Re: Re: IP address assignment for the authenticated users in Free
Just because RADIUS has an attribute defined, doesn't mean the NAS supports it for your use. In general, the IP address assignment attributes are intended for use with NAS's that are point-to-point access routers where the address will be for an "unnumbered" connection, where the link level understands such an assignment. 802.11 Wifi Access Points don't do this. There is no link level mechanism for it. You must use DHCP or static assignments. Dave.Oct 20, 2009 05:48:34 AM, t...@kalik.net wrote: > Alan Thanks for the quick reply.> I would like to have one more clarification.> Can we use IP addrss as Attribute value pair so that the RADIUS server> throws IPs dynamically to users after authentication.Did you actually read the reply?> For WiFi authentication, you need a DHCP server. Sending IP addresses> to the NAS in a RADIUS packet won't work.>> You can configure FreeRADIUS to be a DHCP server, but that involves> creating a DHCP configuration, not a RADIUS configuration.Ivan KalikKalik Informatika ISP-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP address assignment for the authenticated users in Free
> Alan Thanks for the quick reply. > I would like to have one more clarification. > Can we use IP addrss as Attribute value pair so that the RADIUS server > throws IPs dynamically to users after authentication. Did you actually read the reply? > For WiFi authentication, you need a DHCP server. Sending IP addresses > to the NAS in a RADIUS packet won't work. > > You can configure FreeRADIUS to be a DHCP server, but that involves > creating a DHCP configuration, not a RADIUS configuration. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP address assignment for the authenticated users in Free
Alan Thanks for the quick reply. I would like to have one more clarification. Can we use IP addrss as Attribute value pair so that the RADIUS server throws IPs dynamically to users after authentication. Regards Anoop Anoop C wrote: > Hi > We are running EAP-TLS authentication for office users using WiFi > network. This is a certificate based authentication and we are using Free > RADIUS. > I would like to know whether we can assign IP address dynamically to the > users through FREE RADIUS server ie RADIUS server works as DHCP server. For WiFi authentication, you need a DHCP server. Sending IP addresses to the NAS in a RADIUS packet won't work. > So > after successful authentication Server should through an IP address which is > configured against that particular MAC of the user in the server. No. You need a DHCP server. You can configure FreeRADIUS to be a DHCP server, but that involves creating a DHCP configuration, not a RADIUS configuration. Alan DeKok. Get your world in your inbox! Mail, widgets, documents, spreadsheets, organizer and much more with your Sifymail WIYI id! Log on to http://www.sify.com ** DISCLAIMER ** Information contained and transmitted by this E-MAIL is proprietary to Sify Limited and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If this is a forwarded message, the content of this E-MAIL may not have been sent with the authority of the Company. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the named recipient, you are notified that any use, distribution, transmission, printing, copying or dissemination of this information in any way or in any manner is strictly prohibited. If you have received this communication in error, please delete this mail & notify us immediately at ad...@sifycorp.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP address assignment for the authenticated users in Free radius
Anoop C wrote: > Hi > We are running EAP-TLS authentication for office users using WiFi > network. This is a certificate based authentication and we are using Free > RADIUS. > I would like to know whether we can assign IP address dynamically to the > users through FREE RADIUS server ie RADIUS server works as DHCP server. For WiFi authentication, you need a DHCP server. Sending IP addresses to the NAS in a RADIUS packet won't work. > So > after successful authentication Server should through an IP address which is > configured against that particular MAC of the user in the server. No. You need a DHCP server. You can configure FreeRADIUS to be a DHCP server, but that involves creating a DHCP configuration, not a RADIUS configuration. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP address assignment (rlm_ippool)
"Carlo Prestopino" <[EMAIL PROTECTED]> wrote: > Once started, I get back an error from radiusd : > > rlm_ippool: Failed to open file /etc/raddb/db.ippool: Permission denied Try setting the file permissions so that the radius server has read/write access. > It seems that the problem is due lack of db.ippool file. No. The error is "permissions denied", not "does not exist". Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: IP-Address assignment - NAS Pool if value is empty in LDAP
