Client hostname in clients.conf instead of IP address
Hello, Can anyone help me with this question? I have added the following configuration to raddb/modules/attr_rewrite, which allows me to get Client IP address. attr_rewrite addclientip { attribute = Client-IP-Address searchin = packet searchfor = "^$" replacewith = "%{Client-IP-Address}" maxmatches = 1 new_attribute = yes } Is there anyway for me to retrieve the Client hostname as configured in raddb/clients.conf shown in the example below. client www.abc.com { secret = password } Any help will be greatly appreciated. Thanks :) Alex -- View this message in context: http://freeradius.1045715.n5.nabble.com/Client-hostname-in-clients-conf-instead-of-IP-address-tp4954180p4954180.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Del dynamic client working?
Hello guys, In order to delete a dynamically defined client, the client IP file needs to reside in dynamic-clients folder upon startup of the radius daemon. I wondering if we are able to delete the dynamic defined client without restart of the radius daemon? ERROR: Client 192.168.169.89 was not dynamically defined. alex -- View this message in context: http://freeradius.1045715.n5.nabble.com/Del-dynamic-client-working-tp4912926p4912926.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radmin del client error
Go install the new version. It works. - Yup, I will try this again. Thanks. We know. The dynamic clients code does this, and is *documented* as doing this. Your multiple email messages have said you want to do this. Explaining it again here means you're assuming we're either blind or stupid. - I am really sorry if i made you guys think that way. My intention was to write my understanding to describe my implementation, that's why i detailed every steps i took and narrated in the message multiple times. I am glad so far my understanding is correct and is achievable, I will keep trying. Sincere apologies again. We're trying. We're not really succeeding. - Nah, You and Arran and Alan are indeed very helpful enough and succeeded in a way of what this forum is for. Appreciate Arran for his great patience. :) Cheers Last but not least, I would like to say thanks to all of you again and give an update if i ever succeed in the dynamic-client. I am sure its just some silly mistakes that i overlooked. Alex -- View this message in context: http://freeradius.1045715.n5.nabble.com/radmin-del-client-error-tp4725176p4745003.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radmin del client error
Hello Arran and Alan, My aim is to achieve the addition of client entries without any server reloading/restart, and AAA will permits for those newly added clients. My first thought was to use radmin -e "add client file " and it works for me but the deletion "del client ipaddr " failed on me. My requirement. 1. Client entries can be added dynamically after server has been started. 2. Each client entry consists of an IP address with a unique secret associated with it. My assumption. Dynamic-client - 1 & 2. (hopefully this method is what i thought) Static-client - standard client {} entries are going into it, then just add them to clients.conf instead as the server will need reloading to read new content of those files. Hope my understanding is correct. Please correct me if i am wrong. :-) Alex -- View this message in context: http://freeradius.1045715.n5.nabble.com/radmin-del-client-error-tp4725176p4744741.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radmin del client error
Hello Arran and Alan, Arran is right. Yes! Thanks guys for yours patience. I would love to send you guy a tarball of my configs. Currently, I away from my server for the next 2 days. And I will send u guys once I am back in office. :) Alex -- View this message in context: http://freeradius.1045715.n5.nabble.com/radmin-del-client-error-tp4725176p4738057.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radmin del client error
Hello Alan, Yes, this 'dynamic-clients' is a file, the original and default file as you mentioned in the previous message. The content is as follows. If you noticed? the directory was assigned with a dynamic-clients folder resides in raddb folder. client dynamic { ipaddr = 0.0.0.0 netmask = 0 dynamic_clients = dynamic_client_server directory = ${confdir}/dynamic-clients/ lifetime = 3600 } Alex -- View this message in context: http://freeradius.1045715.n5.nabble.com/radmin-del-client-error-tp4725176p4737651.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radmin del client error
Hello Alan, Very thankful for your reply and correct my understanding. (Shown below) I actually did the symlink to dynamic-clients file. This file allows me to indicate the directory where client definitions are stored. I uncommented this -> directory = ${confdir}/dynamic-clients/ <- however this dynamic-clients does not exist, so i did a mkdir dynamic-clients under $confdir (which is raddb). This folder is empty so after i started the radiusd -X -x, I will add a client definition file to this newly created folder (dynamic-clients/). Am I right to do that? Did i miss out any steps? Hope this is clearer. [root@server sites-enabled]# pwd /usr/local/etc/raddb/sites-enabled [root@server sites-enabled]# ls -al total 0 lrwxrwxrwx 1 root root 33 2011-08-22 15:58 control-socket -> ../sites-available/control-socket lrwxrwxrwx 1 root root 26 2011-08-22 15:58 default -> ../sites-available/default lrwxrwxrwx 1 root root52 2011-08-24 16:27 dynamic-clients -> /usr/local/etc/raddb/sites-available/dynamic-clients lrwxrwxrwx 1 root root 31 2011-08-22 15:58 inner-tunnel -> ../sites-available/inner-tunnel Alex -- View this message in context: http://freeradius.1045715.n5.nabble.com/radmin-del-client-error-tp4725176p4737604.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radmin del client error
Hello, I have manually moved the 192.168.169.74 file into raddb/dynamic-clients folder after i start radius daemon. (radiusd -X -x) I did make sure that raddb/sites-available/dynamic_clients contains directory = /usr/local/etc/raddb/dynamic-clients I sent a packet to the server yet i still received the following error. Error: Ignoring request to authentication address * port 1812 from unknown client 192.168.169.74 port 56181 Is there any mistakes i did in the above? In case, you are curious.. my file 192.168.169.74 contains the following. client 192.168.169.74 { ipaddr = 192.168.169.74 secret = secret } Regards, Alex -- View this message in context: http://freeradius.1045715.n5.nabble.com/radmin-del-client-error-tp4725176p4737256.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radmin del client error
