FreeRADIUS Win32 Binary Distribution?
Is there any reason no one has yet made available FreeRADIUS Win32 binaries for Distribution? I have built 1.0.2 with Cygwin and have put together a basic install wrapper. I have done some investigation with respect to distribution of the required Cygwin binaries... and could find no obvious reason these could not be included with the package as long as the source was available upon request. With a little guidance I'm sure this could be made available to freely download, I am willing to host. Any thoughts or objections? Jeff - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeRADIUS Win32 Binary Distribution?
The Site and the binaries are still well under construction... but both appear to function at first glance ;) I've done some successful testing with radclient.exe... I expect in the next few days I will test further against some real gear with various eap-types. If you are interested in trying a win32 version of FreeRADIUS please feel free to visit http://www.bootstick.com/freeradius. Any and all feedback is welcome... be kind I'm new at this. Thanks, Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Saturday, March 19, 2005 7:50 PM To: freeradius-users@lists.freeradius.org Subject: Re: FreeRADIUS Win32 Binary Distribution? "Jeff Reilly" <[EMAIL PROTECTED]> wrote: > Is there any reason no one has yet made available FreeRADIUS Win32 binaries > for Distribution? No one has built them, I guess. I do some testing under Interix, but I'm not sure if those binaries will work on a plain XP system. > With a little guidance I'm sure this could be made available to freely > download, I am willing to host. Sure. Build them. put them on a web page, and we'll point to them. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: 802.1x
Alex, Features such as 'bandwidth and port blocking" (if any) are allocated/configured on the _NAS_ (in this case a NAS port) via AV pair/s provided by RADIUS... the '802.1x Supplicant" (Client/Endpoint) in simple terms... provides a secure/standard conduit which facilitates the communication of credentials (from the Supplicant to the Authenticator). The '802.1x Authenticator" (or NAS) _MAY_ provision/enforce Authorization for the specific endpoint in the context of a user or group... The management & granularity of this functionality verifies greatly by switch vendor as a result providing this functionality across a multi-vendor environment... in a large scale deployment... is often too complex to seriously consider. jmr Original Message Subject: RE: 802.1xFrom: "Alex M" <[EMAIL PROTECTED]>Date: Wed, November 02, 2005 9:10 amTo: "'FreeRadius users mailing list'"Now im totally lost...Can u give me an example what 802.1x does?-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of AlanDeKokSent: Wednesday, November 02, 2005 11:04 AMTo: FreeRadius users mailing listSubject: Re: 802.1x "Alex M" <[EMAIL PROTECTED]> wrote:> So then such features as bandwidth and port blocking could be controlledvia> 802.1x? No. Alan DeKok.- List info/subscribe/unsubscribe? Seehttp://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: 802.1x
AV = ATTRIBUTE VALUE D-Link what? D-Link makes lots of stuff... generally great price... but not the most feature rich products. To get the features you desire you'll likely need a higher-end box. I'm not a big proponent of "pitching" specific products in this forum. Suffice it to say there are vendors that will (or attempt) to provide CoS / filtering on Wireless... jmr Original Message Subject: RE: 802.1xFrom: "Alex M" <[EMAIL PROTECTED]>Date: Wed, November 02, 2005 10:04 amTo: "'FreeRadius users mailing list'" Ok I got it By the way what is AV pair? And how do you get NAS related attributes to control bandwidth from vendors? Like if im using D-Link how could I get attributes from them? Thanks! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff ReillySent: Wednesday, November 02, 2005 11:53 AMTo: FreeRadius users mailing listSubject: RE: 802.1x Alex, Features such as 'bandwidth and port blocking" (if any) are allocated/configured on the _NAS_ (in this case a NAS port) via AV pair/s provided by RADIUS... the '802.1x Supplicant" (Client/Endpoint) in simple terms... provides a secure/standard conduit which facilitates the communication of credentials (from the Supplicant to the Authenticator). The '802.1x Authenticator" (or NAS) _MAY_ provision/enforce Authorization for the specific endpoint in the context of a user or group... The management & granularity of this functionality verifies greatly by switch vendor as a result providing this functionality across a multi-vendor environment... in a large scale deployment... is often too complex to seriously consider. jmr Original Message Subject: RE: 802.1xFrom: "Alex M" <[EMAIL PROTECTED]>Date: Wed, November 02, 2005 9:10 amTo: "'FreeRadius users mailing list'"Now im totally lost...Can u give me an example what 802.1x does?-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of AlanDeKokSent: Wednesday, November 02, 2005 11:04 AMTo: FreeRadius users mailing listSubject: Re: 802.1x "Alex M" <[EMAIL PROTECTED]> wrote:> So then such features as bandwidth and port blocking could be controlledvia> 802.1x? No. Alan DeKok.- List info/subscribe/unsubscribe? Seehttp://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: 802.1x
