Arran,
Yes. You're right. It works. Great!
Thanks!
Tom
------------------ Original ------------------
From: "a.cudbardb"<[email protected]>;
Date: Tue, Sep 13, 2011 03:56 PM
To: "2394263740"<[email protected]>;
Subject: Re: NAS IP Address
Ah you want the attribute Packet-Src-IP-Address
-Arran
On 13 Sep 2011, at 03:55, 2394263740 wrote:
Arran,
Looks like the email didn't go through sometime.
Please see below email for my question.
Thanks!
Tom
------------------ Original ------------------
From: "2394263740"<[email protected]>;
Date: Tue, Sep 13, 2011 09:28 AM
To: "freeradius-users"<[email protected]>;
Subject: Re:NAS IP Address
Arran,
Thanks for your help and reply.
%{NAS-IP-Address} doesn't work for this case.
The connection like below.
Mobile --- WiFi Router --- Internet Gateway (NAT) ---Internet --- FreeRadius
Server.
The %{NAS-IP-Address} will be the LAN interfact IP, such as 192.168.1.1. This
is not I need.
I need the IP address, with such IP address, FreeRadius Server is
communicating. This means, when FreeRadius receive the access request, the
request IP packet was sourced from the Internet Gateway IP address, and this is
the IP address I need. Inside the access request, there is %{NAS-IP-Address},
it's the LAN IP address of the WIFI router, %{NAS-IP-Address} is not the
information I need in such case.
Thanks!
Tom
------------------ Original ------------------
From: "freeradius-users"<[email protected]>;
Date: Mon, Sep 12, 2011 10:44 PM
To: "freeradius-users"<[email protected]>;
Subject: Freeradius-Users Digest, Vol 77, Issue 42
Send Freeradius-Users mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. NAS IP Address ( 2394263740 )
2. Re: NAS IP Address (Arran Cudbard-Bell)
3. Best Practices - maximum NAS entries in clients.conf
(Sallee, Stephen (Jake))
4. Re: Best Practices - maximum NAS entries in clients.conf
(Alan DeKok)
5. Re: Best Practices - maximum NAS entries in clients.conf
(Arran Cudbard-Bell)
6. Re: Best Practices - maximum NAS entries in clients.conf
(Arran Cudbard-Bell)
7. Re: Best Practices - maximum NAS entries in clients.conf
(Bruce Nunn)
8. Unable to Authenticate with SHA Password (Rajkumar balaji)
----------------------------------------------------------------------
Message: 1
Date: Mon, 12 Sep 2011 19:58:18 +0800
From: " 2394263740 " <[email protected]>
Subject: NAS IP Address
To: " freeradius-users " <[email protected]>
Message-ID: <[email protected]>
Content-Type: text/plain; charset="iso-8859-1"
Hello,
I'm using free radius server 2.1.11 on Linux Enterprise Server 6.1.
OS: Linux Enterprise Server 6.1
Radius: free radius server 2.1.11
Database: Mysql
The WIFI routers we're using are in diffirent private networks, behind the
internet gateways. The WIFI router has private IP address, such as 192.168.1.1.
For some reason, we need know which Internet IP address, the WIFI router is
using to do the authention with the FreeRadius server. The FreeRadius server is
on internet.
As the business needs, we need save the IP addres(Internet gateway IP address)
to MySql database.
Can anyone advise how to do so?
Thanks!
Tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110912/9e460040/attachment.html>
------------------------------
Message: 2
Date: Mon, 12 Sep 2011 14:10:48 +0200
From: Arran Cudbard-Bell <[email protected]>
Subject: Re: NAS IP Address
To: FreeRadius users mailing list
<[email protected]>
Message-ID: <[email protected]>
Content-Type: text/plain; charset="iso-8859-1"
On 12 Sep 2011, at 13:58, 2394263740 wrote:
> Hello,
> I'm using free radius server 2.1.11 on Linux Enterprise Server 6.1.
> OS: Linux Enterprise Server 6.1
> Radius: free radius server 2.1.11
> Database: Mysql
>
> The WIFI routers we're using are in diffirent private networks, behind the
> internet gateways. The WIFI router has private IP address, such as
> 192.168.1.1.
>
> For some reason, we need know which Internet IP address, the WIFI router is
> using to do the authention with the FreeRadius server. The FreeRadius server
> is on internet.
>
> As the business needs, we need save the IP addres(Internet gateway IP
> address) to MySql database.
edit the queries in
raddb/sql/mysql/dialup.conf
and add the additional columns to the SQL database.
The original IP address of the NAS may be sent in the NAS-IP-Address attribute,
in which case use the expansion %{NAS-IP-Address} for the value of the new
column.
Arran Cudbard-Bell
[email protected]
RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110912/0e06bff5/attachment.html>
------------------------------
Message: 3
Date: Mon, 12 Sep 2011 14:04:53 +0000
From: "Sallee, Stephen (Jake)" <[email protected]>
Subject: Best Practices - maximum NAS entries in clients.conf
To: freeradius-users <[email protected]>
Message-ID: <[email protected]>
Content-Type: text/plain; charset="iso-8859-1"
@ everyone
We have about 100 NAS entries in our clients.conf file, it makes the file a
bear to deal with but the server seems to handle it fine. We will be expanding
our infrastructure soon and the number of NAS entries will increase
significantly. At what point should we think about putting them into a
database for FR to use?
Also, I have seen some chatter on the list about dynamic NASs. Am I correct in
assuming that if we are using a DB instead of the clients.conf file we can add
or remove clients simply by making changes to the correct table, all without
having to restart FR?
