Re: Question on Virtual Servers and inner-tunnel
On 01/25/2011 11:18 PM, Brett Littrell wrote:
with inner-tunnel requests. So my question is wether naming the server
inner-tunnel causes it to exclusively handle inner-tunnel requests, in
other word is inner-tunnel a hard coded name that has to be used for
handling inner-tunnel requests?
No. It is set in eap.conf; see the virtual_server option under the
peap and ttls stanzas.
You can also override (per-request) to use a different virtual server in
the outer tunnel e.g.
/etc/raddb/sites-available/default:
authorize {
...
if (EAP-Message) {
if (...some lookup...) {
update control {
# this directs the inner tunnel from this EAP
# session to the named virtual server
Virtual-Server := somedifferentthing
}
}
}
...
}
Something that might not be obvious also - the virtual server name
actually comes from the:
server NAME {
authorize {
..
}
}
...NAME option on the server{} block. By convention and to avoid
confusion the filename in /etc/raddb/sites-{available,enabled} is the
same, but it doesn't need to be (and in fact doesn't need to be in a
separate file)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
OT: email fail [was Re: Question on Virtual Servers and inner-tunnel]
Gary Gatten ggat...@waddell.com wrote: And I don't have control over what our half dozen email processors do to my email after I send it. You live in a country that prevents you using any other SMTP server other than the one allocated to you? Unable to get a freebie email address (Gborg) that comes with SMTP submission? Unable to run your own SMTP server and/or buy your own domain. That's a terrible place to live, let me know so I know never to visit. If that's not the case, learn to use a n...@waddell.com email address though you undoubtedly have. Cheers -- Alexander Clouter .sigmonster says: Everything ends badly. Otherwise it wouldn't end. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: OT: email fail [was Re: Question on Virtual Servers and inner-tunnel]
Hmmm, build/use a different email system? Genius! Why didn't I think of that - Original Message - From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org freeradius-users-bounces+ggatten=waddell@lists.freeradius.org To: freeradius-users@lists.freeradius.org freeradius-users@lists.freeradius.org Sent: Wed Jan 26 02:56:23 2011 Subject: OT: email fail [was Re: Question on Virtual Servers and inner-tunnel] Gary Gatten ggat...@waddell.com wrote: And I don't have control over what our half dozen email processors do to my email after I send it. You live in a country that prevents you using any other SMTP server other than the one allocated to you? Unable to get a freebie email address (Gborg) that comes with SMTP submission? Unable to run your own SMTP server and/or buy your own domain. That's a terrible place to live, let me know so I know never to visit. If that's not the case, learn to use a n...@waddell.com email address though you undoubtedly have. Cheers -- Alexander Clouter .sigmonster says: Everything ends badly. Otherwise it wouldn't end. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. /font - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on Virtual Servers and inner-tunnel
Brett Littrell wrote: Hope this is not to stupid of a question but I have been checking out the inner-tunnel virtual server under sites-enabled. I read up a little on virtual servers and it looks like the inner-tunnel virtual server is just a regular old virtual server Yes. yet in the comments is says it specifically handles inner tunnel requests. So? Some families have two cars. One for each of two adults. I went through the default config for the inner-tunnel and did not see any commands that were un-commented that seemed to specify that the server exclusively dealt with inner-tunnel requests. It's *designed* work with inner-tunnel requests. But see the file in version 2.1.10: you can use it as a normal server for testing. So my question is wether naming the server inner-tunnel causes it to exclusively handle inner-tunnel requests, in other word is inner-tunnel a hard coded name that has to be used for handling inner-tunnel requests? See eap.conf. Look for inner-tunnel Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on Virtual Servers and inner-tunnel
Hi All, You guys really explained it well, appreciate it. I really wanted to know to try and get an idea of how this works and figure out the best way to set this up and clarifying that really helped. And yes I did get Gary joking and I do not mind a little eldow in the ribs joking, just as long as he does not mind pay backs in other email..HeHe:) I do appreciate Alex popping is on my behalf as well, it is nice to see someone out there helping out the new guys. Anyway, I think I have enough info to do some damage, hopefully I won't spam the list with to many more questions:) FYI: You guys are great, and I think I speak for everyone new to freeradius that we appreciate your help. PS: What is up with Garys email? or is it my threaded view? Gary's email keeps popping up as a new email and not as a threaded response? Brett Littrell Network Manager MUSD CISSP, CCSP, CCVP, MCNE - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on Virtual Servers and inner-tunnel
