Hi everyone,
Need a little help with radrelay. I have two NAS boxes (a
portmaster and Ascend). Both of them authenticate customers from two radius
servers (radius-0.8). One primary and other secondary. I want to run
radrelay. My questions are
as it says in doc/radrelay
1. radrelay -S secret_file <server> detail-combined
what is a secret file, what should it contain and how do we write it ?
where it says server, which server is that is it the primary server IP
(localhost) or secondary server IP ?
My detail-combined is getting created.
Thanks for your help and time.
If you have any questions or comments, kindly do not hesitate to contact us
at Golden IT.
kind regards,
Internet Services Administrator
Golden IT
Ph: +61 (3) 97052511
Fax: +61 (3) 97052544
Email: [EMAIL PROTECTED]
Web: www.goldenit.net.au
----------------------------------------------------------------------------
-----------------------------------------------------
Please advise the originator by telephone (03)9705 2511 in the event that
this transmission is incomplete.
IF THIS EMAIL HAS BEEN SENT TO YOU BY MISTAKE: please call (03) 9705 2511
and destroy it immediately. This email may contain Information which is
confidential or which is subject to legal professional privilege. You must
not use this email or the Information in it. Any confidentiality or
privilege is not waived or lost because this email has been sent to you by
mistake.
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, December 14, 2002 4:26 PM
Subject: Freeradius-Users digest, Vol 1 #1356 - 9 msgs
> Send Freeradius-Users mailing list submissions to
> [EMAIL PROTECTED]
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.cistron.nl/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
> [EMAIL PROTECTED]
>
> You can reach the person managing the list at
> [EMAIL PROTECTED]
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
>
> 1. Re: Script to run if user fails authentication (Alan DeKok)
> 2. Re: Script to run if user fails authentication (Chris A. Kalin)
> 3. Re: Script to run if user fails authentication (Alan DeKok)
> 4. Re: Script to run if user fails authentication (Chris A. Kalin)
> 5. Re: Script to run if user fails authentication (Alan DeKok)
> 6. Re: Script to run if user fails authentication (Chris A. Kalin)
> 7. RE: How to use Calling-Station-Id to filter client's MAC (Pierre-Luc
Dion)
> 8. Startup scripts for Mandrake Linux (Aaron Brookes)
> 9. Startup scripts for Mandrake Linux (Aaron Brookes)
>
> --__--__--
>
> Message: 1
> From: "Alan DeKok" <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: Script to run if user fails authentication
> Date: Fri, 13 Dec 2002 14:18:26 -0500
> Reply-To: [EMAIL PROTECTED]
>
> "Chris A. Kalin" <[EMAIL PROTECTED]> wrote:
> > I've looked over the documentation, but I can't seem to find how to run
a
> > script if the user fails authentication.
>
> There isn't one, right now.
>
> The 'post-auth' section may be able to help you.
>
> Alan DeKok.
>
>
> --__--__--
>
> Message: 2
> From: "Chris A. Kalin" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject: Re: Script to run if user fails authentication
> Date: Fri, 13 Dec 2002 13:24:52 -0600
> Reply-To: [EMAIL PROTECTED]
>
> OK, so do you think the best way to go would be to always have a script
run
> that performs authentication and decides whether a user gets the
"standard"
> set of reply attributes or the "restricted" ones?
>
> Chris
>
> ----- Original Message -----
> From: "Alan DeKok" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, December 13, 2002 1:18 PM
> Subject: Re: Script to run if user fails authentication
>
>
> > "Chris A. Kalin" <[EMAIL PROTECTED]> wrote:
> > > I've looked over the documentation, but I can't seem to find how to
run
> a
> > > script if the user fails authentication.
> >
> > There isn't one, right now.
> >
> > The 'post-auth' section may be able to help you.
> >
> > Alan DeKok.
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
> >
>
>
>
> --__--__--
>
> Message: 3
> From: "Alan DeKok" <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: Script to run if user fails authentication
> Date: Fri, 13 Dec 2002 14:42:33 -0500
> Reply-To: [EMAIL PROTECTED]
>
> "Chris A. Kalin" <[EMAIL PROTECTED]> wrote:
> > OK, so do you think the best way to go would be to always have a script
run
> > that performs authentication and decides whether a user gets the
"standard"
> > set of reply attributes or the "restricted" ones?
>
> For now, yes.
>
> Alan DeKok.
>
>
> --__--__--
>
> Message: 4
> From: "Chris A. Kalin" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject: Re: Script to run if user fails authentication
> Date: Fri, 13 Dec 2002 13:50:40 -0600
> Reply-To: [EMAIL PROTECTED]
>
> Sorry to be a pest about this, but should the RADIUS server be able to
react
> to whatever reply attributes the script sends back? The reason I ask is
> because I've got all sorts of conditionals later on in the users file
> (checking for groups, setting Simultaneous-Auth and Max-Monthly-Session,
> etc.) and I figure the best way to do that is to have the script return
> "Auth-Type = System" if the script sees that the username/password combo
is
> correct, so then the RADIUS server will pick up the GID of the user in
> question and keep going in the users file. Yes, I know this would be a
> second lookup against NIS, it's inexpensive enough that I can live with it
> for the few weeks this is running.
