Re: tunneling
At 08:20 PM 12/1/2003, Rohaizam Abu Bakar wrote: anybody familiar with LDAP entry those with TAG can help me?? FreeRADIUS natively prints in the format of: ATTR : TAG = VALUE When running in debugging mode, etc. However it parses in two modes, the "native" mode shown above, and the "Merit" mode shown here: ATTR = :TAG:VALUE ex: Tunnel-Password = :0:toomanysecrets So you can enode the tag on either the Attribute, or the Value. In your case, you'll probably want to use the "Merit" syntax and store the TAG with the Value. Unless you are returning multiple tunnel profiles, it is best to use a TAG of 0. Hope this helps, -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: tunneling
anybody familiar with LDAP entry those with TAG can help me?? --haizam - Original Message - From: "Chris Brotsos" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, December 01, 2003 10:03 PM Subject: Re: tunneling > At 02:14 AM 12/1/2003, you wrote: > >Chris, > > > >How we gonna map below entry (with TAG) in ldap.attrmap?? and how the entry > >in LDAP will be?? > > Haizam, > > I'm not familiar with LDAP configuration. > > Chris > > > >radiusTunnelPassword : > >radiusTunnelMediumType : > >radiusTunnelType : > >radiusTunnelServerEndpoint: > > > > > > > Tunnel-Password:0 = "", > > > Tunnel-Medium-Type:0 = IP, > > > Tunnel-Type:0 = L2TP, > > > Tunnel-Server-Endpoint:0 = "xxx.xxx.xxx.xxx" > > > >--haizam > > > >- Original Message - > >From: "Chris Brotsos" <[EMAIL PROTECTED]> > >To: <[EMAIL PROTECTED]> > >Sent: Wednesday, November 19, 2003 9:40 PM > >Subject: Re: tunneling > > > > > > > >From dictionary.tunnel... > > > > > > > >ATTRIBUTE Tunnel-Type 64 integer has_tag > > > > > > > >what is mean by "has_tag"?? > > > > > > > > > > > >I'm currently working on RADIUS - MPLS-VPN project, and from example > > > >given by cisco.. Some of attributes needed for doing L2TP tunnelling > > > >are as below: > > > > > > > >Tunnel-Type = :1:L2TP > > > >Tunnel-Medium-Type = :1:IP > > > >Tunnel-Server-Endpoint = :1:172.21.9.13 > > > > > > > >So what is ":1" from ":1:L2TP" means ?? > > > > > > The ":1" is the tag, and the "has_tag" portion of the dictionary > > > definition you refer to above informs the RADIUS software that it > > > should expect (or append when necessary) certain characters as part > > > of the attribute. > > > > > > From the RFCs included in the 'rfc' sub-directory of the 'doc' > > > directory of the FreeRADIUS source code: > > > > > > Tag > > >The Tag field is one octet in length and is intended to provide a > > >means of grouping attributes in the same packet which refer to the > > >same tunnel. Valid values for this field are 0x01 through 0x1F, > > >inclusive. If the value of the Tag field is greater than 0x00 and > > >less than or equal to 0x1F, it SHOULD be interpreted as indicating > > >which tunnel (of several alternatives) this attribute pertains; > > >otherwise, the Tag field SHOULD be ignored. > > > > > > The tags mean nothing to the RADIUS server itself; the definition > > > above is explaining how the NAS is going to use/interpret the Tag. > > > > > > As well, I'm not sure which RADIUS server that syntax (e.g. > > > Tunnel-Type = :1:L2TP) is correct for, but for FreeRADIUS the > > > attributes should be configured as follows: > > > > > > Tunnel-Password:0 = "", > > > Tunnel-Medium-Type:0 = IP, > > > Tunnel-Type:0 = L2TP, > > > Tunnel-Server-Endpoint:0 = "xxx.xxx.xxx.xxx" > > > > > > HTH, > > > > > > Chris Brotsos > > > > > > > > > > > > - > > > List info/subscribe/unsubscribe? See > >http://www.freeradius.org/list/users.html > > > > > > [ Scanned by JARING E-Mail Virus Scanner ( http://www.jaring.my ) ] > > > > > > > >- > >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > [ Scanned by JARING E-Mail Virus Scanner ( http://www.jaring.my ) ] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: tunneling
At 02:14 AM 12/1/2003, you wrote: Chris, How we gonna map below entry (with TAG) in ldap.attrmap?? and how the entry in LDAP will be?? Haizam, I'm not familiar with LDAP configuration. Chris radiusTunnelPassword : radiusTunnelMediumType : radiusTunnelType : radiusTunnelServerEndpoint: > Tunnel-Password:0 = "", > Tunnel-Medium-Type:0 = IP, > Tunnel-Type:0 = L2TP, > Tunnel-Server-Endpoint:0 = "xxx.xxx.xxx.xxx" --haizam - Original Message - From: "Chris Brotsos" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, November 19, 2003 9:40 PM Subject: Re: tunneling > >From dictionary.tunnel... > > > >ATTRIBUTE Tunnel-Type 64 integer has_tag > > > >what is mean by "has_tag"?? > > > > > >I'm currently working on RADIUS - MPLS-VPN project, and from example > >given by cisco.. Some of attributes needed for doing L2TP tunnelling > >are as below: > > > >Tunnel-Type = :1:L2TP > >Tunnel-Medium-Type = :1:IP > >Tunnel-Server-Endpoint = :1:172.21.9.13 > > > >So what is ":1" from ":1:L2TP" means ?? > > The ":1" is the tag, and the "has_tag" portion of the dictionary > definition you refer to above informs the RADIUS software that it > should expect (or append when necessary) certain characters as part > of the attribute. > > From the RFCs included in the 'rfc' sub-directory