I have no experience with the opensouce efforts you mention below... Original Message Subject: RE: 802.1xFrom: "Alex M" <[EMAIL PROTECTED]>Date: Wed, November 02, 2005 11:19 amTo: "'FreeRadius users mailing list'" Ok, will call Dlink to see if that have something (the hotspot itself has that functionality internally though) Also do you know if opensources such as NoCAT and ChillBox support such features? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff ReillySent: Wednesday, November 02, 2005 1:08 PMTo: FreeRadius users mailing listSubject: RE: 802.1x AV = ATTRIBUTE VALUE D-Link what? D-Link makes lots of stuff... generally great price... but not the most feature rich products. To get the features you desire you'll likely need a higher-end box. I'm not a big proponent of "pitching" specific products in this forum. Suffice it to say there are vendors that will (or attempt) to provide CoS / filtering on Wireless... jmr Original Message Subject: RE: 802.1xFrom: "Alex M" <[EMAIL PROTECTED]>Date: Wed, November 02, 2005 10:04 amTo: "'FreeRadius users mailing list'" Ok I got it By the way what is AV pair? And how do you get NAS related attributes to control bandwidth from vendors? Like if im using D-Link how could I get attributes from them? Thanks! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff ReillySent: Wednesday, November 02, 2005 11:53 AMTo: FreeRadius users mailing listSubject: RE: 802.1x Alex, Features such as 'bandwidth and port blocking" (if any) are allocated/configured on the _NAS_ (in this case a NAS port) via AV pair/s provided by RADIUS... the '802.1x Supplicant" (Client/Endpoint) in simple terms... provides a secure/standard conduit which facilitates the communication of credentials (from the Supplicant to the Authenticator). The '802.1x Authenticator" (or NAS) _MAY_ provision/enforce Authorization for the specific endpoint in the context of a user or group... The management & granularity of this functionality verifies greatly by switch vendor as a result providing this functionality across a multi-vendor environment... in a large scale deployment... is often too complex to seriously consider. jmr Original Message Subject: RE: 802.1xFrom: "Alex M" <[EMAIL PROTECTED]>Date: Wed, November 02, 2005 9:10 amTo: "'FreeRadius users mailing list'"Now im totally lost...Can u give me an example what 802.1x does?-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of AlanDeKokSent: Wednesday, November 02, 2005 11:04 AMTo: FreeRadius users mailing listSubject: Re: 802.1x "Alex M" <[EMAIL PROTECTED]> wrote:> So then such features as bandwidth and port blocking could be controlledvia> 802.1x? No. Alan DeKok.- List info/subscribe/unsubscribe? Seehttp://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: assigning a vlan-id after successful authentication
First, this information is well documented both by ProCurve and in RFC3580. That said the AV pairs you're looking for are as follows: Tunnel-Medium-Type = 802 Tunnel-Private-Group-ID = 123 (the VLAN) Tunnel-Type = VLAN Jeff Original Message Subject: assigning a vlan-id after successful authenticationFrom: Sven Juergensen <[EMAIL PROTECTED]>Date: Fri, November 11, 2005 8:48 pmTo: freeradius-users@lists.freeradius.orghello people,how does the above mentioned work? i amnot quite sure where to start. is itembedded in the 'Reply-Message' or doesit have to do with the tunnel-types?i'm trying to supply a vlan-id to anhp2626 with mac-based authentication.couldn't find this in the faq orrelevant conf-files either - what ami missing?thanks alot in advance,sven- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: assigning a vlan-id after successful authentication
The 2626 supports 1 VLAN per port. I'm not sure exactly how the 2626 deals with multiple supplicants... but I would bet (based on passed experience on other switches)... the 2626 ignores all 802.1x (EAP Starts) from any subsequent endpoints after the first successful authentication (until the port sees link-down or an EAP logoff form the original supplicant). Whatever provisioning (VLANs in your case) is based on the first endpoints authentication/authorization all other endpoints will share the same level of access as the first (authenticated supplicant). Jeff Original Message Subject: RE: assigning a vlan-id after successful authenticationFrom: "Seferovic Edvin" <[EMAIL PROTECTED]>Date: Sun, November 13, 2005 2:35 pmTo: "'FreeRadius users mailing list'" Sure but that ain't working.. at least not on my switches and don't ask me why... I usually have 2-3 computers on one port ( but computers have the same VLANID in RADIUS ), so might that be the problem? Regards, Edvin Seferovic From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff ReillySent: Sonntag, 13. November 2005 21:58To: FreeRadius users mailing listSubject: RE: assigning a vlan-id after successful authentication First, this information is well documented both by ProCurve and in RFC3580. That said the AV pairs you're looking for are as follows: Tunnel-Medium-Type = 802 Tunnel-Private-Group-ID = 123 (the VLAN) Tunnel-Type = VLAN Jeff Original Message Subject: assigning a vlan-id after successful authenticationFrom: Sven Juergensen <[EMAIL PROTECTED]>Date: Fri, November 11, 2005 8:48 pmTo: freeradius-users@lists.freeradius.orghello people,how does the above mentioned work? i amnot quite sure where to start. is itembedded in the 'Reply-Message' or doesit have to do with the tunnel-types?i'm trying to supply a vlan-id to anhp2626 with mac-based authentication.couldn't find this in the faq orrelevant conf-files either - what ami missing?thanks alot in advance,sven- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
