What has happened is that the modem pool users where assigned an IP
address originally and was authenticated on the local NAS device, now
trying to change them over to the Radius Server for Authentication, I
was wanting the radius server to assign the IP address in a hybrid mode
while they still have a static until all users change to dhcp, then at
that point only allow the framed-ip-address to be used. The
functionality is great for security and appears how it should act, so
there might not be away to set up the IP's for this one though.
I originally tried it with the Framed-IP-Address = xxx.xxx.xxx.xxx, but
changed it to := to see if it would allow the static to take priority
over the radius, but I received the same results, the user still got
rejected.
Thanks
Andrew Grimmett
Wouldn't that be a bad idea if the connecting guy sets your web server
IP
address in his xp? or even worse some IP where he can collect all the
passwords of your users?
Perhaps you can use Framed-IP-Address = 192.168.40.126 ? If the XP
requests an IP then it would be in the check list so (I am not sure but)
radius wouldnt send the Framed-IP-Address attribute back to server
perhaps?
Attribute = Value
Not allowed as a check item.
As a reply item, it means "add the item to the reply
list, but only if there is no other item of the same
attribute."
Evren
On Tue, 3 Dec 2002, Andrew Grimmett wrote:
>
>
> When authentication occurs when dialing through a Cisco Router, and
the
> Framed-IP-Address is assigned, the client (Windows XP)is rejecting the
> connection if it has been set for a static IP address. Is there away
to
> allow static IP addresses to connect while there account is still set
> with a Framed-IP-Address, so they could use a Static IP address or an
IP
> address assigned from the radius.
>
> Here is my current configuration Running on Freeradius 0.7.1.
>
> agrimmett NAS-IP-Address == 192.168.2.175, Auth-Type := System
> Framed-Protocol = PPP,
> Framed-IP-Address := 192.168.40.126,
> Ascend-Client-Primary-DNS = 192.168.4.52,
> Ascend-Client-Secondary-DNS = 192.168.50.52,
> Framed-Compression = Van-Jacobson-TCP-IP,
> Idle-Timeout = 0,
> Framed-MTU = 1500,
> Fall-Through = Yes
>
> I noticed also in Release 0.8's change log that it now has a post_auth
> section, how do you define that, or where can I locate a doc/example
of
> the configuration.
>
>
>
> Thanks
> Andrew Grimmett
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
