Thank you so much Nikos!
-----Original Message----- From: Nikos Vassiliadis [mailto:[EMAIL PROTECTED] Sent: Friday, June 30, 2006 4:57 PM To: [email protected] Cc: Егоров Сергей Subject: Re: FW: mpd+freeradius+AD On Friday 30 June 2006 11:57, Егоров Сергей wrote: > Ok, this is my users file > > > test Auth-Type := MS-CHAP > Framed-IP-Address = 192.168.10.65 > DEFAULT Auth-Type := MS-CHAP > > And this is freeradius log, then I connect to mpd via test account: > > Login OK: [test/<no User-Password attribute>] (from client localhost port 0 > cli 192.168.12.126) Sending Access-Accept of id 121 to 127.0.0.1 port 49791 > Framed-IP-Address = 192.168.10.65 > MS-CHAP2-Success = > 0x01533d4245433430393843434139344338323441384444443146393830364138413345323 >6394441413430 MS-MPPE-Recv-Key = 0x0bbdc1d49670112e799bd5a86b084808 > MS-MPPE-Send-Key = 0x0df81127464f94a443c13e7e683f5251 > MS-MPPE-Encryption-Policy = 0x00000002 > MS-MPPE-Encryption-Types = 0x00000004 > rad_recv: Accounting-Request packet from host 127.0.0.1:54511, id=119, > length=139 NAS-Identifier = "testradius.ion.ru" > NAS-Port = 0 > NAS-Port-Type = Virtual > Service-Type = Framed-User > Framed-Protocol = PPP > Calling-Station-Id = "192.168.12.126" > User-Name = "test" > Framed-IP-Address = 192.168.10.12 > Acct-Status-Type = Start > Acct-Session-Id = "1652038-pptp0" > Acct-Multi-Session-Id = "1652038-pptp0" > Acct-Link-Count = 1 > Acct-Authentic = RADIUS > Sending Accounting-Response of id 119 to 127.0.0.1 port 54511 > > In this log freeradius said that account test OK, and his address > 192.168.10.65. But mpd replace it this his own. How could I improve it? > use radius-ip read more here /usr/local/share/doc/mpd/mpd22.html > > > -----Original Message----- > From: Nikos Vassiliadis [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 29, 2006 7:05 PM > To: Undisclosed.Recipients : > Cc: Егоров Сергей > Subject: Re: FW: mpd+freeradius+AD > > On Thursday 29 June 2006 15:28, Егоров Сергей wrote: > > >This is Framed-IP-Address in radius dialect. > > > > Thanks for explaining freeradius basic concepts. I understood, that to > > assign IP to user I should use users freeradius file. But I couldn't > > configure it correctly. Now I have only one line in this file > > > > DEFAULT Auth-Type := MS-CHAP > > > > I've add another string (for user test), but it doesn't correct > > > > test Auth-Type := MS-CHAP, > > Try without the comma > > run the server in debug mode(radiusd -X) > and use radclient > > > Framed-IP-Address = 192.168.10.65, > > I think you can put this in AD. Don't know... > > > That should I fix? > > > > > > -----Original Message----- > > From: Nikos Vassiliadis [mailto:[EMAIL PROTECTED] > > Sent: Monday, June 26, 2006 5:09 PM > > To: [email protected] > > Cc: Егоров Сергей > > Subject: Re: mpd+freeradius+AD > > > > On Monday 26 June 2006 14:04, Егоров Сергей wrote: > > > Thanks for reply. > > > > > > >You can use one of the three firewalls avaliable in the base > > > > system(ipfw, > > > > > > > > >ipf and pf), however mpd comes with a small dictionary that uses > > > > > > > > ipfw(8) >and you can easily define some filter bound to an interface > > > > (bound to a >username) via a radius reply attribute, let filter be a > > > > pipe(for bandwidth >control) or a packet filtering expression. > > > > > > That's fine for filtering vpn users access to local net. But how could > > > I assign specific IP for specific user in AD? > > > > > > > Your questions don't clearly tell where your problem is. > > > >Active Directory? mpd? or FreeRADIUS? You should define > > > >them better in order to get help from the list. > > > > > > My goal is to replace VPN server, based on win2003, with FreeBSD one. > > > WIN 2003 can do 1 and 2 in my questions, so I have to realize how to > > > setup this in mpd + freeradius. I already authenticate users from AD > > > group: > > > > > > ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key > > > --username=%{Stripped-User-Name:-%{User-Name:-None}} > > > --challenge=%{mschap:Challenge:-00} > > > --nt-response=%{mschap:NT-Response:-00} > > > --require-membership-of=EXAMPLE+VPN_Allowed". > > > > > > But I have several vpn groups and need to setup timeouts on each one. > > > > setup timeout? This looks like Session-Timeout in radius dialect. > > > > > Also > > > I need to I assign specific IP for specific user in AD. > > > > This is Framed-IP-Address in radius dialect. > > > > > Looks like > > > FreeRadius should respond for this. > > > > Yes, you have to have basic understanding of what radius is. All of these > > are very basic setup. I don't know how FreeRADIUS interacts with AD and > > what info it should get from AD. So, try searching (or asking) for active > > directory and FreeRADIUS. Keep the mpd part out of it, since it will > > add unneeded complexity. Or perhaps start from setting up mpd and > > FreeRADIUS. And then you could add AD. > > > > A few suggestions, Nikos > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
