IPv6 deployment howto
Hi, I'm looking for some assistance on deploying IPv6. I'm currently using FreeRADIUS Version 1.1.6. I have for testing a Cisco 3640 running C3640-IK9S-M. The cisco has properly routable IPv6 addresses on its Ethernet and Loopback. I currently allow clients to dial to this device using the E1 (ISDN-PRI) and with 30 mica modems. Currently - I issue IPv4 addresses to clients and all is working well. I run MySQL as the admin backend to FreeRadius - ie thats where my clients info is stored. Usually - a client will be given a dynamic IPv4 address from a local pool of addresses configured on the Cisco... some (very few - but importaint) clients have static addresses (ie - for pre-defined holes in their company firewalls - etc). I'd like to also be able to provide dialup clients with IPv6 addresses - in addition to any IPv4 address. I think that I'd like to have a pool of IPv6 addresses on the cisco and to be able to provide clients with a /64 block (might look at a /60 or /56 one day). To do this in IPv4 - I send 255.255.255.254 to the NAS/Cisco. So whats the IPv6 equivalent? I expect to stay with FreeRADIUS Version 1.1.6 for now and understand that packets between the NAS and Radius will be via IPv4. Thats fine - though one day I think I expect to see FreeRadius listening on both IPv4 and IPv6 at the same time. The WIKI has little to say on IPv6 - except that IPv6 support is better on FreeRadius2.0 - but IPv6 attributes can be supplied from pre-2.0 versions of freeRadius. So - can anyone help me please? What magic lines would I need to add to my Cisco and what magic to add to FreeRadius? Anyone have Dialup clients being issued IPv6 addresses yet? 1 - I expect to add some sort of IPv6 field to MySQL (ie - for a static IPv6 address or to signify the NAS to use a Dynamic address) 2 - I expect the authorize_check_query and other SQL queries to change a bit... ie return IPv6 data - without breaking IPv4 only NAS's 3 - I expect to add an IPv6 pool and other lines of magic to my Cisco. just need a little help...? Someone must have done this already! -- . . ___. .__ Posix Systems - Sth Africa /| /| / /__ [EMAIL PROTECTED] - Mark J Elkins, SCO ACE, Cisco CCIE / |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IPv6 deployment howto
Mark J Elkins wrote: I'm looking for some assistance on deploying IPv6. I'm currently using FreeRADIUS Version 1.1.6. I have for testing a Cisco 3640 running C3640-IK9S-M. The cisco has properly routable IPv6 addresses on its Ethernet and Loopback. Version 1.1.6 doesn't support IPv6. I think that I'd like to have a pool of IPv6 addresses on the cisco and to be able to provide clients with a /64 block (might look at a /60 or /56 one day). To do this in IPv4 - I send 255.255.255.254 to the NAS/Cisco. So whats the IPv6 equivalent? I don't think there is one. See the Cisco documentation for more. Address allocation in IPv6 is very different from IPv4. I expect to stay with FreeRADIUS Version 1.1.6 for now and understand that packets between the NAS and Radius will be via IPv4. Thats fine - though one day I think I expect to see FreeRadius listening on both IPv4 and IPv6 at the same time. Version 2.0 will support IPv6. What magic lines would I need to add to my Cisco and what magic to add to FreeRadius? Anyone have Dialup clients being issued IPv6 addresses yet? 1 - I expect to add some sort of IPv6 field to MySQL (ie - for a static IPv6 address or to signify the NAS to use a Dynamic address) 2 - I expect the authorize_check_query and other SQL queries to change a bit... ie return IPv6 data - without breaking IPv4 only NAS's 3 - I expect to add an IPv6 pool and other lines of magic to my Cisco. There's Framed-IPv6-prefix, where you can assign Ip's to a client. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IPv6 deployment howto
