NAS client sends a request packet to the server.
getRequestAttributeList()
Get the request attributes.
getSourceAddress()
Get the origin address of this packet.
getRequestType()
Get the request packet type.
addNAS()
Add a NAS to the RADIUS server's tables. If this is done requests from this NAS will not be processed by the NASCallBack code in the future.
getNASList()
Get a list of the current NAS's from the RADIUS server's tables.
isInNetwork()
Returns true if the NAS is a machine in the network mask provided.
removeNAS()
Remove a NAS from the RADIUS server's tables.