Again thanks Arran.
This is quite a handful!
A quick reading about radsec (http://wiki.freeradius.org/RadSec) shows that its
not supported by freeradius??
What about the "encrypted tunnel" way, can you lead me to a tutorial or MAN
page that may help me?
Many thanks.
Grace.
----- Original Message -----
From: Arran Cudbard-Bell
To: FreeRadius users mailing list
Sent: Friday, August 26, 2011 3:23 PM
Subject: Re: A trick for configuring freerad to authenticate multiple
NASwithdynamic IPs
On 26 Aug 2011, at 12:08, Grace M. wrote:
Thank you Arran for quick reply.
Since the NAS(s) will be in other networks, they will appear to my server
as dynamic *public ips* and sometimes the NAS(s) will be multiple
in one external NATed network (such will appear as from 1 public ip). In
this case I will need to specify a range of puplic ips??
Yes, either that or use the dynamic-clients virtual server in
raddb/sites-available to just accept any client. Then use the same shared
secret for all external clients.
If you're using an EAP method with some kind of TLS layer then the shared
secret doesn't really do anything useful, other than providing crude protection
against DoS attacks (even then that won't always work).
Incidentally if you are doing PAP or CHAP then you should not be sending the
RADIUS packets over a public network without using RADSEC or running them
through some sort of encrypted tunnel.
-Arran
Don't know am making sense.
Grace
----- Original Message -----
From: Arran Cudbard-Bell
To: FreeRadius users mailing list
Sent: Friday, August 26, 2011 2:55 PM
Subject: Re: A trick for configuring freerad to authenticate multiple NAS
withdynamic IPs
On 26 Aug 2011, at 11:49, Grace M. wrote:
Guyz,
I have FreeRADIUS Version 2.1.10 working with mysql to authenticate
uses connected to a number of NAS(s).
Now, I would like to authenticate NAS(s) which should connect to my
freerad from other networks (outside my lan) which have dynamic IPs.
Anyone with a trick on how to configure clients.conf for that?
You can specify IP ranges for clients? Would this help? Or are the
dynamic clients extra dynamic?
-Arran
Arran Cudbard-Bell
a.cudba...@freeradius.org
RADIUS - Half the complexity of Diameter
--------------------------------------------------------------------------
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Arran Cudbard-Bell
a.cudba...@freeradius.org
RADIUS - Half the complexity of Diameter
------------------------------------------------------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html