[SOLVED] [PARTIALLY] Request for directions: WinXP + Samba + LDAP + 802.1x
>Well, default eap module knows about this type. Have you been playing with >eap.conf? I touched, yes. But I had stripped mschap conf from default vhost and that was just wrong... Now everything is partially working. If client has already logged on (auth info cached by XP), he needs to restart the network connection for it to authenticate against freeradius. So, I'll try to understand what do I have to do so XP machines uses auth info during logon process to auth against freeradius. -- Fabiano Caixeta Duarte Especialista em Redes de Computadores Linux User #195299 Ribeirão Preto - SP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Request for directions: WinXP + Samba + LDAP + 802.1x
2009/12/15 nf-vale : > Have you defined Auth-Type in users file to mschapv2 (don't do it)? What is > the > configuration for this user in the users file? Not really. Actually, the users file is empty since my users info are stored on openldap. -- Fabiano Caixeta Duarte Especialista em Redes de Computadores Linux User #195299 Ribeirão Preto - SP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fwd: Request for directions: WinXP + Samba + LDAP + 802.1x
2009/12/15 Alan Buxey :
> hi,
>
> adjust your matching ocndition in ldap - fix the :- issue
You mean a substitute for
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
???
> adjust your LDAP assignments so that Cleartext-Password is known.
I use OpenLDAP with hashed passwords.
> does the LDAP store the password in a clear format or as some
> encrypted/hashed method? is this MS AD?
No.
> we us ntlm_auth to authenticate users against the MS AD - simply
> bind the machine into the AD and then we dont need to worry about
> plain password etc MSCHAPv2 all the way.
That's not my environment.
Thank you though
--
Fabiano Caixeta Duarte
Especialista em Redes de Computadores
Linux User #195299
Ribeirão Preto - SP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fwd: Request for directions: WinXP + Samba + LDAP + 802.1x
EAP-Message = 0x04250004
Message-Authenticator = 0x
[peap] Got tunneled reply RADIUS code 3
Filter-Id = "Enterasys:version=1:policy=Enterprise User"
EAP-Message = 0x04250004
Message-Authenticator = 0x
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.205.29 port 49154
EAP-Message =
0x012600261900170301001b5cfd418b7da0ea2be30d04270a1403956143966fe487e0870c4b57
Message-Authenticator = 0x
State = 0x9bb6fc759c90e55343410152d73b1dba
Finished request 16.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.205.29 port 49154,
id=0, length=125
Cleaning up request 16 ID 0 with timestamp +1232
NAS-IP-Address = 192.168.205.29
NAS-Port-Type = Ethernet
NAS-Port = 2
User-Name = "DOMAIN\\sti"
State = 0x9bb6fc759c90e55343410152d73b1dba
EAP-Message =
0x022600261900170301001b21b51585f6a2a91a76b4b00b320ac2a87db1c24bf9bfa298197bf1
Message-Authenticator = 0x30d1290632d45610b95a3253910ba83b
+- entering group authorize {...}
++[preprocess] returns ok
[ntdomain] Looking up realm "DOMAIN" for User-Name = "DOMAIN\sti"
[ntdomain] Found realm "DOMAIN"
[ntdomain] Adding Stripped-User-Name = "sti"
[ntdomain] Adding Realm = "DOMAIN"
[ntdomain] Authentication realm is LOCAL.
++[ntdomain] returns ok
[eap] EAP packet type response id 38 length 38
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Had sent TLV failure. User was rejected earlier in this session.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect: [DOMAIN\\sti/] (from client tplink port 2)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> DOMAIN\sti
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 17 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 17
Sending Access-Reject of id 0 to 192.168.205.29 port 49154
EAP-Message = 0x04260004
Message-Authenticator = 0x
Waking up in 4.9 seconds.
Cleaning up request 17 ID 0 with timestamp +1232
Ready to process requests.
> And how can I set XP for it to try authenticate during logon proccess?
