Hi all
Is it possible for Freeradius to accept a NAS by the MAC address instead
of the IP? I'm using sql to authenticate my NAS's and I haven't read of
any way of doing this
Thanks in advance
Neil
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Read the documentation of your NAS, it might expect certain attribute/value
pairs in the reply that you're not sending.
Maybe the NAS has some debugging features also?
--
Regards,
Thor Spruyt
E: [EMAIL PROTECTED]
W: www.thor-spruyt.com
M: +32 (0)475 67 22 65
Bestel nu uw exemplaar van
Would everybody please be so kind as to stop replying on this crap please?
Thanx!
--
Regards,
Thor Spruyt
E: [EMAIL PROTECTED]
W: www.thor-spruyt.com
M: +32 (0)475 67 22 65
Bestel nu uw exemplaar van Operationele verkoop (Walter Spruyt -
Liesbeth Huysmans) via www.salesguide.be Ontdek de Telenet
Neil Craig wrote:
Is it possible for Freeradius to accept a NAS by the MAC address
instead
of the IP? I'm using sql to authenticate my NAS's and I haven't read
of
any way of doing this
No it's not possible.
Would be possible if freeradius would be programmed for it.
What I don't understand if
Same here...
Ray
- Original Message -
From: Carl [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, December 04, 2004 4:33 AM
Subject: Re: Help with Cisco 1200 AP and FreeRadius
There are no packets being passed to the Radius Server
Thor Spruyt wrote:
Carl wrote:
I'm using a
[EMAIL PROTECTED] 12/05/04 9:40 AM
Neil Craig wrote:
Is it possible for Freeradius to accept a NAS by the MAC address
instead
of the IP? I'm using sql to authenticate my NAS's and I haven't read
of
any way of doing this
No it's not possible.
Would be possible if freeradius would be
Also sprach Michael Griego:
On Sat, 2004-12-04 at 21:16, Peter T. Breuer wrote:
No I haven't. I'm sure radius is fine. OTOH I'm quite sure the rfc is
probably a load of badly written rubbish, because they normally are.
So? Is there something new? Have you read a rfc lately? I certainly
Also sprach Anson Rinesmith:
If you feel so strongly about changes needing to be made, then why not make
an official comment to the RFC and try to make things better? An RFC is, by
the way, a Request For Clarification.
I don't feel at all strongly about it. I feel about as strongly about
it
Neil Craig wrote:
For places that have a non static IP then I thought MAC auth would
make
sense - so no matter what the IP changed to I could still authenticate
them...
You can do that by defining all possible IPs as clients.
But the downside is that you'll have to open you radius server to accept
I 've configured the following format to rlm_passwd:
passwd: format =
*User-Name:User-Password:=Port-Limit:Simultaneous-Use:,NAS-Port-Type
password line:
kkalev:PASSWD:1:1:Async,ISDN
DEBUG OUTPUT:
rlm_passwd: Added User-Password: 'PASSWD' to config_items
rlm_passwd: Added Simultaneous-Use: '1'
[EMAIL PROTECTED] 05/12/2004 13:32:26
Neil Craig wrote:
For places that have a non static IP then I thought MAC auth would
make
sense - so no matter what the IP changed to I could still
authenticate
them...
You can do that by defining all possible IPs as clients.
But the downside is that
Kostas Kalevras [EMAIL PROTECTED] wrote:
That value should be configurable at some point. It was selected
somewhat large so that radrelay didn't create problems to slow
radius servers when it started sending a large detail file.
It should instead send packets as fast as the server
Neil Craig wrote:
How do you go about setting a tunnel up? Just like a VPN connection
between NAS and Server?
Yes indeed, you can use whatever tunnel which can handle dynamic IPs at the
NAS side.
What kind of tunnel and how to accomplish that is outside the scope of this
list.
--
Regards,
Thor
On Sun, 5 Dec 2004, Bruno Lague wrote:
Kostas Kalevras [EMAIL PROTECTED] wrote:
That value should be configurable at some point. It was selected
somewhat large so that radrelay didn't create problems to slow
radius servers when it started sending a large detail file.