Jake Sallee
Godfather of Bandwidth
Network Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
------------------------------
Message: 4
Date: Mon, 12 Sep 2011 16:17:40 +0200
From: Alan DeKok <[email protected]>
Subject: Re: Best Practices - maximum NAS entries in clients.conf
To: FreeRadius users mailing list
<[email protected]>
Message-ID: <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1
Sallee, Stephen (Jake) wrote:
> We have about 100 NAS entries in our clients.conf file, it makes the file a
> bear to deal with but the server seems to handle it fine. We will be
> expanding our infrastructure soon and the number of NAS entries will increase
> significantly. At what point should we think about putting them into a
> database for FR to use?
Whenever you get tired of managing them in clients.conf.
The server has been tested with 500K clients in clients.conf. It
takes a few seconds to start, and a gig or so of RAM, but it works.
> Also, I have seen some chatter on the list about dynamic NASs. Am I correct
> in assuming that if we are using a DB instead of the clients.conf file we can
> add or remove clients simply by making changes to the correct table, all
> without having to restart FR?
Yes.
You can also do this with files. See raddb/dynamic_clients in
2.1.12. (When it comes out)
Alan DeKok.
------------------------------
Message: 5
Date: Mon, 12 Sep 2011 16:21:45 +0200
From: Arran Cudbard-Bell <[email protected]>
Subject: Re: Best Practices - maximum NAS entries in clients.conf
To: FreeRadius users mailing list
<[email protected]>
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
On 12 Sep 2011, at 16:04, Sallee, Stephen (Jake) wrote:
> @ everyone
>
> We have about 100 NAS entries in our clients.conf file, it makes the file a
> bear to deal with but the server seems to handle it fine. We will be
> expanding our infrastructure soon and the number of NAS entries will increase
> significantly. At what point should we think about putting them into a
> database for FR to use?
When it becomes a bear to deal with the clients.conf file :) - I guess memory
might be a concern? But i'm sure there are sites out there with client.conf
files holding thousands of entries... It's a hash table in C, it's going to be
fast.
>
> Also, I have seen some chatter on the list about dynamic NASs. Am I correct
> in assuming that if we are using a DB instead of the clients.conf file we can
> add or remove clients simply by making changes to the correct table, all
> without having to restart FR?
Indeed. You can also set them to expire as well, to clean up old unused entries.
-Arran
Arran Cudbard-Bell
[email protected]
RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time.
------------------------------
Message: 6
Date: Mon, 12 Sep 2011 16:25:14 +0200
From: Arran Cudbard-Bell <[email protected]>
Subject: Re: Best Practices - maximum NAS entries in clients.conf
To: FreeRadius users mailing list
<[email protected]>
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
> Fone: 254-295-4658
> Phax: 254-295-4221
Nice :)
Arran Cudbard-Bell
[email protected]
RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time.
------------------------------
Message: 7
Date: Mon, 12 Sep 2011 07:41:16 -0700 (PDT)
From: Bruce Nunn <[email protected]>
Subject: Re: Best Practices - maximum NAS entries in clients.conf
To: FreeRadius users mailing list
<[email protected]>
Message-ID:
<[email protected]>
Content-Type: text/plain; charset=iso-8859-1
If the network your APs are on is physically secure, and you don't need
accounting for individual APs, you can use netmasks to define clients in the
clients.conf file.
----- Original Message -----
From: "Sallee, Stephen (Jake)" <[email protected]>
To: freeradius-users <[email protected]>
Cc:
Sent: Monday, September 12, 2011 9:04 AM
Subject: Best Practices - maximum NAS entries in clients.conf
@ everyone
We have about 100 NAS entries in our clients.conf file, it makes the file a
bear to deal with but the server seems to handle it fine.? We will be expanding
our infrastructure soon and the number of NAS entries will increase
significantly.? At what point should we think about putting them into a
database for FR to use?
Also, I have seen some chatter on the list about dynamic NASs.? Am I correct in
assuming that if we are using a DB instead of the clients.conf file we can add
or remove clients simply by making changes to the correct table, all without
having to restart FR?
------------------------------
Message: 8
Date: Mon, 12 Sep 2011 07:44:25 -0700 (PDT)
From: Rajkumar balaji <[email protected]>
Subject: Unable to Authenticate with SHA Password
To: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
Hi All,
I am unable to authenticate the When I send SHA password to the FreeRADIUS.
I have configured SHA-Password := "admin123" in the users file.
My Password is admin123 and after SHA messagedigest its
-50-2710713-59-76-1105593-48-89-126-957495-4-108-29-81-48
RADIUS is getting the request but its rejecting it.
Please find the following radius logs,
rad_recv: Access-Request packet from host 172.17.148.152 port 50459, id=0,
length=111
User-Name = "emsadmin"
User-Password =
"-50-2710713-59-76-1105593-48-89-126-957495-4-108-29-81-48"
NAS-Identifier = "sunems8-zone2"
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "emsadmin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry emsadmin at line 204
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password
"-50-2710713-59-76-1105593-48-89-126-957495-4-108-29-81-48"
[pap] Using SHA1 encryption.
[pap] Configured SHA1 password has incorrect length
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> emsadmin
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 0 to 172.17.148.152 port 50459
Waking up in 4.9 seconds.
Cleaning up request 1 ID 0 with timestamp +6002
Ready to process requests.
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Unable-to-Authenticate-with-SHA-Password-tp4794449p4794449.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest, Vol 77, Issue 42
************************************************
Arran Cudbard-Bell
[email protected]
RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time.-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
