RE: Freeradius and IPASS
Walter,
thanks for the guide,
i've ventured one step closer to the solution.
Whenever I launch an authentication request it gets
denied and my netserver log displays:
rad_request: attempted radius authentication; try -r option
any clue on this one?
thank you very very much,
Bart
-Original Message-
From: Walter Perris [mailto:[EMAIL PROTECTED]
Sent: donderdag 4 december 2003 17:49
To: [EMAIL PROTECTED]
Subject: Re: Freeradius and IPASS
Hi,
This is the complete guide for IPASS Netserver
1) Edit the realm section of your radius.conf file
(/etc/raddb/radius.conf).
Within the radius.conf file (/etc/raddb/radius.conf), there will be a
section containing your realm list. This section lists all of the realms
known to FreeRADIUS, and defines how they are handled. To enable FreeRADIUS
to recognize the IPASS/ prefix, locate the following section, edit the
entry and uncomment the section:
realm slash {
format = prefix
cut
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and IPASS
Hi Bart,
Just check if the netserver and Radius are listen
on the same radius and accounting ports, also check if the netserver is able to
connect to so called Home Server which IPass Uses.
Regards,Walter Perris
- Original Message -
From:
Bart Van
Daal
To: '[EMAIL PROTECTED]'
Sent: Friday, December 05, 2003 6:39
AM
Subject: RE: Freeradius and IPASS
Walter,thanks for the guide,i've ventured one step closer
to the solution.Whenever I launch an authentication request it
getsdenied and my netserver log displays:rad_request: attempted
radius authentication; try -r optionany clue on this one?thank
you very very much,Bart-Original Message-From:
Walter Perris [mailto:[EMAIL PROTECTED]Sent: donderdag 4 december 2003
17:49To: [EMAIL PROTECTED]Subject: Re: Freeradius and IPASS
Hi,This is the complete guide for IPASS
Netserver1) Edit the realm section of your radius.conf
file(/etc/raddb/radius.conf). Within the radius.conf file
(/etc/raddb/radius.conf), there will be asection containing your realm
list. This section lists all of the realmsknown to FreeRADIUS, and
defines how they are handled. To enable FreeRADIUSto recognize the IPASS/
prefix, locate the following section, edit theentry and uncomment the
section:realm slash { format =
prefix cut- List
info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-- Incoming mail is certified Virus Free.Checked by
AVG Anti-Virus (http://www.grisoft.com).Version:
7.0.206 / Virus Database: 261.3.3 - Release Date:
12/2/2003
Outgoing mail is certified Virus Free.
Checked by AVG Anti-Virus (http://www.grisoft.com).
Version: 7.0.206 / Virus Database: 261.3.3 - Release Date: 12/2/2003
Freeradius and IPASS
Hello Freeradius Users,
just a small question:
Do I need to configure anything special to proxy to an Ipass netserver?
this is my entry in the proxy.conf
realm IPASS {
type= radius
authhost= 12.34.56.78:1645
accthost= 12.34.56.78:1646
secret = ipassecret
nostrip
}
thanks for any hints or help,
Bart
Bart van Daal
Tel + 32 3 780 74 80
www.edpnet.net http://www.edpnet.net/
EDPnet Technical Department
EDPnet confidential proprietary business information
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and IPASS
At 09:39 AM 12/4/2003, Bart Van Daal wrote:
Hello Freeradius Users,
just a small question:
Do I need to configure anything special to proxy to an Ipass netserver?
this is my entry in the proxy.conf
realm IPASS {
type= radius
authhost= 12.34.56.78:1645
accthost= 12.34.56.78:1646
secret = ipassecret
nostrip
}
This should work. I don't think they do anything differently with
respect to Radius.
-Chris
--
\\\|||/// \ StarNet Inc. \ Chris Parker
\ ~ ~ / \ WX *is* Wireless!\ Director, Engineering
| @ @ |\ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\--
\ Wholesale Internet Services - http://www.megapop.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and IPASS
Bart Van Daal [EMAIL PROTECTED] wrote: just a small question: Do I need to configure anything special to proxy to an Ipass netserver? Read 'radiusd.conf'. Look for the word IPASS Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and IPASS
Hi,
This is the complete guide for IPASS Netserver
1) Edit the realm section of your radius.conf file (/etc/raddb/radius.conf).