I am running freeradius-1.0.2-5.5 and need a solution for the following problem: we want to achieve that freeradius sends back an IP-Address if there is one for that user in LDAP. If the value is empty freeradius shouldnt send back an IP-Address and the NAS should choose one from his own ip-pool. That will work out of the box. Make sure in ldap.attrmap you have replyItem Framed-IP-Address radiusFramedIPAddress replyItem Framed-IP-Netmask radiusFramedIPNetmask **You can change those to whatever you store it as in ldap. Then in the user, you put the IP. dn: uid=someuser,ou=. radiusFramedIPAddress: 1.1.1.1 radiusFramedIPNetmask: 255.255.255.0 Then rlm_ldap, will look for an attribute of radiusFramedIPAddress and radiusFramedIPNetmask in ldap. If it exists, it will send it back in the access-accept as a reply item. If it doesn't exist, it won't send anything. Did you try this yet? If so and it isn't working for you, please send debug output (radiusd -X). - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: IP-Address assignment - NAS Pool if value is empty in LDAP
Hi, that means you configured the NAS to ignore an empty IP value? cause freeradius would send back the empty value to the NAS..this is what i want to avert. but i dont know how :( regards, stefan > --- Ursprüngliche Nachricht --- > Von: "Seferovic Edvin" <[EMAIL PROTECTED]> > An: "'FreeRadius users mailing list'" > > Betreff: RE: IP-Address assignment - NAS Pool if value is empty in LDAP > Datum: Wed, 11 Jan 2006 09:37:29 +0100 > > Hi, > > YES... it is possible ( at least in my case it is ). I've used > Framed-IP-Address attribute which I mapped to an attribute in my LDAP > directory. As "NAS" I use Poptop daemon ( MS PPTP Server for Linux ). > > Regards, > > Edvin > > -Original Message- > From: > [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > g] On Behalf Of [EMAIL PROTECTED] > Sent: Mittwoch, 11. Jänner 2006 09:16 > To: FreeRadius users mailing list > Subject: IP-Address assignment - NAS Pool if value is empty in LDAP > > I am running freeradius-1.0.2-5.5 and need a solution for the following > problem: > > we want to achieve that freeradius sends back an IP-Address if there is > one > for that user in LDAP. If the value is empty freeradius shouldnt send back > an IP-Address and the NAS should choose one from his own ip-pool. > > is this possible to realize? > > greetings, > Stefan > > -- > DSL-Aktion wegen gro_er Nachfrage bis 28.2.2006 verldngert: > GMX DSL-Flatrate 1 Jahr kostenlos* http://www.gmx.net/de/go/dsl > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Lust, ein paar Euro nebenbei zu verdienen? Ohne Kosten, ohne Risiko! Satte Provisionen für GMX Partner: http://www.gmx.net/de/go/partner - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: IP-Address assignment - NAS Pool if value is empty in LDAP
Hi, YES... it is possible ( at least in my case it is ). I've used Framed-IP-Address attribute which I mapped to an attribute in my LDAP directory. As "NAS" I use Poptop daemon ( MS PPTP Server for Linux ). Regards, Edvin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of [EMAIL PROTECTED] Sent: Mittwoch, 11. Jänner 2006 09:16 To: FreeRadius users mailing list Subject: IP-Address assignment - NAS Pool if value is empty in LDAP I am running freeradius-1.0.2-5.5 and need a solution for the following problem: we want to achieve that freeradius sends back an IP-Address if there is one for that user in LDAP. If the value is empty freeradius shouldnt send back an IP-Address and the NAS should choose one from his own ip-pool. is this possible to realize? greetings, Stefan -- DSL-Aktion wegen gro_er Nachfrage bis 28.2.2006 verldngert: GMX DSL-Flatrate 1 Jahr kostenlos* http://www.gmx.net/de/go/dsl - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP address assignment
Philip Schilling wrote: Does everyone top post now? How do you read a thread? Phil Add packet reordering code? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP address assignment
Infusino, Michael - ADP Dataphile wrote:
I am using radius to authenticate access from VPN.
Would anyone now how to record the IP address the user is assigned after
they log in.
Michael
How does a little dynamic dns strike you? Make sure to actualy read below and
attached scripts and setup a DNS key.
--radiusd.conf-
modules section
exec ddns_update {
wait = no
program = "/usr/local/sbin/radius-dns-update.sh"
input_pairs = request
packet_type = Accounting-Request
shell_escape = yes
}
end modules
instantiate section---
ddns_update
---end section
Interesting idea. I like it.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP address assignment
On Oct 13, 2005, at 10:44 PM, Infusino, Michael - ADP Dataphile wrote:
Very nice.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: Thursday, October 13, 2005 11:41 PM
To: FreeRadius users mailing list
Subject: Re: IP address assignment
Infusino, Michael - ADP Dataphile wrote:
I am using radius to authenticate access from VPN.
Would anyone now how to record the IP address the user is assigned
after
they log in.
Michael
How does a little dynamic dns strike you? Make sure to actualy read
below and attached scripts and setup a DNS key.
--radiusd.conf-
modules section
exec ddns_update {
wait = no
program = "/usr/local/sbin/radius-dns-update.sh"
input_pairs = request
packet_type = Accounting-Request
shell_escape = yes
}
end modules
instantiate section---
ddns_update
---end section
Does everyone top post now? How do you read a thread?
Phil
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: IP address assignment
Very nice.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: Thursday, October 13, 2005 11:41 PM
To: FreeRadius users mailing list
Subject: Re: IP address assignment
Infusino, Michael - ADP Dataphile wrote:
> I am using radius to authenticate access from VPN.
