juniper authentication with freeradius
Hi, I am trying to do juniper m7i router authentication with freeradius. Can someone provide me some documentation? I have configured juniper but i suppose i missing something on radius side. added following in dictionary file. VENDOR Juniper 2636 ATTRIBUTE Juniper-Local-User-Name 1 string Juniper ATTRIBUTE Juniper-Allow-Commands 2 string Juniper ATTRIBUTE Juniper-Deny-Commands 3 string Juniper Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: juniper authentication with freeradius
ashish verma [EMAIL PROTECTED] writes: I am trying to do juniper m7i router authentication with freeradius. Can someone provide me some documentation? I have configured juniper but i suppose i missing something on radius side. You don't say how you configured neither the JUNOS box nor FreeRADIUS. My guess is that you're lacking something on the router: http://www.juniper.net/techpubs/software/junos/junos84/swconfig84-system-basics/id-10674699.html added following in dictionary file. why? They have been in the default dictionary.juniper for ages. Bjørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
juniper authentication with freeradius
hi, oh.. i didnt have dictionary.juniper file under /etc/freeradius. so i added those lines in dictionary file under /etc/freeradius. and this is my juniper side configuration. authentication-order [ radius password ]; radius-server { 192.168.1.49 { port 1812; accounting-port 1813; secret $9$mTnCOBEyrvO1SeKM-d; ## SECRET-DATA } } i tried doing it without specifying the ports as well..but didnt work. under users file i have this edward Auth-type := Local, User-Password = edward Juniper-Local-User-Name = fritz12 clients.conf contains client 192.168.1.10/24 { secret = secret shortname = junoscope.server.name type = Juniper:nas } On 8/16/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of Freeradius-Users digest... Today's Topics: 1. Re: juniper authentication with freeradius (Bj?rn Mork) -- Message: 1 Date: Thu, 16 Aug 2007 11:20:09 +0200 From: Bj?rn Mork [EMAIL PROTECTED] Subject: Re: juniper authentication with freeradius To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 ashish verma [EMAIL PROTECTED] writes: I am trying to do juniper m7i router authentication with freeradius. Can someone provide me some documentation? I have configured juniper but i suppose i missing something on radius side. You don't say how you configured neither the JUNOS box nor FreeRADIUS. My guess is that you're lacking something on the router: http://www.juniper.net/techpubs/software/junos/junos84/swconfig84-system-basics/id-10674699.html added following in dictionary file. why? They have been in the default dictionary.juniper for ages. Bj?rn -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html End of Freeradius-Users Digest, Vol 28, Issue 55 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: juniper authentication with freeradius
ashish verma [EMAIL PROTECTED] writes: oh.. i didnt have dictionary.juniper file under /etc/freeradius. so i added those lines in dictionary file under /etc/freeradius. and this is my juniper side configuration. authentication-order [ radius password ]; radius-server { 192.168.1.49 { port 1812; accounting-port 1813; secret $9$mTnCOBEyrvO1SeKM-d; ## SECRET-DATA } } You might need to specify the source address here. I.e. radius-server { 192.168.1.49 { port 1812; accounting-port 1813; secret $9$mTnCOBEyrvO1SeKM-d; ## SECRET-DATA source-address 192.168.1.10; } } i tried doing it without specifying the ports as well..but didnt work. under users file i have this edward Auth-type := Local, User-Password = edward Juniper-Local-User-Name = fritz12 Did you define the local user fritz12 on the router? clients.conf contains client 192.168.1.10/24 { secret = secret shortname = junoscope.server.name type = Juniper:nas } That's a somewhat strange entry. I would have expected either 'client 192.168.1.0/24' or 'client 192.168.1.1' Do you get anything in the radius logs, indicating that the connection is OK? Bjørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
juniper authentication with freeradius
hi, it is working now.thanks for your help i was missing the following entry userhttp://www.juniper.net/techpubs/software/junos/junos84/swconfig84-system-basics/id-11121928.html#id-11121928remote {full-name All remote users;uid *uid-value*;class *class-name*;thanks again. On 8/16/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of Freeradius-Users digest... Today's Topics: 1. juniper authentication with freeradius (ashish verma) 2. Re: juniper authentication with freeradius (Bj?rn Mork) 3. Re: Big Problem with peap-mschapv2+freeradius 1.1.7 (Alan DeKok) 4. freeradius stops immediately ([EMAIL PROTECTED]) 5. Re: freeradius stops immediately (Alan DeKok) 6. Enterasys Mac-auth Dynamic-VLAN (Fabrizio Stoppani) -- Message: 1 Date: Thu, 16 Aug 2007 16:00:07 +0530 From: ashish verma [EMAIL PROTECTED] Subject: juniper authentication with freeradius To: freeradius-users@lists.freeradius.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 hi, oh.. i didnt have dictionary.juniper file under /etc/freeradius. so i added those lines in dictionary file under /etc/freeradius. and this is my juniper side configuration. authentication-order [ radius password ]; radius-server { 192.168.1.49 { port 1812; accounting-port 1813; secret $9$mTnCOBEyrvO1SeKM-d; ## SECRET-DATA } } i tried doing it without specifying the ports as well..but didnt work. under users file i have this edward Auth-type := Local, User-Password = edward Juniper-Local-User-Name = fritz12 clients.conf contains client 192.168.1.10/24 { secret = secret shortname = junoscope.server.name type = Juniper:nas } On 8/16/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of Freeradius-Users digest... Today's Topics: 1. Re: juniper authentication with freeradius (Bj?rn Mork) -- Message: 1 Date: Thu, 16 Aug 2007 11:20:09 +0200 From: Bj?rn Mork [EMAIL PROTECTED] Subject: Re: juniper authentication with freeradius To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 ashish verma [EMAIL PROTECTED] writes: I am trying to do juniper m7i router authentication with freeradius. Can someone provide me some documentation? I have configured juniper but i suppose i missing something on radius side. You don't say how you configured neither the JUNOS box nor FreeRADIUS. My guess is that you're lacking something on the router: http://www.juniper.net/techpubs/software/junos/junos84/swconfig84-system-basics/id-10674699.html added following in dictionary file. why? They have been in the default dictionary.juniper for ages. Bj?rn -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html End of Freeradius-Users Digest, Vol 28, Issue 55 -- next part -- An HTML attachment was scrubbed... URL: https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070816/6923e495/attachment-0001.html -- Message: 2 Date: Thu, 16 Aug 2007 12:57:29 +0200 From: Bj?rn Mork [EMAIL PROTECTED] Subject: Re: juniper authentication with freeradius To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 ashish verma [EMAIL PROTECTED] writes: oh.. i didnt have dictionary.juniper file under /etc/freeradius. so i added those lines in dictionary file under /etc/freeradius. and this is my juniper side configuration