Hi Oxiel Please update the HOWTO and possibly the FAQ with your comments.
Regards Peter On Thu 15 Feb 2007 04:30, Oxiel Contreras wrote: > Hello Santa. > > This worked great!!! > > I was doing 802.1x only, no AVLAN. > > For any soul out there trying to implement 802.1x with FreeRadius on > OpenSuSE10.1 and Omniswitch 7800 and Active Directory as taught on: > > http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO > > Take note of the following points: > > 1) If you use PEAP, install the patch from MS to Radius as noted on the > FAQ, you need someone with Gold Support from M$ to get it or email me off > the list :) > > http://wiki.freeradius.org/FreeRADIUS_Wiki:FAQ#PEAP_Doesn.27t_Work > > 2) If PEAP is your election, install the CA and generate the certificates > on the Radius server. > > 3) Modify the permissions of execution for the winbind daemon in order to > acomplish the ntlm_auth process, FIXME, now using root permissions. > > 4) Use Xylan-Auth-Group as VSA in /etc/raddb/users as the attribute for > assigning VLAN, or generate the new dictionary.alcatel as Santa Yeh > described below, and then use Alcatel-Auth-Group as the attribute for VLAN > > 5) Use the setup for omniswitch as described below by Santa Yeh > > 6) Thank all these great people who develop and support this great > software. > > Thanks Alan, A.L.M., Jeremy, Marcel and Santa. > > Best regards > > Oxiel > > El Miércoles, 14 de Febrero de 2007 11:19, Santa Yeh escribió: > > Hello Oxiel, > > > > Are you doing AVLAN or 802.1x? > > > > 1. I created a new file - dictionary.alcatel > > > > # > > # dictionary.alcatel > > # > > # Alcatel VSAs > > # > > > > VENDOR Alcatel 800 > > > > # > > # Standard attribute > > # > > ATTRIBUTE Alcatel-Auth-Group 1 integer Alcatel > > ATTRIBUTE Alcatel-Slot-Port 2 string Alcatel > > ATTRIBUTE Alcatel-Time-of-Day 3 string Alcatel > > ATTRIBUTE Alcatel-Client-IP-Addr 4 ipaddr Alcatel > > ATTRIBUTE Alcatel-Group-Desc 5 string Alcatel > > ATTRIBUTE Alcatel-Port-Desc 6 string Alcatel > > > > VALUE Acct-Authentic AUTH-AVCLIENT 4 > > VALUE Acct-Authentic AUTH-TELNET 5 > > VALUE Acct-Authentic AUTH-HTTP 6 > > > > 2. For users file > > > > user1 Auth-Type := Local, Password = "user1" > > Alcatel-Auth-Group = 3 > > > > 3. For AVLAN > > > > vlan 3 authentication enable > > vlan port mobile 1/1 bpdu ignore enable > > vlan port 1/1 authenticate enable > > ip interface vlan3 address 192.168.11.254 mask 255.255.255.0 vlan 3 > > aaa radius-server rad1 host 192.168.10.211 key radkey > > aaa authentication vlan single-mode rad1 > > aaa accounting vlan rad1 > > aaa avlan default dhcp 192.168.11.254 > > aaa avlan dns alcatel > > avlan 3 auth-ip 192.168.11.253 > > > > 4. For 802.1x (Sorry, just from my memory) > > > > vlan 3 802.1x enable > > vlan port mobile 1/1 bpdu ignore enable > > vlan port 1/1 802.1x enable > > ip interface vlan3 address 192.168.11.254 mask 255.255.255.0 vlan 3 > > aaa radius-server rad1 host 192.168.10.211 key radkey > > aaa authentication 802.1x rad1 > > aaa accounting 802/1x rad1 > > Chiacchiera con i tuoi amici in tempo reale! > http://it.yahoo.com/mail_it/foot/*http://it.messenger.yahoo.com > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html