Re: dyndns.org domain in Clients.conf
Hi! YvesDM wrote: How i can use nas identifier attribute?? client.conf needs an ip however ?? i'm very confused. In clients.conf use 0.0.0.0/0 and make sure your shared secret is long and strong. A small note if you really want to do this: in 2.0, this will only match for the exact address 0.0.0.0, and not for all IP addresses anymore, like it does in 1.x. You can work around this by using two entries, one for 0.0.0.0/1 and one for 128.0.0.0/1. I don't think this is a very good idea anyway (Yes, I do use it myself, but that is for a very nonstandard and non-production setup on an isolated network, not for an internet-connected server.) Gtnx Marcel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: VLAN assigment and Alcatel Omniswitch 7800
Hi Oxiel! I've added the Alcatel-Auth-Group attribute to dictionary.alcatel like these: ATTRIBUTE Alcatel-Auth-Group 134 integer and modified users file like these: Tunnel-Type += 13, Tunnel-Medium-Type += 6, Alcatel-Auth-Group += 3 I'm afraid you added it in the wrong place, dictionary.alcatel does not contain the VSAs for Omniswitches (Alcatel-Lucent has multiple dictionaries for different products, dictionary.alcatel appears to be for a BRAS, not for an enterprise switch). The dictionary you're looking for is dictionary.xylan; the easiest way is to use Xylan-Auth-Group for sending your VLAN (The name isn't really that important, what is important is that the number for the attribute is correct (1 in this case) and that it is defined with the proper vendor number (800 for Omniswitches)). Gtnx Marcel (The disclaimer again, just to prevent trouble) This mail does not represent Alcatel-Lucent in any way. Everything I have written in this mail is either my opinion or information I interpreted from publically available documents (I found the manuals through Google on a server that, judging from its name, is open for public access). I don't work in a department that has anything to do with Omniswitches and have not used them myself. Because of that, this information may be inaccurate or even plain wrong, Alcatel-Lucent is not responsible for the accuracy of this information. I'm just trying to be helpful here based on what I know. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: VLAN assigment and Alcatel Omniswitch 7800
Hello! Have you checked the documentation for the Omniswitch to verify that it supports this? If I send back the same attributes on my wireless access points, it works perfectly (we do this in production). The AP's, however, support that. I'll check it again, it's became difficult to talk to tech support from Alcatel, in the mean time they've told me that i'll need some sort of license to support vlan assignment, i think they call it Authenticated VLAN, even more, I suggest you look into chapter 22 of your 7700/7800/8800 Network Configuration Guide, where dot1x is explained. Somewhere in the first few pages of this chapter is an explanation of assigning users to VLANs based on RADIUS authentication. Authenticated VLAN appears to be something completely different (although it uses RADIUS and assigns VLANs to users, the methods are different, probably more like a captive portal). It looks like you'll need to provide the VLAN number in a VSA (see chapter 20). Well i'm dissappointed, maybe someone from Alcatel could give me a better explanation. Because I work at Alcatel-Lucent (as you can probably see from my e-mail address), a big fat disclaimer is in place: This mail does not represent Alcatel-Lucent in any way. Everything I have written in this mail is either my opinion or information I interpreted from publically available documents (I found the manuals through Google on a server that, judging from its name, is open for public access). I don't work in a department that has anything to do with Omniswitches and have not used them myself. Because of that, this information may be inaccurate or even plain wrong, Alcatel-Lucent is not responsible for the accuracy of this information. I'm just trying to be helpful here based on what I know. Gtnx Marcel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 1.1.3 on Solaris 10 (sparc)
Lin Richardson wrote: You should post this to thet userlist (I am cc'ing them on this reply). Perhaps someone there has seen the false cru error before... I'm no compiler guru, but google tells me that libtool may be to blame. I don't acutally show libtool installed on my box and don't know much about it. I'm no compiler guru either, but the system appears to be missing 'ar' (I thought I remembered 'ar' being called with options 'cru' before, and the config.log confirms this:) Error: false cru .libs/libltdl.a ltdl.o gmake[3]: *** [libltdl.la http://libltdl.la] Error 1 gmake[3]: Leaving directory `/export/home/dev/rafi_dir/free_radius_1.1.3/freeradius-1.1.3/libltdl' config.log: checking for ar... false Apparently something is wrong with the configure script, and it uses 'false' as the command for 'ar', instead of exiting with an error because it couldn't find 'ar'. Gtnx Marcel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Interface binding problem
Nicolas Baradakis wrote: I'd like to set it up with the commandline switch (-i ip-addr), but this does not seem to work (tested on versions 0.2, 1.0.1 and 1.2): the server only takes the address from the configuration file and completely ignores the commandline switch. I do realise that the commandline switch is deprecated, but is it possible to get this to work somehow? You may try a nightly CVS snapshot. I think the -i and -p options are fixed in CVS. It took a while to check out the 1.1.x CVS branch (company proxy server was in the way...), but I managed to test it with that version too; although the options are fixed in 2.0, it doesn't work in 1.1. I've tried to backport the changes from the 2.0 branch, but there are too many changes for me to properly port it... We'd prefer to use version 1.1.3 for our test setups, because most of our customers probably won't be upgrading to 2.0 until it's been out for quite some time.. Kind regards, Marcel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Interface binding problem
Nicolas Baradakis wrote: I'd like to set it up with the commandline switch (-i ip-addr), but this does not seem to work (tested on versions 0.2, 1.0.1 and 1.2): the server only takes the address from the configuration file and completely ignores the commandline switch. I do realise that the commandline switch is deprecated, but is it possible to get this to work somehow? You may try a nightly CVS snapshot. I think the -i and -p options are fixed in CVS. Yes, they are; thank you very much! The CVS snapshot indicates that this will be version 2.0. Is this the next planned release or is it more like a development branch which is maintained together with a stable 1.1-branch? (I'm trying to figure out if it's worthwhile to wait for the next released version or just use a 'stable enough' CVS snapshot for the time being if a release that fixes these options isn't planned for some time.) Thanks very much again! Kind regards, Marcel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Interface binding problem
Hello, I'm trying to setup FreeRADIUS in a testing setup where the IP address to which it binds needs to be set. The RADIUS server is loaded on-demand on a number of machines, where almost all configuration is the same, except for the IP address to which it needs to listen. Normally this would be setup in the configuration file, but this means that either I can't have a centralized configuration file (which makes things very complicated, as I'm trying to provide a standard service in an experimental environment), or the configuration file needs to be changed before every FreeRADIUS startup, which also is very inconvenient. I'd like to set it up with the commandline switch (-i ip-addr), but this does not seem to work (tested on versions 0.2, 1.0.1 and 1.2): the server only takes the address from the configuration file and completely ignores the commandline switch. I do realise that the commandline switch is deprecated, but is it possible to get this to work somehow? Kind regards, Marcel de Boer - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html