Is it possible to recognize clients not by their IP addresses?
Hi!!
The format of ${raddbdir} /clients.conf defines NAS by its IP pool.
And what if I'd like to have a pool of NASes each using unique secret
but not to specyfy their IP or domain names to the freeradius config
files?
Is it possible to do so?
When I was trying to create 2 client sections for same IP pool but
diferent secrets only the second was working.
#clients.conf
client 0.0.0.0/0{
secret = test1
shortname = public1
}
client 0.0.0.0/0{
secret = test2
shortname = public2
}
And with such configuration sending requests with 'secret = test1'
always fails :(
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Is it possible to recognize clients not by their IP addresses?
Absolutely not.
How does the RADIUS server know which NAS is talking to it?It needs to know which secret to use.
Dave.Nov 27, 2008 01:01:41 PM, freeradius-users@lists.freeradius.org wrote:
Hi!!The format of ${raddbdir} /clients.conf defines NAS by its IP pool.And what if I'd like to have a pool of NASes each using unique secretbut not to specyfy their IP or domain names to the freeradius configfiles?Is it possible to do so?When I was trying to create 2 client sections for same IP pool butdiferent secrets only the second was working.#clients.confclient 0.0.0.0/0{secret = test1shortname = public1}client 0.0.0.0/0{secret = test2shortname = public2}And with such configuration sending requests with 'secret = test1'always fails :(-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Is it possible to recognize clients not by their IP addresses?
>And what if I'd like to have a pool of NASes each using unique secret >but not to specyfy their IP or domain names to the freeradius config >files? >Is it possible to do so? > It might be in the future. dynamic-clients virtual server works just with Packet-Src-IP-Address now. There are plans to make NAS-Identifier available to it as well. You will be able to set different shared secrets then. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Is it possible to recognize clients not by their IP addresses?
> It might be in the future. dynamic-clients virtual server works just with > Packet-Src-IP-Address now. There are plans to make NAS-Identifier > available to it as well. You will be able to set different shared > secrets then. I'm waiting for such NAS-ID exactly and hope it might be based on the SSID of the AP. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Is it possible to recognize clients not by their IP addresses?
> > > It might be in the future. dynamic-clients virtual server works just with > > Packet-Src-IP-Address now. There are plans to make NAS-Identifier > > available to it as well. You will be able to set different shared > > secrets then. > > I'm waiting for such NAS-ID exactly and hope it might be based on the > SSID of the AP. Or it may be based on Calling-Station-Id I see the MAC address of the AP in this attribute attached to each message send to the radius server. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Is it possible to recognize clients not by their IP addresses?
On Fri, Nov 28, 2008 at 5:05 AM, Sebo PL <[EMAIL PROTECTED]<[EMAIL PROTECTED]> > wrote: > > > > I'm waiting for such NAS-ID exactly and hope it might be based on the > > SSID of the AP. > > Or it may be based on > Calling-Station-Id > I see the MAC address of the AP in this attribute attached to each > message send to the radius server. > - > That's up to the nas. The nas sends the nas identifier so the string is determined on/by the nas. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Is it possible to recognize clients not by their IP addresses?
Hi,
With "dynamic clients" there is a (coming soon...) way to do it.
Alan is going to make the NAS-Identifier available in a future release to
the "dynamic clients" section.
When this has been done, you should be able to "authenticate a nas" using
the identifier/password.
Cheers,
Johan Meiring
Cape PC Services CC / Amobia Communications
Tel: (021) 883-8271 / (0861) AMOBIA
Fax: (021) 886-7782 / (0861) AMOFAX
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
org] On Behalf Of David Mitton
Sent: 27 November 2008 08:49 PM
To: freeradius-users@lists.freeradius.org
Subject: Re: Is it possible to recognize clients not by their IP addresses?
Absolutely not.
How does the RADIUS server know which NAS is talking to it?
It needs to know which secret to use.
Dave.
Nov 27, 2008 01:01:41 PM, freeradius-users@lists.freeradius.org wrote:
Hi!!
The format of ${raddbdir} /clients.conf defines NAS by its IP pool.
And what if I'd like to have a pool of NASes each using unique secret
but not to specyfy their IP or domain names to the freeradius config
files?
Is it possible to do so?
When I was trying to create 2 client sections for same IP pool but
diferent secrets only the second was working.
#clients.conf
client 0.0.0.0/0{
secret = test1
shortname = public1
}
client 0.0.0.0/0{
secret = test2
shortname = public2
}
And with such configuration sending requests with 'secret = test1'
always fails :(
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
