from:"Homer Parker"

Re: Ippool

2002-09-25 Thread Homer Parker


On Fri, 20 Sep 2002 11:45:51 +0300 (EEST)
Kostas Kalevras [EMAIL PROTECTED] wrote:


 
 I am not sure that you can do group membership checks with the pam
 module. Try using the unix module for that (just put it in the
 instantiate section to register it's groupcmp function).

That was it, thanks!

--- 
Homer Parker

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Ippool

2002-09-20 Thread Homer Parker


On Fri, 20 Sep 2002 11:45:51 +0300 (EEST)
Kostas Kalevras [EMAIL PROTECTED] wrote:


 I am not sure that you can do group membership checks with the pam
 module. Try using the unix module for that (just put it in the
 instantiate section to register it's groupcmp function).

I'll give that a try, thanks!

--- 
Homer Parker

LAN/WAN, Wireless Networking, PC Sales/Service
Linux, OS/2, Windows9x, Windows NT/2000 Support

PC Services
129 W 8th #101
Russell, KS 67665

785.483.7602
[EMAIL PROTECTED]
http://www.pcsrvc.com

Either you can say I'm for Open Source, open standards, or I'm against
standards. Either you can say I'm for giving customers and communities
a choice or I'm against giving customers and communities a choice.
  - Sam Palmisano, IBM President and COO at LinuxWorld Expo 2001

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Ippool

2002-09-19 Thread Homer Parker


Having a bit of a time getting an Orinoco AS-2000 to get an ip address
from the ippool module.. I authenticate just fine, it just falls through
the users file to the dial-up stuff before it gets a match... Here's some
info:

users file

DEFAULT NAS-IP-Address == 172.16.1.8, Auth-Type := Pam, Group ==
wireless64, Pool-Name := wireless64

DEFAULT Auth-Type := Pam, Group == wireless64, Pool-Name := wireless64
DEFAULT Group == wireless128, Pool-Name := wireless128
DEFAULT Group == wireless192, Pool-Name := wireless192
DEFAULT Group == wireless256, Pool-Name := wireless256

DEFAULT Auth-Type := Pam, Huntgroup-Name == wireless64, Pool-Name :=
wireless64
DEFAULT Huntgroup-Name == wireless128, Pool-Name := wireless128
DEFAULT Huntgroup-Name == wireless192, Pool-Name := wireless192
DEFAULT Huntgroup-Name == wireless256, Pool-Name := wireless256


#DEFAULTSimultaneous-Use := 2
#   Fall-Through = 1

#DEFAULT Auth-Type := Reject, Huntgroup-Name == mail

#DEFAULT Huntgroup-Name := local, Pool-Name := wireless64
#Filter-Id = locallan,
#Fall-Through = 1

#DEFAULTAuth-Type := Pam
#Service-Type = Framed-User,
#Framed-Protocol = PPP,
#Framed-IP-Address = 255.255.255.254,
#Framed-IP-Netmask = 255.255.255.255,
#Framed-Compression = Van-Jacobson-TCP-IP,
#Session-Timeout = 36,
#Idle-Timeout = 900,
#Framed-MTU = 576

With the dialup stuff commented, I do not get authenticated.. As you can
see, I'm trying several different ways to get a hit... 

huntgroups

pop1NAS-IP-Address == 172.16.1.8
wireless64  Group = wireless64

wireless128 Group = wireless128

wireless192 Group = wireless192

wireless256 Group = wireless256

The user I'm testing with is in group wireless64 on the radius server. I
used something similar with Cistron to put people into groups that were
mail only (no Internet access), etc... Can't find any documentation that
says it works any differently now...

radiusd.conf

modules {
ippool wireless64 {
range-start = 64.123.115.131
range-stop = 64.123.115.143
netmask = 255.255.255.128
cache-size = 800
session-db = ${raddbdir}/db.wireless64
ip-index = ${raddbdir}/db.wireless64
}
ippool wireless128 {
range-start = 64.123.115.193
range-stop = 64.123.115.254
netmask = 255.255.255.128
cache-size = 800
session-db = ${raddbdir}/db.wireless128
ip-index = ${raddbdir}/db.wireless128
}
ippool wireless192 {
range-start = 64.123.115.149
range-stop = 64.123.115.160
netmask = 255.255.255.128
cache-size = 800
session-db = ${raddbdir}/db.wireless192
ip-index = ${raddbdir}/db.wireless192
}
ippool wireless256 {
range-start = 64.123.115.162
range-stop = 64.123.115.187
netmask = 255.255.255.128
cache-size = 800
session-db = ${raddbdir}/db.wireless256
ip-index = ${raddbdir}/db.wireless256
}
pam {
pam_auth = radiusd
}
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
compat = no
}

authorize {
preprocess
files
}
authenticate {
pam
}

accounting {
detail
radutmp
wireless64
wireless128
wireless192
wireless256
}
session {
radutmp
}
post-auth {
wireless64
wireless128
wireless192
wireless256
}

Any help appreciated...

--- 
Homer Parker


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Ippool

2002-09-19 Thread Homer Parker


On Thu, 19 Sep 2002 15:02:45 -0500
Homer Parker [EMAIL PROTECTED] wrote:

   Having a bit of a time getting an Orinoco AS-2000 to get an ip
   address
 from the ippool module.. I authenticate just fine, it just falls through
 the users file to the dial-up stuff before it gets a match... Here's
 some info:

I forgot the versions... Have tried with .70 and CVS as of 1pm CST
9-19...

--- 
Homer Parker

LAN/WAN, Wireless Networking, PC Sales/Service
Linux, OS/2, Windows9x, Windows NT/2000 Support

PC Services
129 W 8th #101
Russell, KS 67665

785.483.7602
[EMAIL PROTECTED]
http://www.pcsrvc.com

Either you can say I'm for Open Source, open standards, or I'm against
standards. Either you can say I'm for giving customers and communities
a choice or I'm against giving customers and communities a choice.
  - Sam Palmisano, IBM President and COO at LinuxWorld Expo 2001

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Ippool

Re: Ippool

Ippool

Re: Ippool

4 matches

Site Navigation

Mail list logo

Footer information