of the 'doc' > directory of the FreeRADIUS source code: > > Tag >The Tag field is one octet in length and is intended to provide a >means of grouping attributes in the same packet which refer to the >same tunnel. Valid values for this field are 0x01 through 0x1F, >inclusive. If the value of the Tag field is greater than 0x00 and >less than or equal to 0x1F, it SHOULD be interpreted as indicating >which tunnel (of several alternatives) this attribute pertains; >otherwise, the Tag field SHOULD be ignored. > > The tags mean nothing to the RADIUS server itself; the definition > above is explaining how the NAS is going to use/interpret the Tag. > > As well, I'm not sure which RADIUS server that syntax (e.g. > Tunnel-Type = :1:L2TP) is correct for, but for FreeRADIUS the > attributes should be configured as follows: > > Tunnel-Password:0 = "", > Tunnel-Medium-Type:0 = IP, > Tunnel-Type:0 = L2TP, > Tunnel-Server-Endpoint:0 = "xxx.xxx.xxx.xxx" > > HTH, > > Chris Brotsos > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > [ Scanned by JARING E-Mail Virus Scanner ( http://www.jaring.my ) ] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: tunneling
Chris, How we gonna map below entry (with TAG) in ldap.attrmap?? and how the entry in LDAP will be?? radiusTunnelPassword : radiusTunnelMediumType : radiusTunnelType : radiusTunnelServerEndpoint: > Tunnel-Password:0 = "", > Tunnel-Medium-Type:0 = IP, > Tunnel-Type:0 = L2TP, > Tunnel-Server-Endpoint:0 = "xxx.xxx.xxx.xxx" --haizam - Original Message - From: "Chris Brotsos" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, November 19, 2003 9:40 PM Subject: Re: tunneling > >From dictionary.tunnel... > > > >ATTRIBUTE Tunnel-Type 64 integer has_tag > > > >what is mean by "has_tag"?? > > > > > >I'm currently working on RADIUS - MPLS-VPN project, and from example > >given by cisco.. Some of attributes needed for doing L2TP tunnelling > >are as below: > > > >Tunnel-Type = :1:L2TP > >Tunnel-Medium-Type = :1:IP > >Tunnel-Server-Endpoint = :1:172.21.9.13 > > > >So what is ":1" from ":1:L2TP" means ?? > > The ":1" is the tag, and the "has_tag" portion of the dictionary > definition you refer to above informs the RADIUS software that it > should expect (or append when necessary) certain characters as part > of the attribute. > > From the RFCs included in the 'rfc' sub-directory of the 'doc' > directory of the FreeRADIUS source code: > > Tag >The Tag field is one octet in length and is intended to provide a >means of grouping attributes in the same packet which refer to the >same tunnel. Valid values for this field are 0x01 through 0x1F, >inclusive. If the value of the Tag field is greater than 0x00 and >less than or equal to 0x1F, it SHOULD be interpreted as indicating >which tunnel (of several alternatives) this attribute pertains; >otherwise, the Tag field SHOULD be ignored. > > The tags mean nothing to the RADIUS server itself; the definition > above is explaining how the NAS is going to use/interpret the Tag. > > As well, I'm not sure which RADIUS server that syntax (e.g. > Tunnel-Type = :1:L2TP) is correct for, but for FreeRADIUS the > attributes should be configured as follows: > > Tunnel-Password:0 = "", > Tunnel-Medium-Type:0 = IP, > Tunnel-Type:0 = L2TP, > Tunnel-Server-Endpoint:0 = "xxx.xxx.xxx.xxx" > > HTH, > > Chris Brotsos > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > [ Scanned by JARING E-Mail Virus Scanner ( http://www.jaring.my ) ] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: tunneling
From dictionary.tunnel... ATTRIBUTE Tunnel-Type 64 integer has_tag what is mean by "has_tag"?? I'm currently working on RADIUS - MPLS-VPN project, and from example given by cisco.. Some of attributes needed for doing L2TP tunnelling are as below: Tunnel-Type = :1:L2TP Tunnel-Medium-Type = :1:IP Tunnel-Server-Endpoint = :1:172.21.9.13 So what is ":1" from ":1:L2TP" means ?? The ":1" is the tag, and the "has_tag" portion of the dictionary definition you refer to above informs the RADIUS software that it should expect (or append when necessary) certain characters as part of the attribute. From the RFCs included in the 'rfc' sub-directory of the 'doc' directory of the FreeRADIUS source code: Tag The Tag field is one octet in length and is intended to provide a means of grouping attributes in the same packet which refer to the same tunnel. Valid values for this field are 0x01 through 0x1F, inclusive. If the value of the Tag field is greater than 0x00 and less than or equal to 0x1F, it SHOULD be interpreted as indicating which tunnel (of several alternatives) this attribute pertains; otherwise, the Tag field SHOULD be ignored. The tags mean nothing to the RADIUS server itself; the definition above is explaining how the NAS is going to use/interpret the Tag. As well, I'm not sure which RADIUS server that syntax (e.g. Tunnel-Type = :1:L2TP) is correct for, but for FreeRADIUS the attributes should be configured as follows: Tunnel-Password:0 = "", Tunnel-Medium-Type:0 = IP, Tunnel-Type:0 = L2TP, Tunnel-Server-Endpoint:0 = "xxx.xxx.xxx.xxx" HTH, Chris Brotsos - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html