4.4 NAS List — raddb/naslist

The raddb/naslist file contains a list of nases known to the Radius server. Each record in the file consist of the following four fields, the first two being mandatory, the last two being optional:

NAS name

Specifies either a hostname or ip address for a single nas or a CIDR net block address for a set of nases. The word ‘DEFAULT’ may be used in this field to match any nas. ¹

Short Name

This field defines a short name under which this nas will be listed in logfiles. The short name is also used as a name of the subdirectory where the detailed logs are stored.

Type

Specifies the type of this nas. Using this value radiusd determines the way to query nas about the presence of a given user on it (see Multiple Login Checking). The two special types: ‘true’ and ‘false’, can be used to disable nas querying. When the type field contains ‘true’, radiusd assumes the user is logged in to the nas, when it contains ‘false’, radiusd assumes the user is not logged in. Otherwise, the type is used as a link to nastypes entry (see nastypes file).

If this field is not present ‘true’ is assumed.

Arguments

Additional arguments describing the nas. Multiple arguments must be separated by commas. No intervening whitespace is allowed in this field.

There are two groups of nas arguments: nas-specific arguments and nas-querying arguments. Nas-specific arguments are used to modify a behavior of radiusd when sending or receiving the information to or from a particular nas.

Nas-querying arguments control the way radiusd queries a nas for confirmation of a user's session (see Multiple Login Checking). These arguments override the ones specified in nastypes and can thus be used to override the default values.

The nas-specific arguments currently implemented are:

broken_pass

This is a boolean argument that controls the encryption of user passwords, longer than 16 octets. By default, radiusd uses method specified by rfc 2865. However some nases, most notably max ascend series, implement a broken method of encoding long passwords. This flag instructs radiusd to use broken method of password encryption for the given nas.

compare-auth-flag=flag

Instructs radius to use attributes marked with a given user-defined flag when comparing authentication requests. It overrides compare-attribute-flag (see auth) for this particular nas. See Extended Comparison, for a detailed description of its usage.

compare-acct-flag=flag

Instructs radius to use attributes marked with a given user-defined flag when comparing accounting requests. It overrides compare-attribute-flag (see acct) for this particular nas. See Extended Comparison, for a detailed description of its usage.

See Checking Duplicates, for general description of request comparison methods.

For the list of nas-querying arguments, See Full list of allowed arguments.

• Example: Example of naslist file.