>
>
>
> Would anyone now how to record the IP address the user is assigned after
> they log in.
>
>
>
> Michael
How does a little dynamic dns strike you? Make sure to actualy read
below and attached scripts and setup a DNS key.
--radiusd.conf-
modules section
exec ddns_update {
wait = no
program = "/usr/local/sbin/radius-dns-update.sh"
input_pairs = request
packet_type = Accounting-Request
shell_escape = yes
}
end modules
instantiate section---
ddns_update
---end section
_
This message and any attachments are intended only for the use of the addressee
and
may contain information that is privileged and confidential. If the reader of
the
message is not the intended recipient or an authorized representative of the
intended recipient, you are hereby notified that any dissemination of this
communication is strictly prohibited. If you have received this communication in
error, please notify us immediately by e-mail and delete the message and any
attachments from your system.
<>-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP address assignment
Infusino, Michael - ADP Dataphile wrote:
I am using radius to authenticate access from VPN.
Would anyone now how to record the IP address the user is assigned after
they log in.
Michael
How does a little dynamic dns strike you? Make sure to actualy read
below and attached scripts and setup a DNS key.
--radiusd.conf-
modules section
exec ddns_update {
wait = no
program = "/usr/local/sbin/radius-dns-update.sh"
input_pairs = request
packet_type = Accounting-Request
shell_escape = yes
}
end modules
instantiate section---
ddns_update
---end section
#!/bin/bash
#must setup this key!!
#man nsupdate
NSUPDATE="nsupdate -k
/etc/freeradius/keys/Kradius-dns-updates.+157+08981.private"
function usage()
{
echo "Usage: `basename $0` -u User-Name -t Hint -s Acct-Status-Type -i
Framed-IP-Address"
exit 1
}
while getopts "u:t:s:i:" opt; do
case "$opt" in
u) USER_NAME=$OPTARG;;
t) HINT=$OPTARG;;
s) ACCT_STATUS_TYPE=$OPTARG;;
i) FRAMED_IP_ADDRESS=$OPTARG;;
*) usage;;
esac;
done
HINT=`echo ${HINT} | tr -d '"'`
USER_NAME=`echo ${USER_NAME} | tr -d '"'`
ACCT_STATUS_TYPE=`echo ${ACCT_STATUS_TYPE} | tr -d '"'`
FRAMED_IP_ADDRESS=`echo ${FRAMED_IP_ADDRESS} | tr -d '"'`
if [[ "${USER_NAME}" == "" ]] ||
[[ "${HINT}" == "" ]] ||
[[ "${ACCT_STATUS_TYPE}" == "" ]] ||
[[ "${FRAMED_IP_ADDRESS}" == "" ]]; then exit 1; fi
#make sure you update below list to something that fits your setup!
case "${HINT}" in
XXX) DOMAINNAME="xxx.you.net";;
YYY) DOMAINNAME="yyy.you.net";;
*)exit 1;;
esac;
USER_NAME="[EMAIL PROTECTED]"
DNS_A_REC="${USER_NAME}.${DOMAINNAME}"
DELETE_DNS_A_REC="prereq yxdomain ${DOMAINNAME}\nupdate delete ${DNS_A_REC} A"
ADD_DNS_A_REC="update add ${DNS_A_REC} 300 in A ${FRAMED_IP_ADDRESS}"
TOUCH_DNS_A_REC="prereq nxdomain ${DNS_A_REC}\n"
case "${ACCT_STATUS_TYPE}" in
Start)
echo -e "${DELETE_DNS_A_REC}\n${ADD_DNS_A_REC}\nsend" |
$NSUPDATE
;;
Stop)
#comment below to leave logged out users in DNS
echo -e "${DELETE_DNS_A_REC}\nsend" | $NSUPDATE
;;
Alive)
#uncomment below to flood active users in during turnup
# echo -e "${TOUCH_DNS_A_REC}\n${ADD_DNS_A_REC}\nsend" | $NSUPDATE
exit 0;;
*)
exit 1;;
esac;
#!/bin/bash
STAGE2="/usr/local/sbin/radius-dns-update.s2.sh"
if [[ "${USER_NAME}" == "" ]] ||
[[ "${HINT}" == "" ]] ||
[[ "${ACCT_STATUS_TYPE}" == "" ]] ||
[[ "${FRAMED_IP_ADDRESS}" == "" ]]; then exit 0; fi
if [[ -x $STAGE2 ]]; then
$STAGE2 -u"${USER_NAME}" -t"${HINT}" -s"${ACCT_STATUS_TYPE}"
-i"${FRAMED_IP_ADDRESS}" 2>&1 >/dev/null
fi
exit 0
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