That first question still remains
--
Fabiano Caixeta Duarte
Especialista em Redes de Computadores
Linux User #195299
Ribeirão Preto - SP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Request for directions: WinXP + Samba + LDAP + 802.1x
2009/12/11 Alan DeKok : > Fabiano Caixeta Duarte wrote: >> Maybe I didn't make myself clear. >> >> I don't have AD and don't wanna. I did set clients to use 802.1x. >> >> Maybe I should ask: how do I set clients? PEAP? MS-CHAPv2? MD5? But it >> would depend on what you'd answer about my first question. > > No. The question "how do I set clients" is meaningless. > >> I know I'm lacking of knowledge. That's why I'm looking for your guidance. > > If you are storing passwords in LDAP, then *you* know where the > passwords are stored. Configure FreeRADIUS to use LDAP authentication. > Configure it to do 802.1X. There is documentation and configuration > examples for both. > Mr. Alan, Somehow we started with the wrong foot. Sorry if I did something wrong. In my first post I told you that freeradius is set (with some mistakes thanks to my lack of knowledge) and working (tested with radtest). I'll try to improve on writing to make myself clear. Thank you all for your attention. PS: My last post shows what I've done so far. -- Fabiano Caixeta Duarte Especialista em Redes de Computadores Linux User #195299 Ribeirão Preto - SP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Request for directions: WinXP + Samba + LDAP + 802.1x
2009/12/11 nf-vale :
> On Friday 11 December 2009 11:59:33 Fabiano Caixeta Duarte wrote:
>> Maybe I didn't make myself clear.
>>
>> I don't have AD and don't wanna. I did set clients to use 802.1x
>>
>> Maybe I should ask: how do I set clients? PEAP? MS-CHAPv2? MD5? But it
>> would depend on what you'd answer about my first question.
>
> Set XP clients to use 802.1x PEAP and don't forget to add your nas client
> (switch) to the clients.conf file in radius.
>
> You should provide some more info about your current configuration (freeradius
> version, files modified by you, etc) and at least some debug (radiusd -X)
> from
> a client authentication request for people to understand were have you get so
> far.
Ok. Let's follow that path.
The confs I touched:
eap.conf:
eap {
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 2048
md5 {
}
leap {
}
gtc {
auth_type = PAP
}
tls {
certdir = ${confdir}/certs
cadir = ${confdir}/certs
private_key_password = whatever
private_key_file = ${certdir}/server.pem
certificate_file = ${certdir}/server.pem
CA_file = ${cadir}/ca.pem
dh_file = ${certdir}/dh
random_file = ${certdir}/random
cipher_list = "DEFAULT"
make_cert_command = "${certdir}/bootstrap"
cache {
enable = no
max_entries = 255
}
}
ttls {
default_eap_type = md5
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
}
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
}
mschapv2 {
}
}
modules/ldap:
ldap {
server = "sti-teste.domain.br"
identity = "cn=system,dc=domain,dc=br"
password = secret
basedn = "ou=Users,dc=domain,dc=br"
base_filter = "(objectclass=radiusprofile)"
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
tls {
start_tls = no
}
access_attr = "radiusFilterId"
dictionary_mapping = ${confdir}/ldap.attrmap
authtype = ldap
edir_account_policy_check = no
}
sites-enabled/inner-tunnel:
server inner-tunnel {
authorize {
chap
mschap
unix
suffix
update control {
Proxy-To-Realm := LOCAL
}
eap {
ok = return
}
files
ldap
expiration
logintime
pap
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
unix
Auth-Type LDAP {
ldap
}
eap
}
session {
radutmp
}
post-auth {
Post-Auth-Type REJECT {
attr_filter.access_reject
}
}
pre-proxy {
}
post-proxy {
eap
}
clients.conf:
client angelina {
ipaddr = 192.168.205.6
secret = testing123
}
client tplink {
ipaddr = 192.168.205.29
secret = testing123
}
# radtest teste secret angelina 1812 testing123
Sending Access-Request of id 48 to 192.168.205.6 port 1812
User-Name = "teste"
User-Password = "secret"
NAS-IP-Address = 192.168.205.6
NAS-Port = 1812
rad_recv: Access-Accept packet from host 192.168.205.6 port 1812,
id=48, length=64
Filter-Id = "Enterasys:version=1:policy=Enterprise User"
--
Fabiano Caixeta Duarte
Especialista em Redes de Computadores
Linux User #195299
Ribeirão Preto - SP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Request for directions: WinXP + Samba + LDAP + 802.1x
