Hi Ivan, Really, I appreciate the information. I'm sure between the suggestions given I could do it. However, if it is more than a command line or script on the radius server itself, its too involved for the person I have to turn it over to. I just saw that radtest took nasname as an option and thought it would have a bearing on the secret. Not the case, so I know better. :)
Thanks, Tuc > > If you have a spare box on a local network, switch that supports VLANs > and a router that can tag VLANs - you can spoof the whole outside > network with simple IP/VLAN configuration: > > configure a gateway IP interface for the network you want to spoof on > your router and tag it with testing VLAN ID - that will create a locally > connected routing table entry - no creative manual entries needed > > configure testing VLAN ID on the switchport to which you will connect the > testing box > > configure IP you want to spoof on the testing box > > That shouldn't take more than 5 minutes. Just make sure that you remove > the spoofed gateway interface from the router after testing in order to > be able to use the real network. > > Ivan Kalik > Kalik Informatika ISP > > > Dana 4/5/2008, "Tuc at T-B-O-H.NET" <[EMAIL PROTECTED]> pi?e: > > >> > >> Hi, > >> > >> > Tech calls in and say that he can't get an appliance working in the > >> > field. > >> > I ask him what secret he's using and the IP address of the appliance. I > >> > want to > >> > be able to be locally logged onto the radius server and use > >> > radtest/radclient/rad???? > >> > to be able to query radius asking "If I was IP, and I gave you SECRET, > >> > would you > >> > authorize me?". > >> > > >> > So I want to be on 1.2.3.4, but say I'm on 3.4.5.6 . Right now, If I > >> > say I'm on 3.4.5.6, it still wants the secret for 1.2.3.4 . > >> > >> you want to spoof the source address? tricky. one 'easy' way to do this > >> would > >> be to create a local VPN/GRE tunnel on the linux box under which you could > >> emulate a remote link. > >> > >> configure freeradius to also listen on that virtual address, run the > >> radclient with the destination being the end point of the VPN - the > >> linux routing tables would then come into play. you'd have to > >> reconfigure the VPN end addresses etc each time to emulate an > >> outside world link...but it would work. > >> > > Not worth it. All I'm looking to do is get programatic confirmation > >that the ip/secret combination in the field is correct. Since this is an > >appliance, not an OS, I don't have access to radtest on the appliance. To > >have someone start setting up VPN/GRE/etc is more hassle than its worth. > >I just have to tell the tech to RTFD closer. I was just hoping I could > >put together a local form on a webserver that could shell out to a script > >to make the test. > > > > We'll just have to suffer. :) (Or ask the manufacturer to include > >a utility in the "diagnostic" section) > > > > Thanks, Tuc > >- > >List info/subscribe/unsubscribe? See > >http://www.freeradius.org/list/users.html > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html