What magic lines would I need to add to my Cisco and what magic to add to FreeRadius? Anyone have Dialup clients being issued IPv6 addresses yet? 1 - I expect to add some sort of IPv6 field to MySQL (ie - for a static IPv6 address or to signify the NAS to use a Dynamic address) 2 - I expect the authorize_check_query and other SQL queries to change a bit... ie return IPv6 data - without breaking IPv4 only NAS's 3 - I expect to add an IPv6 pool and other lines of magic to my Cisco. There's Framed-IPv6-prefix, where you can assign Ip's to a client. I do it with: cisco-avpair = ipv6:route#1=2001:dead:beef::/64 I do not use dynamic allocation. Cheers Matthias -- Matthias Cramer / mc322-ripe System Network Manager Interway Communication GmbHPhone +41 43 500 Josefstrasse 225 Fax +41 44 271 3535 CH-8005 Zürich http://www.interway.ch/ GnuPG 1024D/2D208250 = DBC6 65B6 7083 1029 781E 3959 B62F DF1C 2D20 8250 signature.asc Description: OpenPGP digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IPv6 deployment howto
Alan DeKok wrote: Mark J Elkins wrote: I'm looking for some assistance on deploying IPv6. I'm currently using FreeRADIUS Version 1.1.6. I have for testing a Cisco 3640 running C3640-IK9S-M. The cisco has properly routable IPv6 addresses on its Ethernet and Loopback. Version 1.1.6 doesn't support IPv6. From the Wiki... http://wiki.freeradius.org/index.php/FAQ#Does_FreeRADIUS_Support_IPv6.3F FreeRADIUS 1.1.x does not particularly care if the host it runs on is dual-stack. It will work just fine, but only use the IPv4 stack of the machine. It will also transport IPv6 RADIUS attributes just fine but will NOT send packets over IPv6. My reading of this is that I can use FreeRADIUS 1.1.6 to store and transport IPv6 Radius attributes so I can use 1.1.6 ??? I think that I'd like to have a pool of IPv6 addresses on the cisco and to be able to provide clients with a /64 block (might look at a /60 or /56 one day). To do this in IPv4 - I send 255.255.255.254 to the NAS/Cisco. So whats the IPv6 equivalent? I don't think there is one. See the Cisco documentation for more. I guess you have no pointers as to exactly where..? I've already been reading Cisco stuff for hours... Address allocation in IPv6 is very different from IPv4. I expect to stay with FreeRADIUS Version 1.1.6 for now and understand that packets between the NAS and Radius will be via IPv4. Thats fine - though one day I think I expect to see FreeRadius listening on both IPv4 and IPv6 at the same time. Version 2.0 will support IPv6. What magic lines would I need to add to my Cisco and what magic to add to FreeRadius? Anyone have Dialup clients being issued IPv6 addresses yet? 1 - I expect to add some sort of IPv6 field to MySQL (ie - for a static IPv6 address or to signify the NAS to use a Dynamic address) 2 - I expect the authorize_check_query and other SQL queries to change a bit... ie return IPv6 data - without breaking IPv4 only NAS's 3 - I expect to add an IPv6 pool and other lines of magic to my Cisco. There's Framed-IPv6-prefix, where you can assign Ip's to a client. I think this is for static allocations only. From my limited experience, rfc3162 seems to suggest using Login-IPv6-Host as a trigger? Login-IPv6-Host=0 - use an address from the local pool, Login-IPv6-Host=all 'F' - use the address that the user wants Anything else - the address to assign. No idea if this is implemented though... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- . . ___. .__ Posix Systems - Sth Africa /| /| / /__ [EMAIL PROTECTED] - Mark J Elkins, SCO ACE, Cisco CCIE / |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP/TLS certificate Security question
Dear all I have installed EAP/TLS base authentication in my wirless network i have some question about security issue i have installed certificate on every laptop of wirless client machine now thing is that is some one will installed that certificate on unknow client then how can i privent them if one if my company user give his/her certificate so some one or hacker then ??? is it possible i create certificate per user i genrate ceruficate per username thats why no bodya can give his/her certificate to untrusted party or anyother guys .give me suggestion for this question how to more secure my wirless NETWORK.. $ cat ~/satish/url.txt http://www.linuxbug.org _ - Unlimited freedom, unlimited storage. Get it now- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re : Freeradius Billing Account Management