Thanks Allan and Arran, the server is responding after i did a symbolic link as below. Below is the command that i did. ln -sf /usr/local/etc/raddb/sites-available/dynamic-clients /usr/local/etc/raddb/sites-enabled/ Just a couple of doubts. 1) secret is required in the client definition (file: 192.168.169.74)? How do i make sure the server validate the client secret upon receiving the radius packet? Is the logic lies with dynamic_client_server? I noticed FreeRADIUS-Client-Secret was dynamically hard-coded in the example? Pardon me if i asked silly question. Within sites-available/dynamic-clients, client dynamic { ipaddr = 0.0.0.0 netmask = 0 dynamic_clients = dynamic_client_server directory = /usr/local/etc/raddb/dynamic-clients lifetime = 3600 } server dynamic_client_server { } Within raddb/dynamic-clients/192.168.169.74 client 192.168.169.74 { secret = secret123 } -- View this message in context: http://freeradius.1045715.n5.nabble.com/radmin-del-client-error-tp4725176p4733324.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radmin del client error
Hello Arran, The method that I use to add dynamic client is via radmin -e "add client file "? I read site-available/dynamic-clients. But I can't find the link that trigger radius daemon to add the dynamic client definition file. I named the client ip as file name instructed and placed in the appointed client definition directory. Is there any steps that I missed out? Alex -- View this message in context: http://freeradius.1045715.n5.nabble.com/radmin-del-client-error-tp4725176p4730201.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radmin del client error
Hello Bjorn & Arran, Sorry, I don't quite following u guys were saying. :( is there any differences in the source that I downloaded? Alex -- View this message in context: http://freeradius.1045715.n5.nabble.com/radmin-del-client-error-tp4725176p4730190.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radmin del client error
Hello Arran, Yes. I did. Is there anything i did wrongly? [root@FC-O ~]# radmin -e "del client ipaddr 192.168.169.74" ERROR: Must specify [root@FC-O ~]# radmin radmin 3.0.0 - FreeRADIUS Server administration tool. Copyright (C) 2008 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. radmin> del client ipaddr 192.168.169.74 ERROR: Must specify radmin> Alex -- View this message in context: http://freeradius.1045715.n5.nabble.com/radmin-del-client-error-tp4725176p4730033.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radmin del client error
Hello Arran, Thanks for double checking this. It's weird. Below is what i got. I install freeradius on a fresh linux. Is there any other file that i can verify to prove my source is identical as yours? [root@FC-O ~]# radiusd -v radiusd: FreeRADIUS Version 3.0.0, for host i686-pc-linux-gnu, built on Aug 24 2011 at 23:48:29 Copyright (C) 1999-2011 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. For more information about these matters, see the file named COPYRIGHT. [root@FC-O ~]# radmin -e "show client list" 127.0.0.1 [root@FC-O ~]# radmin -e "add client file /usr/local/etc/raddb/alex.conf" [root@FC-O ~]# radmin -e "show client list" 127.0.0.1 192.168.169.74 [root@FC-O ~]# radmin -e "del client ipaddr" ERROR: Must specify [root@FC-O ~]# radmin -e "del client ipaddr 192.168.169.74" ERROR: Client 192.168.169.74 was not dynamically defined. [root@FC-O ~]# Regards, Alex -- View this message in context: http://freeradius.1045715.n5.nabble.com/radmin-del-client-error-tp4725176p4729970.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radmin del client error
Hello Arran, I have built the master copy from git and tested. The result still the same. Not fixed. :) Alex -- View this message in context: http://freeradius.1045715.n5.nabble.com/radmin-del-client-error-tp4725176p4729575.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radmin del client error
Wow, awesome. You guys are really great. I am going to try that now! Keep you guys informed. thanks again! :-) Alex -- View this message in context: http://freeradius.1045715.n5.nabble.com/radmin-del-client-error-tp4725176p4726165.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radmin del client error
Hello Arran, Will the bug be fixed on freeradius next release? Or will the solution be posted? :) My design aims to achieve zero downtime, therefore deletion of client without restart of radius daemon seems the best solution. Do you mean dynamically generated client can be achieved via sites-available/ ? thanks for this link. I will test if it works. :) Alex -- View this message in context: http://freeradius.1045715.n5.nabble.com/radmin-del-client-error-tp4725176p4725972.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radmin del client error
Hello Arran, What do you mean by parameter parsing? I would like to achieve deletion of client without restarting of the radius daemon, which is part of the design. Alex -- View this message in context: http://freeradius.1045715.n5.nabble.com/radmin-del-client-error-tp4725176p4725861.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radmin del client error
Thanks Arran for your quick response and acknowledgement. Is there a quick workaround for this? I really need yours and Allan help on this. Alex -- View this message in context: http://freeradius.1045715.n5.nabble.com/radmin-del-client-error-tp4725176p4725813.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radmin del client error
Hello, I tried using radmin to delete a client that was added dynamically via "add client file alex.conf". alex.conf contains the following content. client 192.168.168.111 { secret = secret } however, i experience the following error. Can you show me the correct del command for this? radmin> show client list 192.168.169.86 192.168.169.74 192.168.169.123 192.168.168.111 radmin> del client ipaddr 192.168.168.111 ERROR: Must specify radmin> del client ipaddr 192.168.168.111 ERROR: Client 192.168.168.111 was not dynamically defined. Your help is greatly appreciated. -- View this message in context: http://freeradius.1045715.n5.nabble.com/radmin-del-client-error-tp4725176p4725176.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html