It should instead send
Hi all,
i have some problems starting
Freeradius.
I'm using Freeradius 1.0.1 on Debian 3.1 and some
Win2k Clients.
Compiling without errors.
Here the Output
linux:~# /usr/local/radius/sbin/rc.radiusd
startStarting FreeRADIUS:Sun Dec 5 21:43:58 2004 : Info: Starting -
reading
Kostas Kalevras [EMAIL PROTECTED] wrote:
threading sound like an idea yes. Another idea is to get load-balancing code
inside freeradius. Then you could do something like the following:
...
~ 40 lines of code in src/main/mod*.c
It's pretty trivial. Copy the pick a random element from a
I 've configured the following format to rlm_passwd:
passwd: format =
*User-Name:User-Password:=Port-Limit:Simultaneous-Use:,NAS-Port-Type
I don't think that's supported. The * field has to be one of the
things in the comma-separated list.
From what i 've understood from the
First thing, Alan thanks for your help on the Libtool issue I had
which didn't give me a working radclient.
I have put up some information at
http://home.sw.rr.com/jguidroz/radius.html about my configuration and
successes with using FreeRADIUS on Mac OS X Server 10.3.6.
Brief information from
I have a situation with users being able to login using various case letters
in there logins and bypassing Simultaneous Use even though Simultaneous
Use is in effect.
For example I have a user account named dean.
dean can login with his account info and everything is great.
I can attempt to
Nick Marino [EMAIL PROTECTED] wrote:
I have a situation with users being able to login using various case letters
in there logins and bypassing Simultaneous Use even though Simultaneous
Use is in effect.
Yeah... I've been discussing some changes to radutmp with Kostas
that will also fix
[EMAIL PROTECTED]
Good day to all ...
Can you help me with this error in our
radius.log
1. Mon Dec 6 10:47:07 2004 : Error:
Dropping packet from client pldt-clark:1645 - ID: 119 due to dead request
29357
2. Mon Dec 6 10:47:27 2004 : Error:
rlm_sql_getvpdata: database query errorMon
- Original Message -
From: Alan DeKok [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, December 05, 2004 9:02 PM
Subject: [radius] Re: FR ignoring case and Simultaneous Use
Nick Marino [EMAIL PROTECTED] wrote:
I have a situation with users being able to login using various case
Hi
all: I would like use freeradius to
authenticate telnet service intocisco. Its work after setup. So now my
further questionsare .
1. How i configure
the command authorization with freeradius? which mean i only allow user to enter
certain command during the telnet session.
2. How i build
1.
To do thi is not trivial. It will require
you to put all the commands that you want the users to execute in a custom
command level on the cisco router. For example you can think of all the allowed
commands and put them in level 5.
Once you do that, you can now use radius
to authorize
How to add a module to authorize a request ? Does freeradius support it
,or I need to modify the source code myself?
xuxu
[EMAIL PROTECTED]
2004-12-06
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi: Thanks for your
reply. This make thing more clear to me, it more to cisco part,how about
the radius?
This is what i set in the user
file.
test
Auth-Type:=Local, User-Password == "123"
Service-Type
= NAS-Prompt-User
1But then how i configure the radius part
so that it will
Please send mail in PLAIN TEXT next time!
1) This means the NAS resent a request because it didn't receive an answer
on the first request it sent. Freeradius ignores it because it notices that
the request is already being handled. You should be able to configure this
in your NAS.
2) You have
You haven't generated the certificate files for EAP-TLS. If you're
using EAP-TLS, either run the scripts/certs.sh script as it says in the
config file or manually generate your own certificates. If you are not
going to be using EAP-TLS or any of its sub-types, then you can comment
out the
If you do plan on using EAP-TLS, you need to uncomment certificate_file.
On Sun, 05 Dec 2004 16:05:20 -0600, Michael Griego [EMAIL PROTECTED] wrote:
You haven't generated the certificate files for EAP-TLS. If you're
using EAP-TLS, either run the scripts/certs.sh script as it says in the
29 matches
Mail list logo