Hello,
I aim at setting up an IPsec tunnel between an IPsec client and an IPsec
Gateway using IKEv2 and EAP-TLS for authentication.
I am using freeradius as RADIUS server, and the authentication is working well.
Currently the Gateway is assigning an IP address from a specific pool to the
IKEv2
Alan Buxey wrote:
when its done(TM) is there a reason for rush? Theres RADSecProxy which you
can happily
use with FreeRADIUS (we've been using it in production for a year.)
Pushing another RADIUS server on this list? Hmm...
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Groebl, Laurence (Laurence) wrote:
However I’d like the RADIUS server to assign this IP address and send it
within the Access-Accept in the Framed-IP-Address attribute (to avoid
configuring the IPsec Gateway with the tunnel address).
Does the gateway *understand* what it means to have an
Hi,
* Vinh Nguyen vhn2...@gmail.com [2011-03-01 00:37:17-0600]:
something is very strange in my case.
I used the global variable like you pointed out. Then I tested the logic and
it seems like the hash variable isn't cache properly. The data is not
cached. I gave up and tried again in
Hi,
Pushing another RADIUS server on this list? Hmm...
Its just a proxy (well, it might be a bit more but it certainly doesnt have all
the features
and abilities of FreeRADIUS) - think of it as a simple 'hook' to add
functionality to
a 2.0.x or 2.1.x server - much like the special EAP
Hi,
I took this code and modified it, assuming that if the code I wrote before
(which tries to use COL.MISSOURI.EDU as the realm) doesn't work, I can use
the code above to take FOO.MISSOURI.EDU and proxy to the NT domain FOO-USERS,
which is more than just massaging the User-Name field.
hi,
you havent given the full debug...so its pretty much guesswork here with whats
going wrong..
have you added the sql to the authorize section of your server? (uncomment the
entry thats commented by default)
are you using EAP etc? in which case you will also need to uncomment it in the
Alan DeKok al...@deployingradius.com wrote:
Alan Buxey wrote:
when its done(TM) is there a reason for rush? Theres RADSecProxy
which you can happily use with FreeRADIUS (we've been using it in
production for a year.)
Pushing another RADIUS server on this list? Hmm...
Many others
Hello Alan,
Yes, according to the documentation of the Juniper Gateway, the gateway should
be able to understand the Radius attribute 8 Framed-IP-Address in the
Access-Accept message, but it seems that it also need the attribute 88
Framed-Pool.
This is described in Concepts Examples
Hi,
Many others too have suspected that Dr Buxey's loyalties might not be
aligned appropriatelywe could spread malicious rumors suggesting he
butters his bread with MS IAS or Cisco ACS :)
;-) if this is RADIUS users anonymous then hi, my name is Alan
and I admitt to having to use other
On 01/03/11 10:39, Groebl, Laurence (Laurence) wrote:
Hello Alan,
Yes, according to the documentation of the Juniper Gateway, the
gateway should be able to understand the Radius attribute 8
Framed-IP-Address in the Access-Accept message, but it seems that
it also need the attribute 88
Hi List,
Having a bit of trouble following the official freeradius wiki when it comes to
certificates. Basically I have my own certificate which I want to use. I have
a ***.crt file which was sent by my issuer, and a private.pem file which was
created when I made my CSR request using openssl.
Hi
we indeed already tried sending only the Framed-IP-Address in the Access-Accept
and it didn't work, the Gateway didn't assign this address to the IPsec client,
but a default IP address.
I also didn't understand why the Framed-Pool attribute is a must in the Gateway,
Juniper supports only
Matt Langthorpe matt.langtho...@pmb.ox.ac.uk wrote:
Having a bit of trouble following the official freeradius wiki when it
comes to certificates. Basically I have my own certificate which I
want to use. I have a ***.crt file which was sent by my issuer, and a
private.pem file which was
here' my debug output. All i wanted to do is to use perl to authorize. perl
will then interact with the database. during the requests, i wanted to cache
the clients info, instead of writing it to the database since it is short
lived. the client will make many authorize requests, and the cached
Could you send us the output of radiusd -X for a computer auth?
Done. (See previous message with attachment.)
If it works for users it should just work for machines.
