Question: STAS User Object without IP

Question

Hi there, 
 i just activated STAS and get the following infos in the log: 
 
 2016:02:17-17:24:17 firewall argos[23997]: [stas_event]: Received STAS package 2016:02:17-17:24:17 firewall argos[23997]: [stas_event]: Read 249 bytes from IP 1.1.1.1:49544 2016:02:17-17:24:17 firewall argos[23997]: [process_stas_request]: Processing STAS request TRANSPARENT_SSO_LOGON 2016:02:17-17:24:17 firewall argos[23997]: [handle_transparent_sso_request]: Received login sso request: username robert, ip_address 10.10.10.12, domain_name my domain 
 
 But the userobject "robert" is still without IP Address, why? :) 
 
 Regards 
 Robert

HolgerLehn · Accepted Answer

Hi Robert, 
 are there any further questions about this issue? If not, please accept the suggested solution. 
 
 Thank you in advance.

dontpanic · Answer

Hi Robert, 
 
We use ipsets to store the ip address of an user. Here an example: 
 
I authenticated a user and created a packetfilter rule for an user: 
qa-320-c4:/root # iptables-save |grep 4_ 
-A USR_FORWARD -m set --match-set 4_NetAaaAduseUserNetwo src -m logmark --logmark 1 -j LOGACCEPT 
 
There you can see the name of the ipset with the IP address: 
qa-320-c4:/root # ipset -L 4_NetAaaAduseUserNetwo 
Name: 4_NetAaaAduseUserNetwo 
Type: hash:ip 
Revision: 0 
Header: family inet hashsize 4 maxelem 65536 
Size in memory: 200 
References: 1 
Members: 
10.8.63.118 
 
The user / user network objects doesn't contain the ip addresses for performance reasons. It's the same as with the SAA. 
I hope this answer is helpful. :) 
 
/Daniel