Within the radius.conf file (/etc/raddb/radius.conf), there will be a section
containing your realm list. This section lists all of the realms known to
FreeRADIUS, and defines how they are handled. To enable FreeRADIUS to recognize
the IPASS/ prefix, locate the following section, edit the entry and uncomment
the section:
realm slash { format = prefix
delimiter = "/" }
When you are complete, the section should look as follows:
realm IPASS { format = prefix
delimiter = "/" }
2) Edit the authorization section of your radius.conf file
(/etc/raddb/radius.conf).
Within the radius.conf file (/etc/raddb/radius.conf), there will also be an
authorization section. This section defines how FreeRADIUS will authorize users.
You will want to ensure that the listings in this section are in the order shown
below to allow FreeRADIUS to perform authorization properly. The entry below
allows FreeRADIUS to preprocess all users against the hints or huntgroups files,
then to process all realms, and finally to look in the users file. The order of
the realm modules will determine the order in which the FreeRADIUS will try to
find a matching realm. You will need to add an entry for the IPASS prefix above
the line for the suffix to allow these users to be processed first. When
complete, this section should look similar to the example below:
authorize { preprocess
IPASS suffix
files }
3) Edit the pre-accounting section of your radius.conf file
(/etc/raddb/radius.conf).
Another section you will need to edit in the radius.conf file
(/etc/raddb/radius.conf) is the pre-accounting section. The following entry
allows FreeRADIUS to look for a proxy realm in the order that each realm is
listed, then to look at the acct_users file, and finally to preprocess users
using the hints file. You will need to add an entry for the IPASS prefix above
the line for the suffix to allow these users to be processed first. When
complete, this section should look similar to the example below:
preacct { IPASS
suffix files
preprocess }
When you have finished editing radius.conf, save and exit the file.
4) Edit the users file (/etc/raddb/users).
The users file (/etc/raddb/users) dictates how FreeRADIUS authenticates
users. You will need to ensure that there is a Default entry in the users file
similar to the one shown below. Please note that this is only an example of the
type of entry needed. If you already have a default entry, please let your iPass
technician know what it is before modification:
**Please do not add this if you already have a DEFAULT configuration declared
in your users file**
DEFAULT Auth-Type =Local
When you have finished editing the users file, save and exit the file.
5) Add the IPASS/ realm entry to your proxy.conf file
(/etc/raddb/proxy.conf).
To complete this configuration and allow FreeRADIUS to proxy iPass traffic to
your NetServer, you must add an entry for the IPASS/ prefix realm to your
proxy.conf file (/etc/raddb/proxy.conf). The following entry can be to this file
anywhere within the list of realm entries, provided it is placed above the
DEFAULT realm entry.
realm IPASS {
type = radius
authhost = IP.Address.of.NetServer:11812
accthost = IP.Address.of.NetServer:11813
secret =mysecret nostrip }
NOTE: The shared secret listed in the entry above must be the same value as
the secret of the NetServer found in the /usr/ipass/raddb/clients file of your
NetServer software.
When you have finished editing proxy.conf, save and exit the file.
6) When complete, restart your FreeRADIUS to allow these changes to take
effect.
Regards,Walter Perris
Senoir Network Enginner
Curanet N.V.
-
Original Message -
From: Alan DeKok
To: [EMAIL PROTECTED]
Sent: Thursday, December 04, 2003 12:39 PM
Subject: Re: Freeradius and IPASS
Bart Van Daal [EMAIL PROTECTED] wrote:
just a small question: Do I need to configure anything special to
proxy to an Ipass netserver? Read 'radiusd.conf'. Look for
the word "IPASS" Alan DeKok.- List
info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html--
Incoming mail is certified Virus Free.Checked by AVG Anti-Virus (http://www.grisoft.com).Version: 7.0.206
/ Virus Database: 261.3.3 - Release Date:
12/2/2003
Outgoing mail is certified Virus Free.
Checked by AVG Anti-Virus (http://www.grisoft.com).
Version: 7.0.206 / Virus Database: 261.3.3 - Release Date: 12/2/2003