Brett Littrell blittr...@musd.org wrote: PS: What is up with Garys email? or is it my threaded view? Gary's email keeps popping up as a new email and not as a threaded response? I guess corporate policy is to use a broken email client as well as an SMTP server that adds a 'legally-holds-no-water' disclaimer. The last mail client I saw doing this was Novell Groupwise shudder/ Incase you did not know, if you look at the headers for the other emails here, you will see a 'References' line, that is what makes threading work...it's also the tell tell sign when folk hit 'Reply' rather than 'Compose' when they want to post a *new* thread to the mailing list. Now if you fix your email client for text/plain only... :) /email-nazi -- Alexander Clouter .sigmonster says: Serving coffee on aircraft causes turbulence. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on Virtual Servers and inner-tunnel
Must have been a really old version of GW, I use GW here and it seems to thread fine but we are on the latest version. Thanks again.. Brett Littrell Network Manager MUSD CISSP, CCSP, CCVP, MCNE On Wednesday, January 26, 2011 at 8:48 AM, in message vrv518-hm1@chipmunk.wormnet.eu, Alexander Clouter a...@digriz.org.uk wrote: Brett Littrell blittr...@musd.org wrote: PS: What is up with Garys email? or is it my threaded view? Gary's email keeps popping up as a new email and not as a threaded response? I guess corporate policy is to use a broken email client as well as an SMTP server that adds a 'legally-holds-no-water' disclaimer. The last mail client I saw doing this was Novell Groupwise shudder/ Incase you did not know, if you look at the headers for the other emails here, you will see a 'References' line, that is what makes threading work...it's also the tell tell sign when folk hit 'Reply' rather than 'Compose' when they want to post a *new* thread to the mailing list. Now if you fix your email client for text/plain only... :) /email-nazi -- Alexander Clouter .sigmonster says: Serving coffee on aircraft causes turbulence. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on Virtual Servers and inner-tunnel
That's a stupid question for someone with so many certs! ;) jus givn ya $hit. AKAIK it's not hard coded. In a config file somewhere is probably something like: if request type is 'x' then server inner-tunnel. Its been some time since I looked at the conf files so I can't say for sure which one and where. From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org freeradius-users-bounces+ggatten=waddell@lists.freeradius.org To: freeradius-users@lists.freeradius.org freeradius-users@lists.freeradius.org Sent: Tue Jan 25 17:18:57 2011 Subject: Question on Virtual Servers and inner-tunnel Hi All, Hope this is not to stupid of a question but I have been checking out the inner-tunnel virtual server under sites-enabled. I read up a little on virtual servers and it looks like the inner-tunnel virtual server is just a regular old virtual server yet in the comments is says it specifically handles inner tunnel requests. I went through the default config for the inner-tunnel and did not see any commands that were un-commented that seemed to specify that the server exclusively dealt with inner-tunnel requests. So my question is wether naming the server inner-tunnel causes it to exclusively handle inner-tunnel requests, in other word is inner-tunnel a hard coded name that has to be used for handling inner-tunnel requests? Brett Littrell Network Manager MUSD CISSP, CCSP, CCVP, MCNE font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. /font - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on Virtual Servers and inner-tunnel
You could define new ones, change the existing one, both, etc. Generally speaking the default config just works unless you're doing something interesting. I can't say how/what you should do without knowing more about it. And then I prolly still can't, but others could. Since you're so self motivated, perhaps you could draft curriculum and tests for an FR cert? From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org freeradius-users-bounces+ggatten=waddell@lists.freeradius.org To: 'freeradius-users@lists.freeradius.org' freeradius-users@lists.freeradius.org Sent: Tue Jan 25 17:50:53 2011 Subject: Re: Question on Virtual Servers and inner-tunnel So I guess the follow up question is then, if I want to create multiple virtual servers, I am going to have to find this config file if I want those servers to deal with the inner-tunnel requests or are you suppose to just define another server in the inner-tunnel file if you want a second virtual server that deals with inner-tunnel requests? That was a lot of certs? I have a lot more, those are just the most recentHeHe... I would attempt a cert in freeradius so I can pick it up faster but I never heard of a class for it much less a certification or training materials... Thanks for the fast response. Brett Littrell Network Manager MUSD CISSP, CCSP, CCVP, MCNE On Tuesday, January 25, 2011 at 3:40 PM, in message 13923_1295998812_4d3f5f5c_13923_216_1_d9b37353831173459fdaa836d3b43499ae519...@wadpmbxv0.waddell.com, Gary Gatten ggat...@waddell.com wrote: That's a stupid question for someone with so many certs! ;) jus givn ya $hit. AKAIK it's not hard coded. In a config file somewhere is probably something like: if request type is 'x' then server inner-tunnel. Its been some time since I looked at the conf files so I can't say for sure which one and where. From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org freeradius-users-bounces+ggatten=waddell@lists.freeradius.org To: freeradius-users@lists.freeradius.org freeradius-users@lists.freeradius.org Sent: Tue Jan 25 17:18:57 2011 Subject: Question on Virtual Servers and inner-tunnel Hi All, Hope this is not to stupid of a question but I have been checking out the inner-tunnel virtual server under sites-enabled. I read up a little on virtual servers and it looks like the inner-tunnel virtual server is just a regular old virtual server yet in the comments is says it specifically handles inner tunnel requests. I went through the default config for the inner-tunnel and did not see any commands that were un-commented that seemed to specify that the server exclusively dealt with inner-tunnel requests. So my question is wether naming the server inner-tunnel causes it to exclusively handle inner-tunnel requests, in other word is inner-tunnel a hard coded name that has to be used for handling inner-tunnel requests? Brett Littrell Network Manager MUSD CISSP, CCSP, CCVP, MCNE This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. /font - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Question on Virtual Servers and inner-tunnel
