Opps I didn't see this message at first. Does this go along with what Alan was thinking?
If I understand what you said, I would only need one IP entry (the Internet IP) in the config file for each location, right? Most of these locations will be using dynamic Internet IPs; I'm not sure how'd I keep the config updated. Plus this would make each location/network use the same shared secret among all their APs, which I want to prevent. The best solution I can think of that I want to mimic is SecureMyWiFi from WiTopia, a hosted radius service (www.witopia.net). Their service works just like I want. Thanks, Eric > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On > Behalf Of Paul Bartell > Sent: Tuesday, December 16, 2008 2:13 AM > To: FreeRadius users mailing list > Subject: Re: Duplicate IPs for Radius Clients with different secrets > > Okay. What you need to do is set ips in the client configuraiton file > for each of the APs that is going to be authenticating by using their > external ip address, which is where the connection will appear to come > from to freeradius. do a freeradius -X and it should be quite > explanatory, when you try to connect through an AP to it. > > On Mon, Dec 15, 2008 at 6:56 PM, Eric Geier <[email protected]> wrote: > >> >Hi, I'm wondering if someone can point me in the right direction. I > >> want to > >> >list radius clients with the same IPs (and different shared > secrets). > >> This > >> >would let me use freeradius among multiple offices, where each > could > >> use the > >> >same IP addresses for the radius clients. > >> > >> And how is routing going to work there? How is radius server suposed > to > >> send the response back to the correct client? This can work only if > >> carry radius server from office to office so it works a little bit > >> here, > >> little bit there. If you connect those clients onto a network they > will > >> all stop working (or, at best, first one you put on the network will > >> work but others won't). > >> > >> Ivan Kalik > >> Kalik Informatika ISP > > > > I'm not exactly sure. How does a RADIUS server work over the > Internet? I'm > > not connecting the radius clients onto the same LAN. If a radius > request > > comes in from the internet, would the server send responses to the > Internet > > IP that it received it from (which I think would work for my case) or > would > > it send to the radius client IP? > > > > Here's what I'm trying to do: > > Host a radius server on the Internet...for PEAP 802.1X (WPA- > enterprise). > > Each AP at the different offices would be set with the Internet IP > address > > of where the radius server is running, along with a shared secret. > There > > would likely be APs set to the same IP address, that's why I'm asking > about > > all this. > > > >> > Hi, I'm wondering if someone can point me in the right direction. > I > >> want to > >> > list radius clients with the same IPs (and different shared > secrets). > >> This > >> > would let me use freeradius among multiple offices, where each > could > >> use the > >> > same IP addresses for the radius clients. I need something very > >> dynamic; > >> > manually creating virtual servers in the config file won't work > well. > >> > >> RADIUS doesn't work that way. > >> > >> Shared secrets are per client IP. Each client IP is used to look > up > >> the shared secret. You can't have multiple shared secrets for one > IP. > >> > >> > Right now I'm using v1.188.2.4.2.14 > >> > >> That's not the server version number. > >> > >> Use "radiusd -v" to get the version information. > >> > >> Alan DeKOk. > > > > I know it traditionally doesn't, just checking to see what people > think and > > if I might find a way to do what I want to do. > > > > What got me thinking something like this could work is when using a > > different server, I thought I could modify the SQL select statement > that's > > used to find the shared secret. For example, the default is "select > > SharedSecret from NASES where ClientIPAddress='$c'" I thought I could > just > > add the following to the end "and where Domain=(function that takes > the > > domain from the username...after the @) I found that server can't > register > > the username attribute during the select statement...so it all didn't > work. > > > > Opps. I'm using v1.1.7 because at the moment I'm using FreeRadius.net > on > > Windows > > > > Thanks for your help guys - Eric > > > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > > -- > Random quote of the week/month/whenever i get to updating it: > "Opportunity knocked. My doorman threw him out." - Adrienne Gusoff > > "At school you don't get parole, good behavior only brings a longer > sentence." - The History Boys > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > No virus found in this incoming message. > Checked by AVG - http://www.avg.com > Version: 8.0.176 / Virus Database: 270.9.18/1850 - Release Date: > 12/15/2008 5:04 PM - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
