On 23/9/2013 3:14 μμ, Free-Radius wrote:
I wonder if the Freeradius to authenticate a client by IP number,
without using login and password, only the IP. If possible, how to do?
You can authenticate a client based on MAC Address. See
http://wiki.freeradius.org/guide/Mac-Auth for various
Hi,
I would like to ask how we can direct FR dhcp server (using an ldap
backend) to relay to another dhcp server.
The idea is that we have a db of known MAC addresses which have an
associated VLAN (assigned during MAC Auth) and a static IP address
(assigned through FR dhcp server). If a MAC
On 19/9/2013 3:40 μμ, Alan DeKok wrote:
In 2.2.1, it can handle dynamic IP allocation. See
raddb/sites-available/dhcp. Look for pool.
Thanks. I guess it is supported in 3.0.0 as well ?
Nick
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 31/8/2013 12:03 πμ, Arran Cudbard-Bell wrote:
1. Is DHCP functionality supported against an LDAP Server (in v2.2.0)?
Yes.
I am having a hard time trying to adapt the example at:
http://wiki.freeradius.org/guide/dhcp-for-static-ip-allocation to work
from ldap.
We are starting from a
On 13/9/2013 8:40 μμ, Arran Cudbard-Bell wrote:
If you do it the way I suggested I highly recommend you use V3.0.0
(release_branch_3.0.0 or master/HEAD) instead, as the list/attribute handling
is much better.
Thanks,
I'll look into rlm_cache.
I wonder if anyone in this list has created a
On 13/9/2013 9:35 μμ, Nikolaos Milas wrote:
Where can I find the v3.0.0 source branch?
Oh, I found it and it includes a spec file for redhat:
https://github.com/FreeRADIUS/freeradius-server/tree/release_branch_3.0.0/redhat
Is the spec file in a well-working condition? (I might test
Hello,
I am trying to use
http://www.packetfence.org/downloads/PacketFence/freeradius/freeradius-2.2.0-2.el6.src.rpm
to create custom FreeRadius RPMs for RHEL/CentOS 6.
The main aim is to add --with-dhcp compile option which is not included
in the standard build.
The secondary aim is to
On 12/9/2013 11:47 πμ, Arran Cudbard-Bell wrote:
--with-rlm-ldap-lib-dir=
--with-rlm-ldap-include-dir=
Top level configure.
Thanks Arran,
It worked! I have built and installed the new RPMs and things are
working OK.
Interestingly, trying to build with the default system libs was
On 12/9/2013 2:46 μμ, Arran Cudbard-Bell wrote:
Your linker's search path doesn't include the directory the libraries are in.
Hmm, it seems the path is included but the ldap libs therein are not
used because there is an override in /etc/ld.so.conf:
# ldconfig -v | grep -v ^$'\t'
On 31/8/2013 5:57 μμ, Nikolaos Milas wrote:
I'll look into DHCP...
Looking at the sites-available/dhcp example setup (on v2.2.0) I see that
the DHCP code is not production-ready.
Based on user feedback and on your involvement with next FreeRadius
release(s) development, do you expect
On 11/9/2013 5:05 μμ, Arran Cudbard-Bell wrote:
Define production-ready...
Production-ready DHCP Server: A DHCP Server that can be used as such in
a real-life, mission-critical, organizational environment, i.e. in a
network where clients (hosts) will only get an IP address if and only if
On 31/8/2013 12:03 πμ, Arran Cudbard-Bell wrote:
1. Is DHCP functionality supported against an LDAP Server (in v2.2.0)?
Yes.
2. If so, is there a planned freeradius ldap schema change (in future
versions) to include DHCP-* attributes?
No. But you're welcome to submit a pull request.
On 31/8/2013 5:27 μμ, Alan DeKok wrote:
...
Thank you for your clear answers.
I'll look into DHCP and see how I can instruct our Cisco switches send
the Framed-IP-Address attribute.
Thanks again both for the clarifications and for providing FreeRadius to us.
Regards,
Nick
-
List
Hello,
A couple of quick questions.
1. Is DHCP functionality supported against an LDAP Server (in v2.2.0)?
2. If so, is there a planned freeradius ldap schema change (in future
versions) to include DHCP-* attributes?
Please advise.
Thanks,
Nick
-
List info/subscribe/unsubscribe? See
On 24/8/2013 12:00 μμ, Nikolaos Milas wrote:
...and then I could simply use my *exact current configuration* by
simply changing the ldap filter to:
filter =
((macAddress=%{Calling-Station-Id})(radiusNASIpAddress=%{NAS-IP-Address})(radiusHint=%{NAS-Port}))
I tested this and it works. (Yet
On 26/8/2013 12:15 μμ, Arran Cudbard-Bell wrote:
No. It's a really inefficient way of doing this.
Thanks Arran,
Yet, would it be logically/technically correct?
Use generic attribute maps or an update ldap schema to pull the necessary
values into control attributes,
and then do the
On 26/8/2013 2:15 μμ, Arran Cudbard-Bell wrote:
Unless you are querying different DNs for the different Mac-Auth types then
doing this is the wrong way to approach this.
the presence of the attributes in the LDAP object to dictate what type of
authorisation you're doing.
Thanks Arran,
I
On 23/8/2013 9:19 μμ, Arran Cudbard-Bell wrote:
It'll either be in NAS-Port or NAS-Port-ID if the NAS is providing that
information.
Thanks Arran,
It was NAS-Port indeed. Strangely enough, this is not included either in
ldap.attrmap or the freeradius schema. Shouldn't it (and other
On 24/8/2013 12:00 μμ, Nikolaos Milas wrote:
...and then I could simply use my *exact current configuration* by
simply changing the ldap filter to:
filter =
((macAddress=%{Calling-Station-Id})(radiusNASIpAddress=%{NAS-IP-Address})(radiusHint=%{NAS-Port}))
...provided that I am storing
On 14/8/2013 2:39 μμ, Arran Cudbard-Bell wrote:
and in sites-enabled/default:
authorize {
preprocess
chap
mschap
digest
suffix
Do you need all these? Are you ever going to be doing chap/mschap/digest in the
outer server?
First, thanks for the reply.
On 23/8/2013 7:25 μμ, Arran Cudbard-Bell wrote:
See ldap_xlathttp://wiki.freeradius.org/modules/Rlm_ldap
Use a query that searches for the value of NAS-IP-Address in the user object in
a custom attribute.
If the query expands to something other than a zero length string, the
attribute
Hi,
I am using FreeRadius v2.2.0 on CentOS 6.4 x86_64.
I am trying to adapt Plain Mac-Auth as described at:
http://wiki.freeradius.org/guide/Mac-Auth to work work from LDAP.
(Note: The server is also used for eduroam and is going to be used for
802.1x too.)
My setup follows below.
The
On 7/5/2013 2:37 μμ, Michael Schwartzkopff wrote:
http://vuksan.com/linux/dot1x/802-1x-LDAP.html
Thank you Michael for your valuable feedback, esp. the link above.
By the way, I've been pointed to: http://www.packetfence.org for a more
integrated system, which also supports 802.1x and it
Hello,
We would like to enforce authentication for all clients connecting to
our network (wired or wireless), so that when a client connects, the
client will not be able to use the network unless it successfully
authenticates (e.g. via web) with a valid account (LDAP-based).
We have a
24 matches
Mail list logo