Hi Tim,
Erm, yes, they're all critical to getting dial-up to work :-)
I think you could use a DEFAULT user in the users file that says
something like...
DEFAULT auth-type := system
Fall-Through = yes
DEFAULT service-type == framed, framed-protocol == ppp
service-type = framed,
framed-protocol = ppp,
framed-ip-address = 255.255.255.254
framed-mtu = 1500
This is directly taken from the man page for the users file.
Rgds,
Guy
On 09/01/07, Tim Tyler <[EMAIL PROTECTED]> wrote:
FreeRadius experts,
Ok, I ran radtest on both the old Lucent technology radius server and on
Freeradius with the following results:
Lucent Technology radius server (which works)
[EMAIL PROTECTED] raddb]# radtest tylert xxxxxx 144.89.40.30:1645 1645
yyyyyy
Sending Access-Request of id 37 to 144.89.40.30:1645
User-Name = "tylert"
User-Password = "xxxxxx"
NAS-IP-Address = alum.beloit.edu
NAS-Port = 1645
rad_recv: Access-Accept packet from host 144.89.40.30:1645, id=37,
length=44
Framed-Protocol = PPP
Service-Type = Framed-User
Framed-IP-Address = 255.255.255.254
Framed-MTU = 1500
FreeRadius which authenticates, access the local network, but doesn't
access the Internet:
[EMAIL PROTECTED] raddb]# radtest tylert xxxxxx 144.89.40.9 1812 yyyyyyy
Sending Access-Request of id 159 to 144.89.40.9:1812
User-Name = "tylert"
User-Password = "xxxxxx"
NAS-IP-Address = alu.beloit.edu
NAS-Port = 1812
rad_recv: Access-Accept packet from host 144.89.40.9:1812, id=159,
length=20
So what I am observing is that Freeradius does not send back the following
information that Lucent Tech. does.
Framed-Protocol = PPP
Service-Type = Framed-User
Framed-IP-Address = 255.255.255.254
Framed-MTU = 1500
I am guessing that some or all of these are important. Some of the old
archives have suggested that the mtu might be important. If I am using a
standard unix password crypt file, is it possible to get freeradius to send
this information? Or do I need to consider another method?
Tim
At 11:54 AM 1/8/2007, you wrote:
You may wish to use the radius-tools package (correct me if the package name
is wrong, List) which is included with freeradius to send test packets from
the test application to the Freeradius server, and it'll show you what the
attributes you're sending and what the server replies with.
You can then do this again to your AIX server and see how the response is
different - this will involve adding your test client machine as a NAS in
the AIX machine's clients file.
Basically you need to eavesdrop on the connection between the radius client
and new/old servers, and compare and contrast the replies. This is the best
way to work out "What has changed?"
Hope this helps,
Jan
On 08/01/07, Tim Tyler <[EMAIL PROTECTED]> wrote:
FreeRadius experts,
We are trying to run FreeRadius on a RedHat AS 2.1 system. We use
an external password file for authentication defined in the unix
system (password = filename) section of radius.conf. This seems to
work fine. Modem users can authenticate to our old 3com Total
Control modem pool, but users can not access the Internet. They can
access all local domain servers on campus, but they can't get off
campus. This really should not be a firewall issue as the same ip
addresses are still associated with the modem pool.
Note: if we go back to our old Lucent Technology radius server
running on AIX, everybody is fine and can access the Internet again.
I am trying to find out what might cause a modem pool to only work
locally (access servers on our campus) after switching to FreeRadius
particularly since it seems that the authentication part is
working? I know that the 3com Total Control modem pool is rather old
but I don't know why it would behave differently from one radius
server to another as long as authentication works.
I read in one of the FreeRadius archives that some users have
experienced a similar problem of either very slow or won't work at
all for some customers accessing the Internet via Freeradius
authentication until they modified the MTU setting. This is curious
to me. Is there a place in FreeRadius that I might change the mtu
setting given that I am using an external unix password crypt file
for all authentication? If so, what mtu setting might be recommended?
Is there another possible explanation that might relate to Freeradius?
any thoughts are much appreciated?
Tim Tyler
Network Engineer - Beloit College
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Tim Tyler
Network Engineer - Beloit College
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
