Support for WiMAX VSA
Hello All, Hi I am Nitin Naveen working with HUGHES SYSTIQUE. We have been working to enhance freeradius to support WiMAX VSA (as per WiMAX NWG forum). WiMAX VSA are not the typical type-length-value rather they have type-length-controlinfo-value. We have enhanced the dictionary but we were not able to generate the attributes as per the WiMAX NWG format. For now we have developed our own rlm_hsc_wimax module. We like to contribute to freeradius so that the WiMAX VSA are supported as part of the standard distribution. To this end we can share our code. But before that we would like to follow the correct procedure for releasing the code. Your inputs and suggestion are awaited. Regards Nitin Naveen Principal Engineer HUGHES SYSTIQUE D-8, Infocity-11 Sector-33, Gugaon Haryana, India tel: +91-124-3045400 fax: +91-124-4039301 [EMAIL PROTECTED] www.hsc.com *DISCLAIMER* This message and/or attachment(s) contained here are confidential, proprietary to HUGHES SYSTIQUE and its customers. Contents may be privileged or otherwise protected by law. The information is solely intended for the entity it is addressed to. If you are not the intended recipient of this message, it is strictly prohibited to read, forward, print, retain, copy or disseminate this message or any part of it. If you have received this e-mail in error, please notify the sender immediately and delete the message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Support for WiMAX VSA
Hi Walter, We fixed the freeradius so that the WiMAX VSA may be downloaded to the ASNGW after EAP completion. We have not enhanced freeradius to be AAA server in a WiMAX network. We download the MSK from freeradius to our ASNGW. Based on the downloaded MSK our ASNGW generates the AK context and hence the required keys. Freeradius only provides the key material, generation is part of our ASNGW. Hope this explanation helps. We can work towards making freeradius a complete AAA server for the WiMAX network. Regards Nitin [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 07/19/2007 09:27 AM Please respond to freeradius-users@lists.freeradius.org To freeradius-users@lists.freeradius.org cc Subject Freeradius-Users Digest, Vol 27, Issue 114 Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of Freeradius-Users digest... Today's Topics: 1. RE: Mikrotik Accounting ON/OFF (Hugh Messenger) 2. Re: 1.1.7 sqlippool %{SQL-User-Name} (Peter Nixon) 3. Testing WAD via ntlm_auth (ken) 4. Re: Testing WAD via ntlm_auth ([EMAIL PROTECTED]) 5. RE: Mikrotik Accounting ON/OFF ([EMAIL PROTECTED]) 6. Re: Testing WAD via ntlm_auth ([EMAIL PROTECTED]) 7. RE: Mikrotik Accounting ON/OFF (Hugh Messenger) 8. Support for WiMAX VSA (Nitin Naveen) 9.Support for WiMAX VSA(Walter Goulet) -- Message: 1 Date: Wed, 18 Jul 2007 14:47:22 -0500 From: Hugh Messenger [EMAIL PROTECTED] Subject: RE: Mikrotik Accounting ON/OFF To: 'FreeRadius users mailing list' freeradius-users@lists.freeradius.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain;charset=us-ascii [EMAIL PROTECTED] said: , but if anyone on this list has a Beta 3 setup :-D Good old SETUP - missing or bug: http://forum.mikrotik.com/viewtopic.php?f=1t=16963 OK, I'll rephrase that ... if anyone on this list has a 3.0beta10 install they can test with. :) Ivan Kalik Kalik Informatika ISP -- hugh -- Message: 2 Date: Wed, 18 Jul 2007 23:03:46 +0300 From: Peter Nixon [EMAIL PROTECTED] Subject: Re: 1.1.7 sqlippool %{SQL-User-Name} To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 On Wed 18 Jul 2007, Hugh Messenger wrote: Peter Nixon quoth: On Tue 17 Jul 2007, Hugh Messenger wrote: Can we add sqlippool to the ./modules/stable list? It is in the stable list for 2.0 but its up to Alan whether we put it in for 1.1.7 It's been pretty darn stable for me in 1.1.6. And now we've gotten the MySQL stuff whipped into shape and fixed a few other issues for 1.1.7, I'd say it's ready for Prime Time. OK. Thats good enough for me. I have added it :-) -- Peter Nixon http://peternixon.net/ -- Message: 3 Date: Wed, 18 Jul 2007 21:41:10 +0100 From: ken [EMAIL PROTECTED] Subject: Testing WAD via ntlm_auth To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Does anyone have actual examples of radclient (or other command-line tools) being used to test Freeradius using Windows Active Directory authentication via samba/ntlm_auth? I'd like to be able to test Radius authentication for various different categories of user on our Active Directory. Presumably this involves PEAP/MSCHAPv2 I can't work out how to do it without using a Windows client and a wireless infrastructure we don't have yet. (or even if it is doable) I can use radclient to test PAP and straight CHAP against locally defined users with cleartext passwords. Time to go one step further. -- Message: 4 Date: Wed, 18 Jul 2007 21:55:08 +0100 From: [EMAIL PROTECTED] Subject: Re: Testing WAD via ntlm_auth To: [EMAIL PROTECTED], FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii Hi, Presumably this involves PEAP/MSCHAPv2 I can't work out how to do it without using a Windows client and a wireless infrastructure we don't have yet. (or even if it is doable) you dont need wireless to do such testing - there are plenty of ethernet switches out there that do 802.1x and can throw the EAP authentication to your RADIUS box... with this in mind, you could use