You may want to use phpMyPrepaidhttp://sourceforge.net/project/showfiles.php?group_id=127438 == Benjamin K. Eshun - Message d'origine De : Pratchaya Chatuphian [EMAIL PROTECTED] À : freeradius-users@lists.freeradius.org Envoyé le : Samedi, 6 Octobre 2007, 12h47mn 59s Objet : Freeradius Billing Account Management Billing Account Management === I 've successful about installation freeradius + mysql + dd-wrt ( using chillispot ). Now, i need you help. Would you like to suggestion me about Hotspot Billing Account Management ? that can provide postpaid/prepaid and register/sign up new user and can be refill internet time . Anybody have experience about this ? Thank you very much Best Regards., PT Ps. have it a opensource ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TLS certificate Security question
You can't prevent someone with a valid certificate logging on (you can revoke it and then that user and whoever has duplicate certificate will not be able to log on). But you can stop unknown mac addresses associating with your AP. Read AP documentation. Or, if you have AD, use machine authentication as well. Ivan Kalik Kalik Informatika ISP Dana 8/10/2007, satish patel [EMAIL PROTECTED] piše: Dear all I have installed EAP/TLS base authentication in my wirless network i have some question about security issue i have installed certificate on every laptop of wirless client machine now thing is that is some one will installed that certificate on unknow client then how can i privent them if one if my company user give his/her certificate so some one or hacker then ??? is it possible i create certificate per user i genrate ceruficate per username thats why no bodya can give his/her certificate to untrusted party or anyother guys .give me suggestion for this question how to more secure my wirless NETWORK.. $ cat ~/satish/url.txt http://www.linuxbug.org _ - Unlimited freedom, unlimited storage. Get it now - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius with TTLS support
Hello, I am trying to set up a freeradius server with EAP-TTLS authentication, Which are the steps to build freeradius with EAP-TTLS support? Can anybody help me? Thanks in advance regards! -- José Antonio Olivera Ortega Automóvil Conectado - Telefónica I+D Teléfono: 913340330 Ext. 1000 Email: [EMAIL PROTECTED] -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius with TTLS support
José Antonio Olivera Ortega wrote: I am trying to set up a freeradius server with EAP-TTLS authentication, Which are the steps to build freeradius with EAP-TTLS support? $ ./configure $ make $ make install It would also help if you said what OS you are running. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius with TTLS support
Hello Alan, I am using Debian GNU/Linux. I saw at http://wiki.freeradius.org/Build#Building_Debian_packages the steps but I don't know if all the steps are included. May be I have to modify more things like freeradius-1.1.7/debian/rules, freeradius-1.1.7/debian/control or somethig like that in order to include EAP-TTLS support. Must I do it? Thanks and regards Alan! Alan DeKok wrote: José Antonio Olivera Ortega wrote: I am trying to set up a freeradius server with EAP-TTLS authentication, Which are the steps to build freeradius with EAP-TTLS support? $ ./configure $ make $ make install It would also help if you said what OS you are running. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- José Antonio Olivera Ortega Automóvil Conectado - Telefónica I+D Teléfono: 913340330 Ext. 1000 Email: [EMAIL PROTECTED] -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius with TTLS support
José Antonio Olivera Ortega wrote: I am using Debian GNU/Linux. I saw at http://wiki.freeradius.org/Build#Building_Debian_packages the steps but I don't know if all the steps are included. May be I have to modify more things like freeradius-1.1.7/debian/rules, freeradius-1.1.7/debian/control or somethig like that in order to include EAP-TTLS support. Must I do it? Edit debian/rules to remove --without-openssl --without-rlm_eap_peap... Alan DeKok - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius 1.0.2 with oracle backend