Maybe I didn't make myself clear. I don't have AD and don't wanna. I did set clients to use 802.1x. Maybe I should ask: how do I set clients? PEAP? MS-CHAPv2? MD5? But it would depend on what you'd answer about my first question. I know I'm lacking of knowledge. That's why I'm looking for your guidance. I thank you again. 2009/12/11 Alan DeKok : > Fabiano Caixeta Duarte wrote: >> The problem is: user don't get authorized on samba domain because the >> switch port is locked waiting for 802.1x auth. > > Then configure 802.1X. > >> What I got so far? >> >> I have a freeradius daemon using LDAP as user database. The LDAP >> entries are shared by samba and freeradius. > > http://deployingradius.com/documents/configuration/active_directory.html > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Fabiano Caixeta Duarte Especialista em Redes de Computadores Linux User #195299 Ribeirão Preto - SP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Request for directions: WinXP + Samba + LDAP + 802.1x
Fellows, I have a samba+ldap domain with a bunch of WinXP clients. I intend to get those clients to get access on switch through 802.1x authentication. The problem is: user don't get authorized on samba domain because the switch port is locked waiting for 802.1x auth. What I got so far? I have a freeradius daemon using LDAP as user database. The LDAP entries are shared by samba and freeradius. It's tested locally with radtest. Can you give me the next step? Is there some specific docs on that subject? I found lots of docs talking about AD and ntlm_auth. That's not what I'm looking for. Many thanks in advance. -- Fabiano Caixeta Duarte Especialista em Redes de Computadores Linux User #195299 Ribeirão Preto - SP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SQL multiple passwords for same user
Hi, Is there any way to make freeradius check against multiple passwords for the same user in a mysql database ? In the case of an OTP, there are multiple passwords to check, because of time difference between server and client, therefore I need freeradius to try auth on multiple passwords in a table, for the same user. Is this possible ? Thanks a lot Fab - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using Exec-Program-Wait for MOTP (mobile OTP) with MSCHAPv2
Alan DeKok a écrit : Fabiano wrote: A database? You should know what the *correct* password is, otherwise you don't be able to authenticate the user. You mean, for example making the OTP script (doing exactly the contrary of what it actually does) write the password every 10 seconds to a database for every user and then let freeradius check the db ? Is this the only way ? It would help if you described what you are trying to do, and why. Alan, I am using a firewall (m0n0.ch, based on FreeBSD) which has a PPTP server accepting only MSCHAPv2 auth. This PPTP server uses an internal database with flatfiles for authenticating VPN users but also offers auth through an external radius server. I thought that I could use the motp.sf.net project to make mobile clients (using cell phones qnd the j2me applet) authenticate with this setup. The MOTP project offers a shellscript named otverify.sh which waits some arguments to verify the client (Username, OTP, Init-Secret, PIN, Time Offset). Username and OTP are given by the VPN client Init-Secret, PIN and Time Offset are specified in the radius users file. Normally, this is done using xtradius, executing the script as external application and giving the arguments to it. The script answers ACCEPT or FAIL for final auth. That's it. I'm stuck here, having MSCHAPv2 clients and an auth script not useable with MSCHAPv2 auth. I have also tried this with the supplied PAM motp module, but as you said this is not possible. I had successful auths using radtest, but that's all... ;) I think that what I will try is rewrite the script in perl to generate the passwords every x seconds to a database and then make freeradius auth against the db entries. Do you think this is the best way ? Thanks again. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using Exec-Program-Wait for MOTP (mobile OTP) with MSCHAPv2
Alan DeKok a écrit : Fabiano wrote: Can you point me to a document or website where the following mechanism is described well ? ie MSCHAPv2 Radius Client -> Freeradius does the MSCHAPv2 challenge ? -> auth is delegated to external script receiving attributes like username and password in clear -> external script gives the auth ok answer -> Freeradius gives the auth accepted answer to the MSCHAPv2 Radius client. MS-CHAP doesn't work this way. You CANNOT give a cleartext password to an external script by looking at the MS-CHAP data. It is *impossible*. Ok, thanks. The part I don't understand is how does this MSCHAPv2 auth work in Freeradius, and how the external script could get the attributes when the MSCHAPv2 challenge password is encrypted ? Does it mean that I have to implement the MSCHAPv2 challenge auth by myself, entirely in the external script ? No. You tell the server what the correct password is, and it does the MS-CHAP calculations to authenticate the user. Concerning the cleartext password; In your previous message, you say : "get it from somewhere" but I can' figure out how... A database? You should know what the *correct* password is, otherwise you don't be able to authenticate the user. You mean, for example making the OTP script (doing exactly the contrary of what it actually does) write the password every 10 seconds to a database for every user and then let freeradius check the db ? Is this the only way ? Thanks again ! Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using Exec-Program-Wait for MOTP (mobile OTP) with MSCHAPv2
