Re: Freeradius and IPASS

2003-12-05 Thread Walter Perris 



Hi Bart,
Just check if the netserver and Radius are listen 
on the same radius and accounting ports, also check if the netserver is able to 
connect to so called Home Server which IPass Uses.
 
Regards,Walter Perris

  - Original Message - 
  From: 
  Bart Van 
  Daal 
  To: '[EMAIL PROTECTED]' 
  
  Sent: Friday, December 05, 2003 6:39 
  AM
  Subject: RE: Freeradius and IPASS 
  Walter,thanks for the guide,i've ventured one step closer 
  to the solution.Whenever I launch an authentication request it 
  getsdenied and my netserver log displays: rad_request: attempted 
  radius authentication; try -r optionany clue on this one?thank 
  you very very much,Bart>-Original Message----->From: 
  Walter Perris [mailto:[EMAIL PROTECTED]>Sent: donderdag 4 december 2003 
  17:49>To: [EMAIL PROTECTED]>Subject: Re: Freeradius and IPASS 
  >>>Hi,>This is the complete guide for IPASS 
  Netserver>1) Edit the realm section of your radius.conf 
  file(/etc/raddb/radius.conf). >Within the radius.conf file 
  (/etc/raddb/radius.conf), there will be asection containing your realm 
  list. This section lists >all of the realmsknown to FreeRADIUS, and 
  defines how they are handled. To enable FreeRADIUSto recognize the IPASS/ 
  >prefix, locate the following section, edit theentry and uncomment the 
  section:>>realm slash {  >  >> format = 
  prefix  >  - List 
  info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-- Incoming mail is certified Virus Free.Checked by 
  AVG Anti-Virus (http://www.grisoft.com).Version: 
  7.0.206 / Virus Database: 261.3.3 - Release Date: 
12/2/2003
Outgoing mail is certified Virus Free.
Checked by AVG Anti-Virus (http://www.grisoft.com).
Version: 7.0.206 / Virus Database: 261.3.3 - Release Date: 12/2/2003

Re: Freeradius and IPASS

2003-12-04 Thread Walter Perris 




Hi,
This is the complete guide for IPASS Netserver
1) Edit the realm section of your radius.conf file (/etc/raddb/radius.conf). 

Within the radius.conf file (/etc/raddb/radius.conf), there will be a section 
containing your realm list. This section lists all of the realms known to 
FreeRADIUS, and defines how they are handled. To enable FreeRADIUS to recognize 
the IPASS/ prefix, locate the following section, edit the entry and uncomment 
the section:
realm slash {     format = prefix    
 delimiter = "/"  } 
When you are complete, the section should look as follows: 
realm IPASS {     format = prefix    
 delimiter = "/"  } 
2) Edit the authorization section of your radius.conf file 
(/etc/raddb/radius.conf). 
Within the radius.conf file (/etc/raddb/radius.conf), there will also be an 
authorization section. This section defines how FreeRADIUS will authorize users. 
You will want to ensure that the listings in this section are in the order shown 
below to allow FreeRADIUS to perform authorization properly. The entry below 
allows FreeRADIUS to preprocess all users against the hints or huntgroups files, 
then to process all realms, and finally to look in the users file. The order of 
the realm modules will determine the order in which the FreeRADIUS will try to 
find a matching realm. You will need to add an entry for the IPASS prefix above 
the line for the suffix to allow these users to be processed first. When 
complete, this section should look similar to the example below:
authorize {     preprocess   
 IPASS     suffix    
 files  } 
3) Edit the pre-accounting section of your radius.conf file 
(/etc/raddb/radius.conf). 
Another section you will need to edit in the radius.conf file 
(/etc/raddb/radius.conf) is the pre-accounting section. The following entry 
allows FreeRADIUS to look for a proxy realm in the order that each realm is 
listed, then to look at the acct_users file, and finally to preprocess users 
using the hints file. You will need to add an entry for the IPASS prefix above 
the line for the suffix to allow these users to be processed first. When 
complete, this section should look similar to the example below:
preacct {     IPASS    
 suffix     files    
 preprocess } 
When you have finished editing radius.conf, save and exit the file. 
4) Edit the users file (/etc/raddb/users). 
The users file (/etc/raddb/users) dictates how FreeRADIUS authenticates 
users. You will need to ensure that there is a Default entry in the users file 
similar to the one shown below. Please note that this is only an example of the 
type of entry needed. If you already have a default entry, please let your iPass 
technician know what it is before modification: 
**Please do not add this if you already have a DEFAULT configuration declared 
in your users file** 
DEFAULT Auth-Type =Local 
When you have finished editing the users file, save and exit the file. 
5) Add the IPASS/ realm entry to your proxy.conf file 
(/etc/raddb/proxy.conf). 
To complete this configuration and allow FreeRADIUS to proxy iPass traffic to 
your NetServer, you must add an entry for the IPASS/ prefix realm to your 
proxy.conf file (/etc/raddb/proxy.conf). The following entry can be to this file 
anywhere within the list of realm entries, provided it is placed above the 
DEFAULT realm entry.
realm IPASS {  
 type = radius 
 authhost = IP.Address.of.NetServer:11812 
 accthost = IP.Address.of.NetServer:11813 
 secret =mysecret    nostrip  } 
NOTE: The shared secret listed in the entry above must be the same value as 
the secret of the NetServer found in the /usr/ipass/raddb/clients file of your 
NetServer software.
When you have finished editing proxy.conf, save and exit the file. 
6) When complete, restart your FreeRADIUS to allow these changes to take 
effect.   
Regards,Walter Perris
Senoir Network Enginner
Curanet N.V.

  - 
  Original Message - 
  From: Alan DeKok 
  To: [EMAIL PROTECTED] 
  Sent: Thursday, December 04, 2003 12:39 PM
  Subject: Re: Freeradius and IPASS 
  Bart Van Daal <[EMAIL PROTECTED]> wrote:> 
  just a small question: > Do I need to configure anything special to 
  proxy to an Ipass netserver?  Read 'radiusd.conf'.  Look for 
  the word "IPASS"  Alan DeKok.- List 
  info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-- 
  Incoming mail is certified Virus Free.Checked by AVG Anti-Virus (http://www.grisoft.com).Version: 7.0.206 
  / Virus Database: 261.3.3 - Release Date: 
12/2/2003
Outgoing mail is certified Virus Free.
Checked by AVG Anti-Virus (http://www.grisoft.com).
Version: 7.0.206 / Virus Database: 261.3.3 - Release Date: 12/2/2003

3Com Total Control

2003-09-22 Thread Walter Perris 



Is anybody experiencing duplicates accounting records with 3Com Total 
Control NAS's and Free Radius?
 
 
Walter
Outgoing mail is certified Virus Free.
Checked by AVG Anti-Virus (http://www.grisoft.com).
Version: 7.0.176 / Virus Database: 260.1.2 - Release Date: 9/18/2003

Accounting Problem

2003-09-11 Thread Walter Perris 



I am using freeradius 0.7.x with 3Com Total 
Control 1000. No matter what I do I seem to be getting an error like 

 
Error: Accounting logout : login entry for NAS 
x port xx not found.
 
As a result of this I am getting duplicate 
entries of the same session in my detail files.
Does anyone have a clue on how to solve this 
probklem.
 
Regards,
Walter Perris
Outgoing mail is certified Virus Free.
Checked by AVG Anti-Virus (http://www.grisoft.com).
Version: 7.0.167 / Virus Database: 260.0.0 - Release Date: 9/8/2003