I've setup freeradius by following the Using Oracle as a Backend DB for a Radius Server document at www.ceta.ufm.edu.gt. The server will load the rlm_sql_oracle module and start. It is also communicating with the database properly. However, It will not authenticate users from that database. I get the following messages by watching the output of radiusd -X snip modcall[authorize]: module sql returns ok for request 8 modcall: group authorize returns ok for request 8 rad_check_password: Found Auth-Type System auth: type System Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 modcall[authenticate]: module unix returns notfound for request 8 modcall: group authenticate returns notfound for request 8 auth: Failed to validate the user. Delaying request 8 for 1 seconds Finished request 8 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 10.28.4.10:32770, id=13, length=102 Sending Access-Reject of id 13 to 10.28.4.10:32770 snip It will authenticate usernames that exist on the local system. It seems that it is defaulting to checking the password on the system instead of the password stored in the database table. Should I set a specific Auth-Type in the radreply table or is my problem due to misconfiguration of radiusd.conf? Thanks in advance, Sam - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1.0.2 with oracle backend
1. Update - 1.0.2 is years out of date. 2. Delete (comment out) DEFAULT entry setting Auth-Type System from the users file (if you don't plan to use it). 3. Post the debug from the request. Ivan Kalik Kalik Informatika ISP Dana 8/10/2007, Sam Gibbs [EMAIL PROTECTED] piše: I've setup freeradius by following the Using Oracle as a Backend DB for a Radius Server document at www.ceta.ufm.edu.gt. The server will load the rlm_sql_oracle module and start. It is also communicating with the database properly. However, It will not authenticate users from that database. I get the following messages by watching the output of radiusd -X snip modcall[authorize]: module sql returns ok for request 8 modcall: group authorize returns ok for request 8 rad_check_password: Found Auth-Type System auth: type System Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 modcall[authenticate]: module unix returns notfound for request 8 modcall: group authenticate returns notfound for request 8 auth: Failed to validate the user. Delaying request 8 for 1 seconds Finished request 8 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 10.28.4.10:32770, id=13, length=102 Sending Access-Reject of id 13 to 10.28.4.10:32770 snip It will authenticate usernames that exist on the local system. It seems that it is defaulting to checking the password on the system instead of the password stored in the database table. Should I set a specific Auth-Type in the radreply table or is my problem due to misconfiguration of radiusd.conf? Thanks in advance, Sam - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1.0.2 with oracle backend
On 10/8/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: 1. Update - 1.0.2 is years out of date. Thanks, I will update. The doc I followed specified 1.0.2. 2. Delete (comment out) DEFAULT entry setting Auth-Type System from the users file (if you don't plan to use it). I've commented out these two lines: DEFAULTAuth-Type = System Fall-Through = 1 3. Post the debug from the request. It now works with oracle users! rad_recv: Access-Request packet from host 10.1.9.92:2879, id=12, length=46 User-Name = guest2 User-Password = guest2 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: No '@' in User-Name = guest2, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 0 modcall[authorize]: module files returns notfound for request 0 radius_xlat: 'guest2' rlm_sql (sql): sql_set_user escaped user -- 'guest2' several sql select statements rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns ok for request 0 modcall: group authorize returns ok for request 0 auth: type Local auth: user supplied User-Password matches local User-Password Sending Access-Accept of id 12 to 10.1.9.92:2879 Finished request 0 Thanks for your help, Ivan. Sam - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
access rejected
Hi,
I added FreeRADIUS-EAP-TNC-Patch on FreeRADIUS which is developed by [EMAIL
PROTECTED] so that eap-tnc can be supported by FreeRADIUS.Then I entered
radiusd -X command but some error occured , which indicated that access was
rejected and the debug info is Could not open file tnc_log.properties! but
the file tnc_log.properties had been put under /etc/tnc/ . The debug info is
appended with this mail.
Could you please tell me why the access was rejected and how to deal with the
problem?
Thank you very much.
-
雅虎邮箱,终生伙伴!