Alan, Thanks for your answer. Can you point me to a document or website where the following mechanism is described well ? ie MSCHAPv2 Radius Client -> Freeradius does the MSCHAPv2 challenge ? -> auth is delegated to external script receiving attributes like username and password in clear -> external script gives the auth ok answer -> Freeradius gives the auth accepted answer to the MSCHAPv2 Radius client. The part I don't understand is how does this MSCHAPv2 auth work in Freeradius, and how the external script could get the attributes when the MSCHAPv2 challenge password is encrypted ? Does it mean that I have to implement the MSCHAPv2 challenge auth by myself, entirely in the external script ? Concerning the cleartext password; In your previous message, you say : "get it from somewhere" but I can' figure out how... Thanks a lot Best regards Fab Alan DeKok wrote : Fabiano wrote: Hello, Does anyone know where I can find some information on how to use the following in freeradius ? I have an external shell script which awaits arguments (username, clear password, and other arguments) and returns an answer for validation. The problem is that I cannot find any lead on how to do this while using MSCHAPv2... $ man unlang Then, run the script in the post-auth section. And I am not sure how to do this with Exec-Program-Wait. Is this possible without rewriting the module in C ? Is there any way to have the cleartext password sent to the external script ? Sure. Get it from somewhere, and then send it to the script. Alan DeKok. - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Using Exec-Program-Wait for MOTP (mobile OTP) with MSCHAPv2
Hello, Does anyone know where I can find some information on how to use the following in freeradius ? I have an external shell script which awaits arguments (username, clear password, and other arguments) and returns an answer for validation. The problem is that I cannot find any lead on how to do this while using MSCHAPv2... And I am not sure how to do this with Exec-Program-Wait. Is this possible without rewriting the module in C ? Is there any way to have the cleartext password sent to the external script ? Thanks a lot Fab - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mysql and usage of radgroupcheck
Anne,The only diference from your table radgroup and my is the value priority. All entries in my radgroup table has "1" as priority.I really don't know if make sense... Try it and check if will run Regards,FabianoOn 11/14/06, Anne-Mie Vandermeeren <[EMAIL PROTECTED] > wrote:I have set up Freeradius working fine with a users-file. I did some tests to change to Mysql and all was ok, until I want to add some conditions forusers in more than one group.This looks like a simple setup for Mysql, but it's not working as Ithought it would:mysql> select * from usergroup; +--+---+--+| UserName | GroupName | priority |+--+---+--+| user1| Group1|1 || user1| Group2|2 |+--+---+--+ 2 rows in set (0.00 sec)mysql> select * from radcheck;++--+---+++| id | UserName | Attribute | op | Value |++--+---+++ | 1 | user1| User-Password | == | paswoordje |++--+---+++1 row in set (0.00 sec)mysql> select * from radreply;Empty set (0.00 sec)mysql> select * from radgroupcheck; ++---+++--+| id | GroupName | Attribute | op | Value|++---+++--+| 1 | Group1| NAS-IP-Address | == | 172.16.224.1 || 2 | Group2| NAS-IP-Address | == | 172.16.224.2 |++---+++--+2 rows in set (0.01 sec)mysql> select * from radgroupreply;++---+---++--+| id | GroupName | Attribute | op | Value|++---+---++--+| 1 | Group1| Class | := | groepje1 | | 2 | Group2| Class | := | groepje2 |++---+---++--+2 rows in set (0.00 sec)I use ntradping to check the setup.When I use NAS-IP-Address = 172.16.224.1 I get the correct class(groepje1), but when I use the NAS-IP-Address = 172.16.224.2 I get areject and not as I was expecting the class-attribute groepje2. I can't figure out why this is the case.The debug output is not helping me, either. Anyone a suggestion on solvingthis? DEBUG output for NAS-IP-Address = 172.16.224.1--rad_recv: Access-Request packet from host 157.193.39.138:3674, id=65,length=51User-Name = "user1"User-Password = "paswoordje"NAS-IP-Address = 