Hi,
while using radtest, I got some strange results:
# ./radtest swinter testpwd [::1] 123 testing123
radclient: Failed to find IP address for host ::1: Success
# ./radtest swinter testpwd ipv6-localhost 123 testing123
radclient: Failed to find IP address for host ipv6-localhost: Success
Hi,
I want to make all the IPv6 address in a network to access
the radius without specifying the individual ips in client.conf, because I
am using DHCP server assigned IPs for clients.
Whenever I add individual ip’s it’s working fine. But not,
with below
Stefan Winter wrote:
while using radtest, I got some strange results:
# ./radtest swinter testpwd [::1] 123 testing123
radclient: Failed to find IP address for host ::1: Success
It defaults to IPv4.
# ./radtest swinter testpwd ipv6-localhost 123 testing123
radclient: Failed to find IP
Hi,
sorry, I am completely new to Radius …
I want to change a FreeRadius server to authenticate a few hosts by their
hostnames.
The hostnames would be stored in a config file.
How could I do this?
This is the authentication request:
rad_recv: Access-Request packet from host 10.10.10.21 port
Stefan Sticht wrote:
I want to change a FreeRadius server to authenticate a few hosts by their
hostnames.
The hostnames would be stored in a config file.
That's not how RADIUS works.
How could I do this?
You can't.
This is the authentication request:
...
EAP-Message =
On 22 Jul 2013, at 13:32, Stefan Winter stefan.win...@restena.lu wrote:
Hi,
Does radtest not support IPv6? I could have sworn it did IPv6 earlier,
but not totally sure.
ahem
-4 Use IPv4 for the NAS address (default)
-6 Use IPv6 for the
Hi,
Does radtest not support IPv6? I could have sworn it did IPv6 earlier,
but not totally sure.
ahem
-4 Use IPv4 for the NAS address (default)
-6 Use IPv6 for the NAS address
Uh. Sorry.
Still... maybe for a later version... if the
On 22/07/13 13:47, Arran Cudbard-Bell wrote:
It'd be nice to get some feedback from people though... do you think
you'll ever need to record both your NAS IPv4 and IPv6 addresses?
I'm guessing for dual stacking it'd be nice to record
Framed-IP-Address and Framed-IPv6-Prefix, should they both
On 22 Jul 2013, at 14:15, Phil Mayers p.may...@imperial.ac.uk wrote:
On 22/07/13 13:47, Arran Cudbard-Bell wrote:
It'd be nice to get some feedback from people though... do you think
you'll ever need to record both your NAS IPv4 and IPv6 addresses?
I'm guessing for dual stacking it'd be
On Mon, Jul 22, 2013 at 04:44:29PM +0200, Marco Aresu wrote:
here the debug after authentication:
Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password secret
[pap] Using CRYPT password
Stefan Winter wrote:
Still... maybe for a later version... if the input looks like an IP
address, guessing the address family isn't all that hard.
Yeah patches? :)
I see that such a -4 -6 option is required for hostnames, but even then
only if they return addresses for both families.
On 22/07/13 14:32, Arran Cudbard-Bell wrote:
On 22 Jul 2013, at 14:15, Phil Mayers p.may...@imperial.ac.uk
wrote:
On 22/07/13 13:47, Arran Cudbard-Bell wrote:
It'd be nice to get some feedback from people though... do you
think you'll ever need to record both your NAS IPv4 and IPv6
Marco Aresu wrote:
i am getting some problem with authorization in free radius
i configured the users file as below :
DEFAULT Auth-Type := System
cisco Auth-Type := System
Service-Type = NAS-Prompt-User
cisco-avpair = shell:priv-lvl=15,
Is it
here the debug after authentication:
Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password secret
[pap] Using CRYPT password
Hi All
i am getting some problem with authorization in free radius
i configured the users file as below :
DEFAULT Auth-Type := System
cisco Auth-Type := System
Service-Type = NAS-Prompt-User
cisco-avpair = shell:priv-lvl=15,
When i try to login into a switch
Marco Aresu wrote:
here the debug after authentication:
If you're not going to follow instructions, you shouldn't be posting
questions on this list.