-
雅虎邮箱,终生伙伴! #radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = /usr/local
main: localstatedir = /usr/local/var
main: logdir = /usr/local/var/log/radius
main: libdir = /usr/local/lib
main: radacctdir = /usr/local/var/log/radius/radacct
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = /usr/local/var/log/radius/radius.log
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = /usr/local/var/run/radiusd/radiusd.pid
main: user = (null)
main: group = (null)
main: usercollide = no
main: lower_user = no
main: lower_pass = no
main: nospace_user = no
main: nospace_pass = no
main: checkrad = /usr/local/sbin/checkrad
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = (null)
exec: input_pairs = request
exec: output_pairs = (null)
exec: packet_type = (null)
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = crypt
pap: auto_header = yes
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = (null)
mschap: ntlm_auth = (null)
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = (null)
unix: shadow = (null)
unix: group = (null)
unix: radwtmp = /usr/local/var/log/radius/radwtmp
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = tnc
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type tnc
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = Password:
gtc: auth_type = PAP
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = /usr/local/etc/raddb/huntgroups
preprocess: hints = /usr/local/etc/raddb/hints
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = suffix
realm: delimiter = @
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = /usr/local/etc/raddb/users
files: acctusersfile = /usr/local/etc/raddb/acct_users
files: preproxy_usersfile = /usr/local/etc/raddb/preproxy_users
files: compat = no
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Addre
ss, NAS-Port
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile = /usr/local/var/log/radius/radacct/%{Client-IP-Address}/de
tail-%Y%m%d
detail:
Re: access rejected
I added FreeRADIUS-EAP-TNC-Patch on FreeRADIUS which is developed by [EMAIL PROTECTED] Don't you think that you should put this question to the people who made the patch? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: access rejected
翔 李 wrote: I added FreeRADIUS-EAP-TNC-Patch on FreeRADIUS which is developed by [EMAIL PROTECTED] Please ask them questions about EAP-TNC support. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AAA for cisco management
Hi: - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius for cisco management
Hi I want to do per user command authorization in a cisco network to replace a tacacs+ server. But I can´t find a how to in a page, can you send me the link? Thanks Germán - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius for cisco management
http://wiki.freeradius.org/Cisco Ivan Kalik Kalik Informatika ISP Dana 8/10/2007, German Garay [EMAIL PROTECTED] piše: Hi I want to do per user command authorization in a cisco network to replace a tacacs+ server. But I can´t find a how to in a page, can you send me the link? Thanks Germán - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius for cisco management
On Mon, 2007-10-08 at 17:00 -0300, German Garay wrote: Hi I want to do per user command authorization in a cisco network to replace a tacacs+ server. But I can´t find a how to in a page, can you send me the link? Can't be done. The best you can do is use Radius to assign a privilege level, and bind the commands to a privilege, but you cannot do per-command auth. That's a TACACS-only feature. See: http://marc.info/?l=cisco-nspm=118188387413537w=2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IPv6 deployment howto
Mark J Elkins wrote: My reading of this is that I can use FreeRADIUS 1.1.6 to store and transport IPv6 Radius attributes so I can use 1.1.6 ??? Yes. There's Framed-IPv6-prefix, where you can assign Ip's to a client. I think this is for static allocations only. I don't know what you mean by that. The Access-Accept can contain an IPv6 prefix. The prefix is valid only for as long as the session is active. It is NOT a permanently allocated static IP. From my limited experience, rfc3162 seems to suggest using Login-IPv6-Host as a trigger? No. This is for connecting the user to a machine. It is not for assigning an IP address to a machine. See Login-Service, and Login-TCP-Port. The Login-* attributes are about connecting a dial-in user directly to an ip/port pair. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
CAR cisco radius replace freeradius
Dear all I have CAR cisco radius server with MPLS attribites but there is no Accouting option for users so is it possible to replace CAS radius with freeradius server ?? $ cat ~/satish/url.txt http://www.linuxbug.org _ - Did you know? You can CHAT without downloading messenger. Click here- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