Perhaps under certain circumstances, but not for us, apparently. Perhaps it's
the significant difference between the
Hi
I'm trying to configure radiusd.conf Module section to look at more than one
module config. Can get one to work but when I add a second it dosen't work.
below is a copy of my radiusd.conf file.
modules {
#
# Each module has a configuration as follows:
#
#
if ( User-Name =~ /^host\/([^\.])+\.(\S+)$/i ) {
Something's wrong with the regex here. From the config:
if ( User-Name =~ /^host\/([^\.]+)\.(\S+)$/i ) {
From radiusd -X:
User-Name = host/dnps-caplap-4.col.missouri.edu
...
? Evaluating (User-Name =~ /^host\/([^\.]+)\.(\S+)$/i) -
this stuff doesnt touch the User-Name - it just looks at it
and alters the servers proxy choosing behaviour which
is what makes it useful and powerful.
It's not doing it correctly yet. See previous message.
the language is 'unlang' - its a built in parser in
freeradius - making the
Hi,
if ( User-Name =~ /host\/([^\.]+)\.(\S+)/i ) {
update control {
Proxy-To-Realm := %{2}
}
}
if ( User-Name =~ /host\/([^\.]+)\.(\S+)/i ) {
update control {
Hi,
ldap ldap1 {
server = gmcnhs1.glasgowmet.ac.uk
port = 636
...
}
ldap ldap 2 {
^^^
space before '2'
Performed a debug and received.
Proxy-To-Realm := %{2}
Proxy-To-Realm := %{2}
Yeah, I just figured that out. :/ Adjusting and re-testing.
--J
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
if ( User-Name =~ /host\/([^\.]+)\.(\S+)/i ) {
update control {
Proxy-To-Realm := %{2}
}
}
Part of my troubleshooting involved changing the code to this:
if ( User-Name =~ /host\/([^\.]+)\.(\S+)/i ) {
-Original Message-
From: freeradius-users-bounces+jmoe=hatch.com...@lists.freeradius.org
[mailto:freeradius-users-
bounces+jmoe=hatch.com...@lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Tuesday, 1 March 2011 5:51 PM
To: FreeRadius users mailing list
Subject: Re: Clarification
Just a word of warning, manually setting Authtype = ANTHING is usually a bad
idea. FR is really good about figuring out what to do all on its own, if you
force an auth type it will very likely break something else.
Jake Sallee
Network Engineer
University of Mary Hardin-Baylor
Fone:
Hi
I believe that I have setup the FR configs correctly for use with MYSQL, I got
it all working just fine when using a flat file and was able to authenticate
etc with no issues, since moving to SQL I am getting this.
rad_recv: Access-Request packet from host 10.5.5.55 port 57593, id=3,
Hi,
We have setup freeradius for our mobile customers and is also used to
provide IP's to the handsets. We are planning to setup up roaming which
requires Mobile IP's. Can anyone please tell me if freeradius supports
Mobile IP ?
Thanks,
S.
-
List info/subscribe/unsubscribe? See
-Original Message-
From: freeradius-users-bounces+jmoe=hatch.com...@lists.freeradius.org
[mailto:freeradius-users-
bounces+jmoe=hatch.com...@lists.freeradius.org] On Behalf Of Sallee,
Stephen (Jake)
Sent: Wednesday, 2 March 2011 8:36 AM
To: FreeRadius users mailing list
Subject:
On Wed, Mar 2, 2011 at 5:48 AM, Chris Kilian
chris.kil...@seccomglobal.com wrote:
Hi
I believe that I have setup the FR configs correctly for use with MYSQL,
How did you determine that you have set it up CORRECTLY?
I got it all working just fine when using a flat file and was able to
Moe, John wrote:
Yeah, the information in that one is, as you said, simple and just enough.
However, it doesn't address either of the two questions I asked.
1) Is setting Auth-Type = ntlm_auth the correct way for doing what I want,
or have I mis-configured something so that FreeRadius could
Groebl, Laurence (Laurence) wrote:
Hello Alan,
Yes, according to the documentation of the Juniper Gateway, the gateway
should be able to understand the Radius attribute 8 Framed-IP-Address in
the Access-Accept message, but it seems that it also need the attribute 88
Framed-Pool.
This
Shreya Shah wrote:
We have setup freeradius for our mobile customers and is also used to
provide IP's to the handsets. We are planning to setup up roaming which
requires Mobile IP's. Can anyone please tell me if freeradius supports
Mobile IP ?
What does the documentation say?
And what
32 matches
Mail list logo