Since you're not willing to post the full debug output here, we can't
help you. Go read it yourself.
i don't understand when he tried to
the only file to edit for the authorization is the Users file?
thanks
Marco
Marco Aresu
On 22 July 2013 17:03, Alan DeKok al...@deployingradius.com wrote:
Marco Aresu wrote:
here the debug after authentication:
If you're not going to follow instructions, you shouldn't be posting
i created two users on freeradius server and when i tried to login with the
new user that is not specify in the USERS file i ve got the same error
Authorization Failed
I think that i am editing the wrong USERS file but the directory is
/etc/raddb/users
Marco Aresu
On 22 July 2013 17:19,
Yes it does.
We found the solution by creating a rule that maps all the BSSID related
to some SSID and then we do a specific filter to LDAP, so we did it for
every SSID.
Thanks for the help!
Atenciosamente,
Gustavo Vieira Oliveira
GETIC - Gerência de Tecnologia da Informação
SUSERV -
Is there a way to tell radius to not do something based on the User-Name
containing a $ ? I am doing dynamic VLAN assignment and I'd like to skip
that for computer logins. I looked at unlang and I didn't see a way to
check for a character in a username.
Tena Gore
Senior Network Administrator
N
evermind, I figured out a way to do what I needed. Thanks!
Tena Gore
Senior Network Administrator
Technology Support Services
Fairfield-Suisun Unified School District
te...@fsusd.org
707-399-1200
On Mon, Jul 22, 2013 at 11:20 AM, Tena Gore te...@fsusd.org wrote:
Is there a way to tell
Hi,
you sending the wrong attributes or your switchconfig is not correct.
The switch needs for authorization only these two attributes:
Service-Type := Login
Cisco-AVPair := shell:priv-lvl=15
And this is the working aaa config:
aaa new-model
aaa authentication login default group
Hi,
Is there a way to tell radius to not do something based on the User-Name
containing a $ ? I am doing dynamic VLAN assignment and I'd like to skip
that for computer logins. I looked at unlang and I didn't see a way to
check for a character in a username.
use unlang regex
Hi,
Still... maybe for a later version... if the input looks like an IP
address, guessing the address family isn't all that hard.
unlike your using IPv4 in its IPv6 incantation
What if the NAS started just using the SRC IPv6 address in packets, and
source IP protection was enabled?
Hi,
My guess is dual-stack NAS-RADIUS is going to be rare.
ummm. take a hold on that assertion. the joy of dual-stack deployment
is that you need to ensure your servers are ready on IPv4 and IPv6 -
and as part of that, you need to ensure that your using both methods
in case either your IPv4
FYI I've packaged this for Fedora and built it for rawhide (rawhide is
current development which spawns the next Fedora release).
You can download the rawhide packages and/or the SRPM from the Koji build:
http://koji.fedoraproject.org/koji/buildinfo?buildID=436791
You probably will not be able
Alan,
You've reminded me of a question I've been meaning to ask.
Your previous answer gives an example using the unlang regex syntax, including
the case-insensitive operator at the end. But I was hoping to find an elegant
way to do case-insensitive matching in proxy.conf, where the comments
hi everybody,,
I wanna implement COA (Change Of Authorization) in freeradius. I have a
live session of a device, I wanna disconnect this device forcefully.
I isssued following command
echo
Acct-Session-Id=1B1E97C3,User-Name=002682615F4E@test_cpe.com,NAS-IP-Address=2.2.2.2
| radclient -x
Go back and read the manual from your nas provider as they should tell you
what attributes they need in the coa payload.
On 23/07/2013 4:50 PM, Muhammad Nadeem mnadeem8...@gmail.com wrote:
hi everybody,,
I wanna implement COA (Change Of Authorization) in freeradius. I have a
live session of a
Hi Muhammad
Try put in a file
Acct-Session-Id=1B1E97C3
User-Name=002682615F4E@test_cpe.com
NAS-IP-Address=2.2.2.2
cat file | radclient -x 2.2.2.2:3799 disconnect 'huaweiaaa'
See how it goes
Send all the output here so we can help
Tiffany
From:
30 matches
Mail list logo