Hello Everybody,
I just want to put several login-service in an access-accept packet. If i try
this in the users file :
login_user Auth-Type := Local, User-Password == pass_user
login-service = 50,
login-service = telnet,
Fall-Through = no
It send an acces-racccept with
I have this :
#
# dictionary.erx
#
# Unisphere's broadband RAS
# From Terje Krogdahl [EMAIL PROTECTED]
#
# Version: $Id: dictionary.erx,v 1.1 2001/04/27 15:16:35 aland Exp $
#
VENDOR HUAWEI 2011
ATTRIBUTE hw_Input_Peak_Rate 1 integer HUAWEI
ATTRIBUTE
I have this :
#
# dictionary.erx
#
# Unisphere's broadband RAS
# From Terje Krogdahl [EMAIL PROTECTED]
#
# Version: $Id: dictionary.erx,v 1.1 2001/04/27 15:16:35 aland Exp $
#
VENDOR HUAWEI 2011
ATTRIBUTE hw_Input_Peak_Rate 1 integer HUAWEI
ATTRIBUTE
Hello,
Thank you for your help but I don't understand how you can make it.
Here my configuration that I try:
#Replae The Nas-Ip6address by Proxy-IP
attr_rewrite overwrite_nasip {
attribute = NAS-IP-Address
searchfor = .*
packet= packet
replacewith =
Re-Hello ;-)
I search how i can do this but i don't find...
I want to do this :
If NAS-IP-Address == 192.168.48.0/24 -- Rewrite Calling-station-id to Dev
else
If NAS-IP-Address == 192.168.48.0/24 -- Rewrite Calling-station-id to Prod
else
Do nothing.
fi
fi
I don't know how check the
Called-Station-Id isn't equal to Nas-Ip-Address, it equal to the PC where I
initiate telnet Connection.
It's not equal to my Nas-Ip :(
So, i would change the called-station-id to Nas-Ip-Adress and Nas-Ip-Address to
proxy address.
Any idea ?
Selon [EMAIL PROTECTED]:
OK. If you devices put
Moreover, i use a proxy because in the huntgroup file, i can't use a CIDR
network just a Host IP.
Selon [EMAIL PROTECTED]:
OK. If you devices put their IP addresses in Called-Station-Id field
there is no need to do rewrites. You can use regexp operators to
controll access as
Yes I know but how ? It's not a simple equipment, it's a network
192.168.0.0 / 24 : Users1
192.168.1.0 / 24 : Users2
10.0.0.0 / 8 : Users1
.. (and other networks : 1800 equipments)
If i make this with the huntgroupfile, i will type :
#NAS1 Equipment (Ldap Group : Dev-Equipment)
NAS1
Hello Everybody,
We have several network equipments with radius athentication. We want to limit
the access to several administrators. We use a radius-proxy and a radius server
with a LDAP base.
For example :
We have two NAS : NAS1 and NAS2
Two groups of users USERS1 and USERS2 in the LDAP
Hello,
Here a access-request packet from a Cisco Router (2621) :
NAS-IP-Address = IP_NAS
NAS-Port = 66
NAS-Port-Type = Virtual
User-Name = MyUserLogin
Calling-Station-Id = IP NAS
User-Password = ry\My\Pass/Wo\rd\Hash\Not\Plain\Text`
Why is my
The shared secret is the same because I use a radius Proxy and this proxy
forwards the access-request to my radius server. The problem is the password !
With a password in plain text (Check with H3C 2811 and Cisco 2960 equipmnents).
Thanks for your help !
Nicolas.
Selon Stefan Winter [EMAIL
Here, my radius configuration :
radius-server host RADIUS_IP auth-port 1812 acct-port 1813 key 7 RADUIUS_KEY
radius-server retransmit 1
radius-server timeout 2
Thanks !
Selon Stefan Winter [EMAIL PROTECTED]:
Hm, this means the NAS actually sent this garbage/hash. In this case, it
would
be
:) No because with other devices, the proxy works fine !!
I don 't understand why it doesn't work :(
Selon Peter Nixon [EMAIL PROTECTED]:
On Mon 16 Jul 2007, [EMAIL PROTECTED] wrote:
The shared secret is the same because I use a radius Proxy and this proxy
forwards the access-request to
I'm so sorry ! the Problem was the secret between proxy and the Cisco Device.
Enven if the secret is different, the access-request is forwarded to the radius
server, I didn't know that :(
Thank you very much!!!
Nicolas.
Selon [EMAIL PROTECTED]:
Check then secret in clents.conf on the proxy
Hello Everybody,
I must use the attribute : 29 : Termination-Action with an access-accept
packet. How could I do this ? My Huawei device uses this attribute to allow a
user to manage the switch with a specific level.
Thank you for your assistance !
Best regards,
Nicolas.
-
List
15 matches
Mail list logo