172.16.224.1Tue Nov 14 16:37:17 2006 : Debug: Processing the authorize section ofradiusd.confTue Nov 14 16:37:17 2006 : Debug: modcall: entering group authorize forrequest 37Tue Nov 14 16:37:17 2006 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 37Tue Nov 14 16:37:17 2006 : Debug: modsingle[authorize]: returned frompreprocess (rlm_preprocess) for request 37Tue Nov 14 16:37:17 2006 : Debug: modcall[authorize]: module "preprocess" returns ok for request 37Tue Nov 14 16:37:17 2006 : Debug: modsingle[authorize]: calling chap(rlm_chap) for request 37Tue Nov 14 16:37:17 2006 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 37Tue Nov 14 16:37:17 2006 : Debug: modcall[authorize]: module "chap"returns noop for request 37Tue Nov 14 16:37:17 2006 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 37Tue Nov 14 16:37:17 2006 : Debug: modsingle[authorize]: returned frommschap (rlm_mschap) for request 37Tue Nov 14 16:37:17 2006 : Debug: modcall[authorize]: module "mschap" returns noop for request 37Tue Nov 14 16:37:17 2006 : Debug: modsingle[authorize]: calling suffix(rlm_realm) for request 37Tue Nov 14 16:37:17 2006 : Debug: rlm_realm: No '@' in User-Name ="user1", looking up realm NULL Tue Nov 14 16:37:17 2006 : Debug: rlm_realm: No such realm "NULL"Tue Nov 14 16:37:17 2006 : Debug: modsingle[authorize]: returned fromsuffix (rlm_realm) for request 37Tue Nov 14 16:37:17 2006 : Debug: modcall[authorize]: module "suffix" returns noop for request 37Tue Nov 14 16:37:17 2006 : Debug: modsingle[authorize]: calling eap(rlm_eap) for request 37Tue Nov 14 16:37:17 2006 : Debug: rlm_eap: No EAP-Message, not doing EAPTue Nov 14 16:37:17 2006 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 37Tue Nov 14 16:37:17 2006 : Debug: modcall[authorize]: module "eap"returns noop for request 37Tue Nov 14 16:37:17 2006 : Debug: modsingle[authorize]: calling files (rlm_files) for request 37Tue Nov 14 16:37:17 2006 : Debug: modsingle[authorize]: returned fromfiles (rlm_files) for request 37Tue Nov 14 16:37:17 2006 : Debug: modcall[authorize]: module "files" returns notfound for request 37Tue Nov 14 16:37:17 2006 : Debug: modsingle[authorize]: calling sql(rlm_sql) for request 37Tue Nov 14 16:37:17 2006 : Debug: radius_xlat: 'user1'Tue Nov 14 16:37:17 2006 : Debug: rlm_sql (sql): sql_set_user escaped user --> 'user1'Tue Nov 14 16:37:17 2006 : Debug: radius_xlat: 'SELECT id,
Re: MySQL : where is db_mysql.sql from FreeRadius ?
Bruno, In my version Freeradius 1.1.1 the mentioned file is located in /usr/share/doc/freeradius/examples/db_mysql.sql.gz Unpack the .gz file and the .sql file with querys to create the freeradius database will be ready to use. Regards Fabiano Bruno Costacurta wrote: Hello, as I'm trying to configure FreeRadius to use MySQL, I downloaded v1.1.3 but I cannot find file 'db_mysql.sql' (use to create needed tables) in related directory src/modules/rlm_sql/drivers/rlm_sql_mysql/ as it is mentionned in the doc. Where can I find db_mysql.sql ? Thanks. Bye, Bruno - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sqlcounter
Hi All!! I would like to know if someone knows some DOC about sqlcounter implementation. I've benn searching with no sucess about this... It's frustrating... there is no documents about. I'm trying to put it to run on my freeradius server... If someone knows how to give me some hint, it will be welcome! Regards, Fabiano - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mysql problem
Hi there, i have freeradius working fine with mysql authentication. The problem is that the User-Password is stored in mysql table as clear text. Is there a way to crypt that? Thanx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
IP address allocation based on Calling-station-id
Hi all, I have an application running on a server which stores data sent from GPRS phones. In order to do it without traversing the internet, the telco created me an APN which my GPRS phones will use to connect to my server. But my server's application also needs to connect back to the phones, for example, to reprogramm some parameters, and I can't do it because the phone's IPs are changing all the time. One way to solve it is assign IP address statically. So, they told me that what I can do is set up a table on my Radius server with all my phone numbers on one column and the desired IP address on the other, so everytime the user logs in and requests an IP address, i'll assign the same. I've runned some tests and the phone's number comes on the calling-station-id attribute, inside the authentication request. Is possible on freeradius to assign IP address based on the calling-station-id attribute? How can I accomplish this? Best regards and thanks!!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
