Re: Installing Freeradius on Solaris 9 Box
Rudy Leisering wrote: > > I'm ignorant when it comes to Unix and could use some help. > > I'm trying to get Freeradius version 0.5 installed. When I run the > ./configure I get several error messages that are meaningless to me > even after searching the documentation. (i.e.: Could not find CC). > Could someone please point me in the direction of the documentation > where I can figure out what I'm doing wrong? I suspect that I'm > missing something in the path, but don't know what. > > Thank you, > Rudy, it sounds like you have some more fundemental issues with your solaris 9 install than any issues with Freeradius atm. Seems like you need to get a compiler working properly and your paths setup first, I've emailed you direclty with some pointers as Solaris support is out of the bounds of this newsgroup :) Cheers John -- oJohn Benge - Product Development o o Email: [EMAIL PROTECTED] Mobile: +44 7887796300 thus[tm] Fax: +44 870 051 9983Work: +44 208 371 3739 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
General question about experiences with radius pre-authentication packets/support
Hi, I am currently using Freeradius with a USR chassis/quad modems, the quads do not generate any CLI/DNIS pre-auth data so pre-authentication is of no use, however moving to DSP cards isnt far off and I'l like to be prepared for using pre-authentication. Can anybody confirm if they are using pre-auth packets with freeradius?? I would have thought I could setup a user whose name is the DNIS digits? although I dont expect to be able to limit the number of ports(maybe this could be a future feature?) Using: Freeradius 0.4 on Solaris/Sparc 8 02/02. Thanks John -- o John Benge - Development o o Email: [EMAIL PROTECTED] Mobile: +44 7887796300 thus[tm] Fax: +44 870 051 Work: +44 208 371 3739 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: A question regarding radius attribute tagging
Chris Parker wrote: > If there is a standard attribute ( non-VSA ) that does what you want, > I highly urge the use of that, over the VSA, as it will be more portable. > If there isn't a standard attribute to accomplish it, then you don't have > a choice, so you have to use the VSA. > > I come from a multi-vendor NAS environment, so using the most commonly > understood attributes is highly desirable. > > Example: > > 'Ascend-Idle-Limit' is a VSA that only works on Ascend NAS. > > 'Idle-Timeout' does the same thing, and works on all NAS. > > So, you'd want to use Idle-Timeout, as it's more "portable". > > -Chris Hi, Thanks for the good advice Chris! Cheers John -- oJohn Benge - Development o o Email: [EMAIL PROTECTED] Mobile: +44 7887796300 thus[tm] Fax: +44 870 051 Work: +44 208 371 3739 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: A question regarding radius attribute tagging
> Yes. You can use something like this for your users file: > > tunneluser Auth-Type := Local, Password == "foobar" > Tunnel-Type:1 = L2TP > Tunnel-Medium-Type:1 = IP > Tunnel-Server-Endpoint:1 = "10.20.30.2" > Tunnel-Password:1 = "secret" > Tunnel-Preference:1 = 1 > Tunnel-Type:2 = GRE > Tunnel-Medium-Type:2 = IP > Tunnel-Server-Endpoint:2 = "10.99.98.67" > Tunnel-Preference:2 = 2 > > The :X after the attribute is the 'tag'. The attributes that share a > common tag value become a group. The group with the lowest tunnel-pref > value is tried first. In the example above, that would be the L2TP tunnel, > if the NAS can't do the L2TP tunnel, it will then try the GRE tunnel. > > > -Chris Hi Chris, thanks for the help! I'll give it a go right now and take a look at the RFC you mentioned. This may seen a naive question but i only have 5 days worth of radius experience under my belt, when should i/should not use VSA (like the tunnel VSA's in my original post)?? Cheers John -- oJohn Benge - Development o o Email: [EMAIL PROTECTED] Mobile: +44 7887796300 thus[tm] Fax: +44 870 051 Work: +44 208 371 3739 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
A question regarding radius attribute tagging
Hi, I'm running FreeRadius 0.4 on Sparc/Solaris 8 (latest patches) for some testing i'm conducting with 3Com/Cisco L2TP tunnels - please bear with me i'm a radius newbie and have only been running FR for a week. I have FR up and running nicely, sending back attributes to the nas's in question to setup tunnels. I've heard about a tunnel feature that allows the nas to receive multiple tunnel-endpoint attributes and then load balance the tunnels it builds, i'd like to try this! The nas can cope with receiving multiple tunnel-endpoint attributes, so I presume I can just create a user.conf profile with multiple endpoint attributes like this: USR-Tunnel-Security = none, USR-Tunnel-Type = L2TP, USR-Tunnel-Endpoint = 10.0.0.100, USR-Tunnel-Endpoint = 10.0.0.101, USR-Tunnel-Endpoint = 10.0.0.102, Under Steel Belted Radius multiple attributes are refered to as tagging where the attributes in question are tagged with something like [1] [2] [3] so that SBR can distinguish them - or something like that :) So the big question is, can FreeRadius handle sending back multiple instances of the same attribute with different values? If it can is there anything inparticular that I need to do to set it up or can I just add multiple instances of the attribute as in the example above? And has anyone else ever tried this with FR ?? Kind Regards John -- oJohn Benge - Development o o Email: [EMAIL PROTECTED] Mobile: +44 7887796300 thus[tm] Fax: +44 870 051 Work: +44 208 371 3739 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html