hi, it is working now.thanks for your help i was missing the following entry
user<http://www.juniper.net/techpubs/software/junos/junos84/swconfig84-system-basics/id-11121928.html#id-11121928>remote {full-name "All remote users";uid *uid-value*;class *class-name*;thanks again. On 8/16/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Send Freeradius-Users mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.freeradius.org/mailman/listinfo/freeradius-users > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Freeradius-Users digest..." > > > Today's Topics: > > 1. juniper authentication with freeradius (ashish verma) > 2. Re: juniper authentication with freeradius (Bj?rn Mork) > 3. Re: Big Problem with peap-mschapv2+freeradius 1.1.7 (Alan DeKok) > 4. freeradius stops immediately ([EMAIL PROTECTED]) > 5. Re: freeradius stops immediately (Alan DeKok) > 6. Enterasys Mac-auth Dynamic-VLAN (Fabrizio Stoppani) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 16 Aug 2007 16:00:07 +0530 > From: "ashish verma" < [EMAIL PROTECTED]> > Subject: juniper authentication with freeradius > To: [email protected] > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="iso-8859-1" > > hi, > > oh.. i didnt have dictionary.juniper file under /etc/freeradius. > so i added those lines in "dictionary" file under /etc/freeradius. > and this is my juniper side configuration. > > authentication-order [ radius password ]; > radius-server { > 192.168.1.49 { > port 1812; > accounting-port 1813; > secret "$9$mTnCOBEyrvO1SeKM-d"; ## SECRET-DATA > } > } > > i tried doing it without specifying the ports as well..but didnt work. > > under "users" file i have this > > edward Auth-type := Local, User-Password = "edward" > Juniper-Local-User-Name = "fritz12" > > clients.conf contains > > client 192.168.1.10/24 { > secret = secret > shortname = junoscope.server.name > type = Juniper:nas > } > > > On 8/16/07, [EMAIL PROTECTED] < > [EMAIL PROTECTED] > wrote: > > > > Send Freeradius-Users mailing list submissions to > > [email protected] > > > > To subscribe or unsubscribe via the World Wide Web, visit > > http://lists.freeradius.org/mailman/listinfo/freeradius-users > > or, via email, send a message with subject or body 'help' to > > [EMAIL PROTECTED] > > > > You can reach the person managing the list at > > [EMAIL PROTECTED] > > > > When replying, please edit your Subject line so it is more specific > > than "Re: Contents of Freeradius-Users digest..." > > > > > > Today's Topics: > > > > 1. Re: juniper authentication with freeradius (Bj?rn Mork) > > > > > > ---------------------------------------------------------------------- > > > > Message: 1 > > Date: Thu, 16 Aug 2007 11:20:09 +0200 > > From: Bj?rn Mork <[EMAIL PROTECTED]> > > Subject: Re: juniper authentication with freeradius > > To: FreeRadius users mailing list > > < [email protected]> > > Message-ID: <[EMAIL PROTECTED]> > > Content-Type: text/plain; charset=iso-8859-1 > > > > "ashish verma" < [EMAIL PROTECTED]> writes: > > > > > I am trying to do juniper m7i router authentication with freeradius. > > > Can someone provide me some documentation? > > > > > > I have configured juniper but i suppose i missing something on radius > > side. > > > > You don't say how you configured neither the JUNOS box nor FreeRADIUS. > > My guess is that you're lacking something on the router: > > > > > http://www.juniper.net/techpubs/software/junos/junos84/swconfig84-system-basics/id-10674699.html > > > > > > > added following in dictionary file. > > > > why? They have been in the default dictionary.juniper for ages. > > > > > > > > Bj?rn > > > > > > > > ------------------------------ > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > End of Freeradius-Users Digest, Vol 28, Issue 55 > > ************************************************ > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070816/6923e495/attachment-0001.html > > ------------------------------ > > Message: 2 > Date: Thu, 16 Aug 2007 12:57:29 +0200 > From: Bj?rn Mork < [EMAIL PROTECTED]> > Subject: Re: juniper authentication with freeradius > To: FreeRadius users mailing list > <[email protected] > > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=iso-8859-1 > > "ashish verma" < [EMAIL PROTECTED]> writes: > > > oh.. i didnt have dictionary.juniper file under /etc/freeradius. > > so i added those lines in "dictionary" file under /etc/freeradius. > > and this is my juniper side configuration. > > > > authentication-order [ radius password ]; > > radius-server { > > 192.168.1.49 { > > port 1812; > > accounting-port 1813; > > secret "$9$mTnCOBEyrvO1SeKM-d"; ## SECRET-DATA > > } > > } > > You might need to specify the source address here. I.e. > > radius-server { > 192.168.1.49 { > port 1812; > accounting-port 1813; > secret "$9$mTnCOBEyrvO1SeKM-d"; ## SECRET-DATA > source-address 192.168.1.10 ; > } > } > > > > i tried doing it without specifying the ports as well..but didnt work. > > > > under "users" file i have this > > > > edward Auth-type := Local, User-Password = "edward" > > Juniper-Local-User-Name = "fritz12" > > Did you define the local user "fritz12" on the router? > > > clients.conf contains > > > > client 192.168.1.10/24 { > > secret = secret > > shortname = junoscope.server.name > > type = Juniper:nas > > } > > That's a somewhat strange entry. I would have expected either > 'client 192.168.1.0/24' or 'client 192.168.1.1' > > Do you get anything in the radius logs, indicating that the connection > is OK? > > > > > Bj?rn > > > > ------------------------------ > > Message: 3 > Date: Thu, 16 Aug 2007 09:45:27 -0400 > From: Alan DeKok <[EMAIL PROTECTED] > > Subject: Re: Big Problem with peap-mschapv2+freeradius 1.1.7 > To: [EMAIL PROTECTED], FreeRadius users mailing list > < [email protected]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=ISO-8859-1 > > Christian Frank wrote: > > I have a big problem with my radius setup. I want to authenticate > > my users with peap+mschapv2. The radius backend is an ldap server. > > Does the LDAP server contain a clear-text or NT hashed password for > the user? > > > I have this setup working with Freeradius 1.0.1 on Redhat 4 ES. > > > > But after upgrading to 1.1.7 this setup does not work anymore. > > I configured my radius/eap/client config file the same way like the old > file was. > > Are you sure? The configurations are similar, but not identical. > > > rlm_ldap: performing search in dc=rsel,dc=com, with filter (uid=cfra) > > rlm_ldap: checking if remote access for cfra is allowed by uid > > rlm_ldap: looking for check items in directory... > > rlm_ldap: looking for reply items in directory... > > rlm_ldap: user cfra authorized to use remote access > > BUT there was no "known good" password for the user found in LDAP. > That's why authentication is failing. > > Alan DeKok. > > > ------------------------------ > > Message: 4 > Date: Thu, 16 Aug 2007 11:34:44 -0300 > From: [EMAIL PROTECTED] > Subject: freeradius stops immediately > To: [email protected] > Message-ID: > <[EMAIL PROTECTED] > > > > Content-Type: text/plain; charset="iso-8859-1" > > Hello all. > > I am trying to run freeradius-1.1.5 but it stops immediately after > > executing the command ./radiusd -X > > The computer?s answer is "Finalizado" because I have chossen spanish as my > Solaris language > > There is no log file. > > # ./radiusd -X > Finalizado > > # uname -a > SunOS xterminal 5.7 Generic_106541-04 sun4u SUNW,Ultra-30 Solaris > > Any help please? > > Thank you > > Ruben Savia > Professional Services Specialist > Gcia. Operaciones y Servicios > [EMAIL PROTECTED] > > Av. Vieytes 1710. (C1275AGT) Ciudad Aut?noma de Buenos Aires > Te : 4349-1111 int 1001 > Fax: 4349-1129 > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070816/757826fe/attachment-0001.html > > > ------------------------------ > > Message: 5 > Date: Thu, 16 Aug 2007 10:54:19 -0400 > From: Alan DeKok <[EMAIL PROTECTED]> > Subject: Re: freeradius stops immediately > To: FreeRadius users mailing list > <[email protected]> > Message-ID: < [EMAIL PROTECTED]> > Content-Type: text/plain; charset=ISO-8859-1 > > [EMAIL PROTECTED] wrote: > > I am trying to run freeradius-1.1.5 but it stops immediately > > after executing the command ./radiusd -X > > Use 1.1.7. > > Alan DeKok. > > > ------------------------------ > > Message: 6 > Date: Thu, 16 Aug 2007 17:38:01 +0200 > From: "Fabrizio Stoppani" <[EMAIL PROTECTED]> > Subject: Enterasys Mac-auth Dynamic-VLAN > To: < [email protected]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="iso-8859-1" > > Hello to everyone ! > I have a problem with Enterasys switch SecureStack A2. It work with 802.1Xand > MAC-authentication but the dynamic vlan assignment works only the first > one. > I want use it with the MAC authentication (as with Cisco,HP,...) but the > Enterasys switch don't accept the tunnel attributes that the Radius server > send it. > It seems that these are accepted only with 802.1X autentication. > I use Freeradius with Mysql so I would want to know if there is a way to > say to Freeradius to use the Calling-Station-Id as password for EAP module > and use DEFAULT user for every authentication. > Thanks a lot for your support. > > Fabrizio Stoppani > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070816/f40aa145/attachment.html > > ------------------------------ > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > End of Freeradius-Users Digest, Vol 28, Issue 56 > ************************************************ >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
