RE: Radius proxy configuration
Thanks for the clarification and sorry for the basic question. I'm new on this list and I was trying to understand if I can achieve with freeradius a behavior similar to what could be done with another product (navisradius) by setting Radius-CopyMode. In navisradius Radius-CopyMode specifies that after forwarding the request to the remote RADIUS server processing automatically continues with the method. NavisRadius will not wait for a response from the remote server and any response received is discarded. Thanks, Regards, Roberta -Original Message- From: freeradius-users-bounces+roberta.maglione=telecomitalia...@lists.freeradius.org [mailto:freeradius-users-bounces+roberta.maglione=telecomitalia...@lists.freeradius.org] On Behalf Of Alan DeKok Sent: martedì 24 maggio 2011 17.08 To: FreeRadius users mailing list Subject: Re: Radius proxy configuration Maglione Roberta wrote: What I was trying to do is to configure just the forwarding behavior for each authentication request, is it possible to just forward the requests? No. As I said, the server expects a reply. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Questo messaggio e i suoi allegati sono indirizzati esclusivamente alle persone indicate. La diffusione, copia o qualsiasi altra azione derivante dalla conoscenza di queste informazioni sono rigorosamente vietate. Qualora abbiate ricevuto questo documento per errore siete cortesemente pregati di darne immediata comunicazione al mittente e di provvedere alla sua distruzione, Grazie. This e-mail and any attachments is confidential and may contain privileged information intended for the addressee(s) only. Dissemination, copying, printing or use by anybody else is unauthorised. If you are not the intended recipient, please delete this message and any attachments and advise the sender by return e-mail, Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius proxy configuration
Maglione Roberta wrote: Thanks for the clarification and sorry for the basic question. I'm new on this list and I was trying to understand if I can achieve with freeradius a behavior similar to what could be done with another product (navisradius) by setting Radius-CopyMode. In navisradius Radius-CopyMode specifies that after forwarding the request to the remote RADIUS server processing automatically continues with the method. NavisRadius will not wait for a response from the remote server and any response received is discarded. See http://git.freeradius.org. Grab the v2.1.x branch, and look at raddb/modules/replicate. You will need to do configure --with-experimental-modules Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Who processes VLAN information?
Hi, if I'am transmitting VLAN Information back to the supplicant, after an Acces-Accept (see below), who does this information use? Is it an information for the Switch, working an an Authenticator, to put the switchport into VLAN 22 or is it for the Supplicant/Client to enable VLAN tagging and send all packets with the VLAN 22 tag? Who is honouring these information? radtest -t mschap host/scit-beerchen test 127.0.0.1:1812 0 testing123 Sending Access-Request of id 16 to 127.0.0.1 port 1812 User-Name = host/scit-beerchen NAS-IP-Address = 127.0.1.1 NAS-Port = 0 MS-CHAP-Challenge = 0x315c8360df930d89 MS-CHAP-Response = 0x0001ebec6d1eb202859db7dcc8586ecc2469b8dae48d7aabb3ab rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=16, length=100 Tunnel-Private-Group-Id:0 = 22 Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Type:0 = VLAN MS-CHAP-MPPE-Keys = 0x2066656e05c22f3a995ad9ecfed913d6 MS-MPPE-Encryption-Policy = 0x0001 MS-MPPE-Encryption-Types = 0x0006 TIA Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Who processes VLAN information?
Alexandros Gougousoudis wrote: if I'am transmitting VLAN Information back to the supplicant, No, you're not. RADIUS conversations are between a RADIUS client and server. The VLAN information is going to the client, i.e. switch. after an Acces-Accept (see below), who does this information use? Is it an information for the Switch, working an an Authenticator, to put the switchport into VLAN 22 Yes. or is it for the Supplicant/Client to enable VLAN tagging and send all packets with the VLAN 22 tag? No. Who is honouring these information? The switch. Maybe. It is free to ignore the VLAN information. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius proxy configuration
On Wed, May 25, 2011 at 3:47 PM, Alan DeKok al...@deployingradius.com wrote: Maglione Roberta wrote: Thanks for the clarification and sorry for the basic question. I'm new on this list and I was trying to understand if I can achieve with freeradius a behavior similar to what could be done with another product (navisradius) by setting Radius-CopyMode. In navisradius Radius-CopyMode specifies that after forwarding the request to the remote RADIUS server processing automatically continues with the method. NavisRadius will not wait for a response from the remote server and any response received is discarded. See http://git.freeradius.org. Grab the v2.1.x branch, and look at raddb/modules/replicate. You will need to do configure --with-experimental-modules Also, that should only make sense for accounting (where FR can basically send a reply to NAS, and forward the request to home server without caring what the response is). For authentication (like you mentioned in original post), what would the purpose of forward-and-forget be? You'd still need the response from home server to determine whether to accept the user or not. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius proxy configuration
Ok, I try. Thanks, Roberta -Original Message- From: freeradius-users-bounces+roberta.maglione=telecomitalia...@lists.freeradius.org [mailto:freeradius-users-bounces+roberta.maglione=telecomitalia...@lists.freeradius.org] On Behalf Of Alan DeKok Sent: mercoledì 25 maggio 2011 10.47 To: FreeRadius users mailing list Subject: Re: Radius proxy configuration Maglione Roberta wrote: Thanks for the clarification and sorry for the basic question. I'm new on this list and I was trying to understand if I can achieve with freeradius a behavior similar to what could be done with another product (navisradius) by setting Radius-CopyMode. In navisradius Radius-CopyMode specifies that after forwarding the request to the remote RADIUS server processing automatically continues with the method. NavisRadius will not wait for a response from the remote server and any response received is discarded. See http://git.freeradius.org. Grab the v2.1.x branch, and look at raddb/modules/replicate. You will need to do configure --with-experimental-modules Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Questo messaggio e i suoi allegati sono indirizzati esclusivamente alle persone indicate. La diffusione, copia o qualsiasi altra azione derivante dalla conoscenza di queste informazioni sono rigorosamente vietate. Qualora abbiate ricevuto questo documento per errore siete cortesemente pregati di darne immediata comunicazione al mittente e di provvedere alla sua distruzione, Grazie. This e-mail and any attachments is confidential and may contain privileged information intended for the addressee(s) only. Dissemination, copying, printing or use by anybody else is unauthorised. If you are not the intended recipient, please delete this message and any attachments and advise the sender by return e-mail, Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Who processes VLAN information?