The inner tunnel virtual server can be specified in the eap configuration. By default it is the inner tunnel virtual server. J See the ttls/peap/etc sections of eap.conf Ben From: freeradius-users-bounces+wiechman.lists=gmail@lists.freeradius.org [mailto:freeradius-users-bounces+wiechman.lists=gmail.com@lists.freeradius.o rg] On Behalf Of Brett Littrell Sent: Tuesday, January 25, 2011 5:51 PM To: 'freeradius-users@lists.freeradius.org' Subject: Re: Question on Virtual Servers and inner-tunnel So I guess the follow up question is then, if I want to create multiple virtual servers, I am going to have to find this config file if I want those servers to deal with the inner-tunnel requests or are you suppose to just define another server in the inner-tunnel file if you want a second virtual server that deals with inner-tunnel requests? That was a lot of certs? I have a lot more, those are just the most recentHeHe... I would attempt a cert in freeradius so I can pick it up faster but I never heard of a class for it much less a certification or training materials... Thanks for the fast response. Brett Littrell Network Manager MUSD CISSP, CCSP, CCVP, MCNE On Tuesday, January 25, 2011 at 3:40 PM, in message 13923_1295998812_4D3F5F5C_13923_216_1_D9B37353831173459FDAA836D3B43499AE519 c...@wadpmbxv0.waddell.com, Gary Gatten ggat...@waddell.com wrote: That's a stupid question for someone with so many certs! ;) jus givn ya $hit. AKAIK it's not hard coded. In a config file somewhere is probably something like: if request type is 'x' then server inner-tunnel. Its been some time since I looked at the conf files so I can't say for sure which one and where. _ From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org freeradius-users-bounces+ggatten=waddell@lists.freeradius.org To: freeradius-users@lists.freeradius.org freeradius-users@lists.freeradius.org Sent: Tue Jan 25 17:18:57 2011 Subject: Question on Virtual Servers and inner-tunnel Hi All, Hope this is not to stupid of a question but I have been checking out the inner-tunnel virtual server under sites-enabled. I read up a little on virtual servers and it looks like the inner-tunnel virtual server is just a regular old virtual server yet in the comments is says it specifically handles inner tunnel requests. I went through the default config for the inner-tunnel and did not see any commands that were un-commented that seemed to specify that the server exclusively dealt with inner-tunnel requests. So my question is wether naming the server inner-tunnel causes it to exclusively handle inner-tunnel requests, in other word is inner-tunnel a hard coded name that has to be used for handling inner-tunnel requests? Brett Littrell Network Manager MUSD CISSP, CCSP, CCVP, MCNE This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on Virtual Servers and inner-tunnel
Gary Gatten ggat...@waddell.com wrote: [-- multipart/alternative, encoding 7bit, 1 lines --] [-- text/plain, encoding base64, charset: utf-8, 38 lines --] That's a stupid question for someone with so many certs! ;) jus givn ya $hit. [snipped] font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. /font [-- text/html, encoding base64, charset: utf-8, 48 lines --] [-- text/plain, encoding 7bit, charset: us-ascii, 2 lines --] ...says the guy sending HTML emails with a retarded 'disclaimer' attached to all outbound email. Before you pick on someone, please learn how to use your email client, it otherwise leaves you looking like a puppy curling one out on the carpet. Cheers -- Alexander Clouter .sigmonster says: Beam me up, Scotty! It ate my phaser! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on Virtual Servers and inner-tunnel
Did you read the part where I said I was just giving him $hit? OP did, and he got it. And I don't have control over what our half dozen email processors do to my email after I send it. But, just for you I'll see what I can do. Thanks. - Original Message - From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org freeradius-users-bounces+ggatten=waddell@lists.freeradius.org To: freeradius-users@lists.freeradius.org freeradius-users@lists.freeradius.org Sent: Wed Jan 26 00:49:27 2011 Subject: Re: Question on Virtual Servers and inner-tunnel Gary Gatten ggat...@waddell.com wrote: [-- multipart/alternative, encoding 7bit, 1 lines --] [-- text/plain, encoding base64, charset: utf-8, 38 lines --] That's a stupid question for someone with so many certs! ;) jus givn ya $hit. [snipped] font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. /font [-- text/html, encoding base64, charset: utf-8, 48 lines --] [-- text/plain, encoding 7bit, charset: us-ascii, 2 lines --] ...says the guy sending HTML emails with a retarded 'disclaimer' attached to all outbound email. Before you pick on someone, please learn how to use your email client, it otherwise leaves you looking like a puppy curling one out on the carpet. Cheers -- Alexander Clouter .sigmonster says: Beam me up, Scotty! It ate my phaser! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. /font - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