>
> Failing that, how would I have the script return the kind of information I
> would normally put in the check items, such as Simultaneous-Use := 1, or
> Max-Monthly-Session := 1296000?
>
> If I'm not making sense, feel free to point that out. :)
>
> Thanks again for the help so far.
>
> Chris
>
>
> ----- Original Message -----
> From: "Alan DeKok" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, December 13, 2002 1:42 PM
> Subject: Re: Script to run if user fails authentication
>
>
> > "Chris A. Kalin" <[EMAIL PROTECTED]> wrote:
> > > OK, so do you think the best way to go would be to always have a
script
> run
> > > that performs authentication and decides whether a user gets the
> "standard"
> > > set of reply attributes or the "restricted" ones?
> >
> > For now, yes.
> >
> > Alan DeKok.
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
> >
>
>
>
> --__--__--
>
> Message: 5
> From: "Alan DeKok" <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: Script to run if user fails authentication
> Date: Fri, 13 Dec 2002 14:55:11 -0500
> Reply-To: [EMAIL PROTECTED]
>
> "Chris A. Kalin" <[EMAIL PROTECTED]> wrote:
> > Sorry to be a pest about this, but should the RADIUS server be able to
react
> > to whatever reply attributes the script sends back?
>
> No. Scripts are run as almost the last thing the server does,
> before responding with the Access-Accept or Access-Reject.
>
> > I figure the best way to do that is to have the script return
> > "Auth-Type = System" ...
>
> That won't work.
>
> Look in the CVS head, and try the 'rlm_perl' module. It's been
> significantly updated, and might be your best solution.
>
> Alan DeKok.
>
>
> --__--__--
>
> Message: 6
> From: "Chris A. Kalin" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject: Re: Script to run if user fails authentication
> Date: Fri, 13 Dec 2002 14:09:41 -0600
> Reply-To: [EMAIL PROTECTED]
>
> OK, cool, thanks.
>
> Chris
>
> ----- Original Message -----
> From: "Alan DeKok" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, December 13, 2002 1:55 PM
> Subject: Re: Script to run if user fails authentication
>
>
> > "Chris A. Kalin" <[EMAIL PROTECTED]> wrote:
> > > Sorry to be a pest about this, but should the RADIUS server be able to
> react
> > > to whatever reply attributes the script sends back?
> >
> > No. Scripts are run as almost the last thing the server does,
> > before responding with the Access-Accept or Access-Reject.
> >
> > > I figure the best way to do that is to have the script return
> > > "Auth-Type = System" ...
> >
> > That won't work.
> >
> > Look in the CVS head, and try the 'rlm_perl' module. It's been
> > significantly updated, and might be your best solution.
> >
> > Alan DeKok.
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
> >
>
>
>
> --__--__--
>
> Message: 7
> From: "Pierre-Luc Dion" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject: RE: How to use Calling-Station-Id to filter client's MAC
> Date: Fri, 13 Dec 2002 17:20:10 -0500
> Reply-To: [EMAIL PROTECTED]
>
> I Kevin,
>
> I try somethings to be able to filter client with MAC, and it work !!!
> in users file :
>
> "username" Auth-Type := EAP, Calling-Station-Id = "123e37bb86b2"
>
> for authentification I use EAP/TLS and the username are the certificat and
> client name.
>
>
>
>
> Pierre-Luc
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Kevin
> Sent: December 11, 2002 5:04 AM
> To: users
> Subject: How to use Calling-Station-Id to filter client's MAC
>
>
> Hi all,
>
> I try use the attribute "Calling-Station-Id" to filter client's MAC ,but
it
> can't work (can't filter client's MAC),Does any body can tell me how to
> config FreeRADIUS ?
> Thanks a lot !!
>
>
>
> the following is my config:
>
> test Auth-Type := EAP, User-Password = "test"
> Calling-Station-Id ="00-10-11-11-11-11"
>
>
>
> //Kevin
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
>
> --__--__--
>
> Message: 8
> From: "Aaron Brookes" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject: Startup scripts for Mandrake Linux
> Date: Fri, 13 Dec 2002 16:54:19 -0600
> Reply-To: [EMAIL PROTECTED]
>
> I am running Freeradius .80 under Mandrake Linux v9 and am trying to get
> Freeradius to start automatically when Linux starts.
>
>
>
> --__--__--
>
> Message: 9
> From: "Aaron Brookes" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject: Startup scripts for Mandrake Linux
> Date: Fri, 13 Dec 2002 17:00:27 -0600
> Reply-To: [EMAIL PROTECTED]
>
> I am running Freeradius .8 under Mandrake Linux v9 and was wondering if
> anyone has written startup and shutdown scripts that can be used with the
> rc?.d directories to start Freeradius automatically.
>
>
>
>
> --__--__--
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
>
> End of Freeradius-Users Digest
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
