RE: Authorising Clients by Calling Station ID Not IP

://sourceforge.net/apps/trac/hotcakes/wiki/YfiTechDynamicClients https://sourceforge.net/apps/trac/hotcakes/wiki/YfiTechDynamicClients Cheers -- View this message in context: http://freeradius.1045715.n5.nabble.com/Authorising-Clients-by-Calling-Station-ID-Not-IP-tp4883866p4986728.html Sent from

RE: Authorising Clients by Calling Station ID Not IP

You are an asset to the community! I've just read through and it's fantastic - just what I and many others need for sure. Am going to have a play now :) -- View this message in context: http://freeradius.1045715.n5.nabble.com/Authorising-Clients-by-Calling-Station-ID-Not-IP-tp4883866p4986852

Re: Authorising Clients by Calling Station ID Not IP

successul in acheiving this. I look forward to hearing your results! -- View this message in context: http://freeradius.1045715.n5.nabble.com/Authorising-Clients-by-Calling-Station-ID-Not-IP-tp4883866p4981116.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info

Re: Authorising Clients by Calling Station ID Not IP

Hi, not had much chance to do much recently. The aim's to take a peek this afternoon. Will report back after -- View this message in context: http://freeradius.1045715.n5.nabble.com/Authorising-Clients-by-Calling-Station-ID-Not-IP-tp4883866p4981123.html Sent from the FreeRadius - User mailing

RE: Authorising Clients by Calling Station ID Not IP

That would be greatly appreciated, thanks! -- View this message in context: http://freeradius.1045715.n5.nabble.com/Authorising-Clients-by-Calling-Station-ID-Not-IP-tp4883866p4981135.html Sent from the FreeRadius - User mailing list archive at Nabble.com.- List info/subscribe/unsubscribe? See

Re: Authorising Clients by Calling Station ID Not IP

Cool, thanks I'll download now and take a look J -- View this message in context: http://freeradius.1045715.n5.nabble.com/Authorising-Clients-by-Calling-Station-ID-Not-IP-tp4883866p4943676.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe

Re: Authorising Clients by Calling Station ID Not IP

On 2011/10/24 09:06 PM, Jennyanydots Napoleon Shoehorn wrote: OH! I've looked too many lines of code over the last week. I have no idea how to patch but will investigate. Was thinking we might have to use nas-id instead. The ultimate intention was to use the mac address of the nas and a

Re: Authorising Clients by Calling Station ID Not IP

` FROM `radhuntgroup` WHERE UPPER(REPLACE(LEFT(`nasipaddress`,17),':',''))=UPPER(REPLACE(LEFT('%{Called-Station-Id}',17), '-', ''))} -- View this message in context: http://freeradius.1045715.n5.nabble.com/Authorising-Clients-by-Calling-Station-ID-Not-IP-tp4883866p4931487.html Sent from

Re: Authorising Clients by Calling Station ID Not IP

clients?? Jenny -- View this message in context: http://freeradius.1045715.n5.nabble.com/Authorising-Clients-by-Calling-Station-ID-Not-IP-tp4883866p4931764.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org

Re: Authorising Clients by Calling Station ID Not IP

-by-Calling-Station-ID-Not-IP-tp4883866p4931798.html To unsubscribe from Authorising Clients by Calling Station ID Not IP, click here. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Authorising-Clients-by-Calling-Station-ID-Not-IP-tp4883866p4933540.html Sent from

Re: Authorising Clients by Calling Station ID Not IP

On 10/24/2011 07:02 PM, JennyBlunt wrote: If I put in default authorize section, the called-station-id is present. What I just don't understand is why it doesn't work in dynamic hosts and As per the comments in the sample dynamic-clients: # The request that is processed through this section

Re: Authorising Clients by Calling Station ID Not IP

OH! I've looked too many lines of code over the last week. I have no idea how to patch but will investigate. Was thinking we might have to use nas-id instead. The ultimate intention was to use the mac address of the nas and a nas specific shared secret. In your opinion, are there better ways

Re: Authorising Clients by Calling Station ID Not IP

On Tue, Oct 25, 2011 at 2:06 AM, Jennyanydots Napoleon Shoehorn jennyshoeh...@me.com wrote: In your opinion, are there better ways to deal with dynamic clients? Use Packet-Src-IP-Address -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Authorising Clients by Calling Station ID Not IP

On 10/24/2011 08:06 PM, Jennyanydots Napoleon Shoehorn wrote: The ultimate intention was to use the mac address of the nas and a nas specific shared secret. Do you really need a per-NAS secret? In your opinion, are there better ways to deal with dynamic clients? It depends. Can you

Re: Authorising Clients by Calling Station ID Not IP

We started this conversation because we can't use the packet-src-ip address. Hence the requirement for dynamic hosts? On 24 Oct 2011, at 20:28, Fajar A. Nugraha wrote: On Tue, Oct 25, 2011 at 2:06 AM, Jennyanydots Napoleon Shoehorn jennyshoeh...@me.com wrote: In your opinion, are there

Re: Authorising Clients by Calling Station ID Not IP

to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/Authorising-Clients-by-Calling-Station-ID-Not-IP-tp4883866p4933898.html To unsubscribe from Authorising Clients by Calling Station ID Not IP, click here. -- View this message in context

Re: Authorising Clients by Calling Station ID Not IP

Jennyanydots Napoleon Shoehorn wrote: We started this conversation because we can't use the packet-src-ip address. Hence the requirement for dynamic hosts? RADIUS works by using the source IP of the packet. If you want something else, set up SSH or SSL tunnels, and forward the RADIUS

Re: Authorising Clients by Calling Station ID Not IP

On 10/24/2011 08:45 PM, JennyBlunt wrote: Hello Phil I guess we don't need a per NAS secret but thought it might help block any customers we don't need. We have a load of wifi hotspots on dynamic ips. We know all their nas Ok, that's about the hardest case I'm afraid. If you have the option

Re: Authorising Clients by Calling Station ID Not IP

This is very interesting, really appreciate the replies. Other than using a VPN, how do other wifi providers actually operate securely? J On 24 Oct 2011, at 21:04, Phil Mayers wrote: On 10/24/2011 08:45 PM, JennyBlunt wrote: Hello Phil I guess we don't need a per NAS secret but thought it

Re: Authorising Clients by Calling Station ID Not IP

On 24 Oct 2011, at 23:09, Jennyanydots Napoleon Shoehorn wrote: This is very interesting, really appreciate the replies. Other than using a VPN, how do other wifi providers actually operate securely? They don't :) It's either VPN or same shared secret. If your equipment is running

Re: Authorising Clients by Calling Station ID Not IP

Fantastic news ;) !! We use some ddwrt, openwrt routers, coovap (ubuntu) and higher end Meraki / Ruckus stuff. Might be a pain to configure each. What about the idea of a common shared secret and then assigning a 'network' or huntgroup to each user. We could then block end users authenticating

Re: Authorising Clients by Calling Station ID Not IP

-by-Calling-Station-ID-Not-IP-tp4883866p4927984.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html