Re: RADIUS Authentication
Thanks Arran, Is packet-src-ip-address is a defined attribute in the huntgroups? Do you know where I can find more documentation about configurating huntgroups? Any thoughts about how freeRADIUS can stop the naughty hosts? Thanks in advance for your answers. Vinh Arran Cudbard-Bell wrote: nguyenvinht wrote: Thanks for replying. I want to implement this through RADIUS Server. Looking for some code modification or new attributes to accomplish the task. Vinh. tnt wrote: Allow everybody (who knows your secret) to use your radius server by entering 0.0.0.0/0 as client address in clents.conf. Use firewall to block access to radius ports for those specific IP addresses. Allow everybody (who knows your secret) to use your radius server by entering 0.0.0.0/0 as client address in clents.conf. Enter naughty hosts in naughty huntgroup. Check for naughty huntgroup and reject. Huntgroups naughty Packet-Src-IP-Address == naughtyhostone.com naughty Packet-Src-IP-Address == 139.184.12.1 naughty Packet-Src-IP-Address == 127.0.0.1 Users DEFAULT Huntgroup-Name == naughty, Auth-Type := Reject Apparently RFC states that server must respond ... so unless you use a firewall, naughty hosts will know the servers alive , and be able to flood it with lots of requests. Only way to get FreeRADIUS to be quiet is to modify the source. -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/RADIUS-Authentication-tf3918468.html#a11257669 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RADIUS Authentication
By reading the wiki, it said FreeRadius runs on AIX. Any documentation about how to install FreeRadius on AIX? Please let me know. Thanks. Peter Nixonn wrote: On Fri 15 Jun 2007, nguyenvinht wrote: Thanks Arran. How and where do I implement those codes in AIX RADIUS? Doable on AIX RADIUS? This is the FreeRADIUS mailing list. Please ask questions about other RADIUS servers elsewhere. -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/RADIUS-Authentication-tf3918468.html#a11224860 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RADIUS Authentication
Can RADIUS policy file in the authentication step reject a few servers to authenticate and allow all others to authenticate? My understanding is that RADIUS can only use IP-Framed Protocol to allow a number of systems to authenticate and reject the rest but can't do the opposite. Any ideas about how to accomplish this would be appreciated. Thanks. Vinh -- View this message in context: http://www.nabble.com/RADIUS-Authentication-tf3918468.html#a0867 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RADIUS Authentication
Thanks for replying. I want to implement this through RADIUS Server. Looking for some code modification or new attributes to accomplish the task. Vinh. tnt wrote: Allow everybody (who knows your secret) to use your radius server by entering 0.0.0.0/0 as client address in clents.conf. Use firewall to block access to radius ports for those specific IP addresses. Ivan Kalik Kalik Informatika ISP Dana 14/6/2007, nguyenvinht [EMAIL PROTECTED] piše: Can RADIUS policy file in the authentication step reject a few servers to authenticate and allow all others to authenticate? My understanding is that RADIUS can only use IP-Framed Protocol to allow a number of systems to authenticate and reject the rest but can't do the opposite. Any ideas about how to accomplish this would be appreciated. Thanks. Vinh -- View this message in context: http://www.nabble.com/RADIUS-Authentication-tf3918468.html#a0867 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/RADIUS-Authentication-tf3918468.html#a11129084 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RADIUS Authentication
Thanks Arran. How and where do I implement those codes in AIX RADIUS? Doable on AIX RADIUS? Vinh Arran Cudbard-Bell wrote: nguyenvinht wrote: Thanks for replying. I want to implement this through RADIUS Server. Looking for some code modification or new attributes to accomplish the task. Vinh. tnt wrote: Allow everybody (who knows your secret) to use your radius server by entering 0.0.0.0/0 as client address in clents.conf. Use firewall to block access to radius ports for those specific IP addresses. Allow everybody (who knows your secret) to use your radius server by entering 0.0.0.0/0 as client address in clents.conf. Enter naughty hosts in naughty huntgroup. Check for naughty huntgroup and reject. Huntgroups naughty Packet-Src-IP-Address == naughtyhostone.com naughty Packet-Src-IP-Address == 139.184.12.1 naughty Packet-Src-IP-Address == 127.0.0.1 Users DEFAULT Huntgroup-Name == naughty, Auth-Type := Reject Apparently RFC states that server must respond ... so unless you use a firewall, naughty hosts will know the servers alive , and be able to flood it with lots of requests. Only way to get FreeRADIUS to be quiet is to modify the source. -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/RADIUS-Authentication-tf3918468.html#a11130279 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html