> >Hi, I'm wondering if someone can point me in the right direction. I > want to > >list radius clients with the same IPs (and different shared secrets). > This > >would let me use freeradius among multiple offices, where each could > use the > >same IP addresses for the radius clients. > > And how is routing going to work there? How is radius server suposed to > send the response back to the correct client? This can work only if > carry radius server from office to office so it works a little bit > here, > little bit there. If you connect those clients onto a network they will > all stop working (or, at best, first one you put on the network will > work but others won't). > > Ivan Kalik > Kalik Informatika ISP
I'm not exactly sure. How does a RADIUS server work over the Internet? I'm not connecting the radius clients onto the same LAN. If a radius request comes in from the internet, would the server send responses to the Internet IP that it received it from (which I think would work for my case) or would it send to the radius client IP? Here's what I'm trying to do: Host a radius server on the Internet...for PEAP 802.1X (WPA-enterprise). Each AP at the different offices would be set with the Internet IP address of where the radius server is running, along with a shared secret. There would likely be APs set to the same IP address, that's why I'm asking about all this. > > Hi, I'm wondering if someone can point me in the right direction. I > want to > > list radius clients with the same IPs (and different shared secrets). > This > > would let me use freeradius among multiple offices, where each could > use the > > same IP addresses for the radius clients. I need something very > dynamic; > > manually creating virtual servers in the config file won't work well. > > RADIUS doesn't work that way. > > Shared secrets are per client IP. Each client IP is used to look up > the shared secret. You can't have multiple shared secrets for one IP. > > > Right now I'm using v1.188.2.4.2.14 > > That's not the server version number. > > Use "radiusd -v" to get the version information. > > Alan DeKOk. I know it traditionally doesn't, just checking to see what people think and if I might find a way to do what I want to do. What got me thinking something like this could work is when using a different server, I thought I could modify the SQL select statement that's used to find the shared secret. For example, the default is "select SharedSecret from NASES where ClientIPAddress='$c'" I thought I could just add the following to the end "and where Domain=(function that takes the domain from the username...after the @) I found that server can't register the username attribute during the select statement...so it all didn't work. Opps. I'm using v1.1.7 because at the moment I'm using FreeRadius.net on Windows Thanks for your help guys - Eric - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html