juniper authentication with freeradius
Hi, I am trying to do juniper m7i router authentication with freeradius. Can someone provide me some documentation? I have configured juniper but i suppose i missing something on radius side. added following in dictionary file. VENDOR Juniper 2636 ATTRIBUTE Juniper-Local-User-Name 1 string Juniper ATTRIBUTE Juniper-Allow-Commands 2 string Juniper ATTRIBUTE Juniper-Deny-Commands 3 string Juniper Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: juniper authentication with freeradius
ashish verma [EMAIL PROTECTED] writes: I am trying to do juniper m7i router authentication with freeradius. Can someone provide me some documentation? I have configured juniper but i suppose i missing something on radius side. You don't say how you configured neither the JUNOS box nor FreeRADIUS. My guess is that you're lacking something on the router: http://www.juniper.net/techpubs/software/junos/junos84/swconfig84-system-basics/id-10674699.html added following in dictionary file. why? They have been in the default dictionary.juniper for ages. Bjørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
juniper authentication with freeradius
hi,
oh.. i didnt have dictionary.juniper file under /etc/freeradius.
so i added those lines in dictionary file under /etc/freeradius.
and this is my juniper side configuration.
authentication-order [ radius password ];
radius-server {
192.168.1.49 {
port 1812;
accounting-port 1813;
secret $9$mTnCOBEyrvO1SeKM-d; ## SECRET-DATA
}
}
i tried doing it without specifying the ports as well..but didnt work.
under users file i have this
edward Auth-type := Local, User-Password = edward
Juniper-Local-User-Name = fritz12
clients.conf contains
client 192.168.1.10/24 {
secret = secret
shortname = junoscope.server.name
type = Juniper:nas
}
On 8/16/07, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Send Freeradius-Users mailing list submissions to
freeradius-users@lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than Re: Contents of Freeradius-Users digest...
Today's Topics:
1. Re: juniper authentication with freeradius (Bj?rn Mork)
--
Message: 1
Date: Thu, 16 Aug 2007 11:20:09 +0200
From: Bj?rn Mork [EMAIL PROTECTED]
Subject: Re: juniper authentication with freeradius
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=iso-8859-1
ashish verma [EMAIL PROTECTED] writes:
I am trying to do juniper m7i router authentication with freeradius.
Can someone provide me some documentation?
I have configured juniper but i suppose i missing something on radius
side.
You don't say how you configured neither the JUNOS box nor FreeRADIUS.
My guess is that you're lacking something on the router:
http://www.juniper.net/techpubs/software/junos/junos84/swconfig84-system-basics/id-10674699.html
added following in dictionary file.
why? They have been in the default dictionary.juniper for ages.
Bj?rn
--
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest, Vol 28, Issue 55
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: juniper authentication with freeradius
ashish verma [EMAIL PROTECTED] writes:
oh.. i didnt have dictionary.juniper file under /etc/freeradius.
so i added those lines in dictionary file under /etc/freeradius.
and this is my juniper side configuration.
authentication-order [ radius password ];
radius-server {
192.168.1.49 {
port 1812;
accounting-port 1813;
secret $9$mTnCOBEyrvO1SeKM-d; ## SECRET-DATA
}
}
You might need to specify the source address here. I.e.
radius-server {
192.168.1.49 {
port 1812;
accounting-port 1813;
secret $9$mTnCOBEyrvO1SeKM-d; ## SECRET-DATA
source-address 192.168.1.10;
}
}
i tried doing it without specifying the ports as well..but didnt work.
under users file i have this
edward Auth-type := Local, User-Password = edward
Juniper-Local-User-Name = fritz12
Did you define the local user fritz12 on the router?
clients.conf contains
client 192.168.1.10/24 {
secret = secret
shortname = junoscope.server.name
type = Juniper:nas
}
That's a somewhat strange entry. I would have expected either
'client 192.168.1.0/24' or 'client 192.168.1.1'
Do you get anything in the radius logs, indicating that the connection
is OK?
Bjørn
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
juniper authentication with freeradius
hi,
it is working now.thanks for your help
i was missing the following entry
userhttp://www.juniper.net/techpubs/software/junos/junos84/swconfig84-system-basics/id-11121928.html#id-11121928remote
{full-name
All remote users;uid *uid-value*;class *class-name*;thanks again.
On 8/16/07, [EMAIL PROTECTED]
[EMAIL PROTECTED]
wrote:
Send Freeradius-Users mailing list submissions to
freeradius-users@lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than Re: Contents of Freeradius-Users digest...
Today's Topics:
1. juniper authentication with freeradius (ashish verma)
2. Re: juniper authentication with freeradius (Bj?rn Mork)
3. Re: Big Problem with peap-mschapv2+freeradius 1.1.7 (Alan DeKok)
4. freeradius stops immediately ([EMAIL PROTECTED])
5. Re: freeradius stops immediately (Alan DeKok)
6. Enterasys Mac-auth Dynamic-VLAN (Fabrizio Stoppani)
--
Message: 1
Date: Thu, 16 Aug 2007 16:00:07 +0530
From: ashish verma [EMAIL PROTECTED]
Subject: juniper authentication with freeradius
To: freeradius-users@lists.freeradius.org
Message-ID:
[EMAIL PROTECTED]
Content-Type: text/plain; charset=iso-8859-1
hi,
oh.. i didnt have dictionary.juniper file under /etc/freeradius.
so i added those lines in dictionary file under /etc/freeradius.
and this is my juniper side configuration.
authentication-order [ radius password ];
radius-server {
192.168.1.49 {
port 1812;
accounting-port 1813;
secret $9$mTnCOBEyrvO1SeKM-d; ## SECRET-DATA
}
}
i tried doing it without specifying the ports as well..but didnt work.
under users file i have this
edward Auth-type := Local, User-Password = edward
Juniper-Local-User-Name = fritz12
clients.conf contains
client 192.168.1.10/24 {
secret = secret
shortname = junoscope.server.name
type = Juniper:nas
}
On 8/16/07, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Send Freeradius-Users mailing list submissions to
freeradius-users@lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than Re: Contents of Freeradius-Users digest...
Today's Topics:
1. Re: juniper authentication with freeradius (Bj?rn Mork)
--
Message: 1
Date: Thu, 16 Aug 2007 11:20:09 +0200
From: Bj?rn Mork [EMAIL PROTECTED]
Subject: Re: juniper authentication with freeradius
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=iso-8859-1
ashish verma [EMAIL PROTECTED] writes:
I am trying to do juniper m7i router authentication with freeradius.
Can someone provide me some documentation?
I have configured juniper but i suppose i missing something on radius
side.
You don't say how you configured neither the JUNOS box nor FreeRADIUS.
My guess is that you're lacking something on the router:
http://www.juniper.net/techpubs/software/junos/junos84/swconfig84-system-basics/id-10674699.html
added following in dictionary file.
why? They have been in the default dictionary.juniper for ages.
Bj?rn
--
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest, Vol 28, Issue 55
-- next part --
An HTML attachment was scrubbed...
URL:
https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070816/6923e495/attachment-0001.html
--
Message: 2
Date: Thu, 16 Aug 2007 12:57:29 +0200
From: Bj?rn Mork [EMAIL PROTECTED]
Subject: Re: juniper authentication with freeradius
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=iso-8859-1
ashish verma [EMAIL PROTECTED] writes:
oh.. i didnt have dictionary.juniper file under /etc/freeradius.
so i added those lines in dictionary file under /etc/freeradius.
and this is my juniper side configuration