Hi Alan, thanks for the quick answer! It seems, the Linksys SRW switches support VLAN and RADIUS, but not an dynamic assignment of VLAN via RADIUS. That's all frustrating, why didn't I run a pedal boats shop on a greek beach... :-) bye Alex The switch. Maybe. It is free to ignore the VLAN information. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Renaming during Machine Authentication
I tried to paste the full log in but it was rejected because of size, what the best option to cut it into pieces and post a few times or is there another way to do it? Thanks Mark -- View this message in context: http://freeradius.1045715.n5.nabble.com/Renaming-during-Machine-Authentication-tp4394421p4425379.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to test raduis is working.. can't find radtest
I have just installed FreeRADIUS 2.07 i think it is.. anyways. i followed a tutorial on how to install in with MySQL on Centos 5 and when i get to the part about testing the database using radtest.. it doesnt work. radtest is not where it should be, have looked on google to try and work out where esactly this 'radtest' lives, but all the locations it i supposed to be.. it isnt! So, where should it be and why isnt it there? do i have to install it separately? Also, how do i test that my radius is working and accepting logins without it? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
TLS Check Cn Question
Greetings, currently I'm using the check_cert_cn option in my EAP-TLS setup. I think I may have the need to support two possible CN formats. Is there any way to do a conditional check? I don't think the eap.conf file is unlang interpreted so I don't think I can include full regexp or if-then conditionals can I? Is there some other way to accomplish this? The docs mention possibly doing this by checking TLS-Client-Cert-CN but I'm not sure where exactly I would do that. Thanks in advance, -David Mitchell - | David Mitchell (mitch...@ucar.edu) Network Engineer IV | | Tel: (303) 497-1845 National Center for | | FAX: (303) 497-1818 Atmospheric Research | - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to test raduis is working.. can't find radtest
On 05/25/2011 10:06 PM, Luke Hammond wrote: I have just installed FreeRADIUS 2.07 i think it is.. anyways. i followed a tutorial on how to install in with MySQL on Centos 5 and when i get to the part about testing the database using radtest.. it doesnt work. radtest is not where it should be, have looked on google to try and work out where esactly this 'radtest' lives, but all the locations it i supposed to be.. it isnt! So, where should it be and why isnt it there? do i have to install it separately? Also, how do i test that my radius is working and accepting logins without it? This isn't really a FreeRADIUS question; it's either a basic unix question, or one specific to the distribution of Linux you're using. Anyway: How did you install FreeRADIUS. If you installed it from the RPM, are you sure you installed all the RPMs you needed? Perhaps the server and client tools are split into separate RPMs? I see Fedora has freeradius-utils RPM - maybe Centos has that too? If you installed it from source - have you looked into the directory you installed it into (/usr/local usually) Try: locate radtest Or : find / | fgrep radtest Try: yum provides '*/radtest' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to test raduis is working.. can't find radtest
Thanks for the reply, i installed it from the Package Manager in Gnome, centos 5.6. Ill try what you suggested, thankyou. On 25/05/2011 6:28 PM, Phil Mayers wrote: On 05/25/2011 10:06 PM, Luke Hammond wrote: I have just installed FreeRADIUS 2.07 i think it is.. anyways. i followed a tutorial on how to install in with MySQL on Centos 5 and when i get to the part about testing the database using radtest.. it doesnt work. radtest is not where it should be, have looked on google to try and work out where esactly this 'radtest' lives, but all the locations it i supposed to be.. it isnt! So, where should it be and why isnt it there? do i have to install it separately? Also, how do i test that my radius is working and accepting logins without it? This isn't really a FreeRADIUS question; it's either a basic unix question, or one specific to the distribution of Linux you're using. Anyway: How did you install FreeRADIUS. If you installed it from the RPM, are you sure you installed all the RPMs you needed? Perhaps the server and client tools are split into separate RPMs? I see Fedora has freeradius-utils RPM - maybe Centos has that too? If you installed it from source - have you looked into the directory you installed it into (/usr/local usually) Try: locate radtest Or : find / | fgrep radtest Try: yum provides '*/radtest' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html