Re: Freeradius-Users Digest, Vol 26, Issue 18
Hi Peter, I did bother to look at rlm_sql. However my need is a bit different. I do not want to fetch values from a DB and added them as values to certain radisu attributes. I want to fetch, do some operation on the feteched value and then add the result of the operation to the radius attributes. Any ideas or suggested steps would be helpful. Regards Nitin Date: Thu, 7 Jun 2007 11:12:47 +0300 From: Peter Nixon [EMAIL PROTECTED] Subject: Re: How to connect to backend DB To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-9 On Thu 07 Jun 2007, Nitin Naveen wrote: Hi, I am writing a new RLM called rlm_prop_protocol. It basically adds some attributes. The value for these attributes are pulled from a backend database (MYSQL). I wanted to know whether there is a provision in freeradius or some standard method that may be used to connect and fetch data from the MYSQL database. As of now I have added MYSQL specific code in my module. Did you bother to look at the FreeRADIUS code before you started writing?? The modules rlm_sql and rlm_sql_mysql would seem to be pretty self explanatory :-) It is quite likely that you can do what you need without writing a new module... Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc *DISCLAIMER* This message and/or attachment(s) contained here are confidential, proprietary to HUGHES SYSTIQUE and its customers. Contents may be privileged or otherwise protected by law. The information is solely intended for the entity it is addressed to. If you are not the intended recipient of this message, it is strictly prohibited to read, forward, print, retain, copy or disseminate this message or any part of it. If you have received this e-mail in error, please notify the sender immediately and delete the message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: How to connect to backend DB
Hi Peter, I did bother to look at rlm_sql. However my need is a bit different. I do not want to fetch values from a DB and added them as values to certain radisu attributes. I want to fetch, do some operation on the feteched value and then add the result of the operation to the radius attributes. Any ideas or suggested steps would be helpful. Regards Nitin Date: Thu, 7 Jun 2007 11:12:47 +0300 From: Peter Nixon [EMAIL PROTECTED] Subject: Re: How to connect to backend DB To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-9 On Thu 07 Jun 2007, Nitin Naveen wrote: Hi, I am writing a new RLM called rlm_prop_protocol. It basically adds some attributes. The value for these attributes are pulled from a backend database (MYSQL). I wanted to know whether there is a provision in freeradius or some standard method that may be used to connect and fetch data from the MYSQL database. As of now I have added MYSQL specific code in my module. Did you bother to look at the FreeRADIUS code before you started writing?? The modules rlm_sql and rlm_sql_mysql would seem to be pretty self explanatory :-) It is quite likely that you can do what you need without writing a new module... Cheers -- *DISCLAIMER* This message and/or attachment(s) contained here are confidential, proprietary to HUGHES SYSTIQUE and its customers. Contents may be privileged or otherwise protected by law. The information is solely intended for the entity it is addressed to. If you are not the intended recipient of this message, it is strictly prohibited to read, forward, print, retain, copy or disseminate this message or any part of it. If you have received this e-mail in error, please notify the sender immediately and delete the message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Nested VSA
Hi, I want to add new VSA parameters to freeradius. This means that I need to add a new dictionary file. But I am not able to understand is how do I add attributes whose value is another attribute. For eg. ATTRIBUTE NITIN NAVEEN Where NAVEEN is ATTRIBUTE NAVEEN10 integer. Kindly help. Regards Nitin ** DISCLAIMER ** This message and/or attachment(s) contained here are confidential, proprietary to HUGHES SYSTIQUE and its customers. Contents may be privileged or otherwise protected by law. The information is solely intended for the entity it is addressed to. If you are not the intended recipient of this message, it is strictly prohibited to read, forward, print, retain, copy or disseminate this message or any part of it. If you have received this e-mail in error, please notify the sender immediately and delete the message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: a freeradious/wireless solution for a school
I too interested and appreciate if you post the doc in the forum Thanks and regards Naveen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Agent Smith Sent: Tuesday, January 23, 2007 11:45 AM To: FreeRadius users mailing list Subject: Re: a freeradious/wireless solution for a school I am interested. Please post the doc. Thakns, --- Tas Dionisakos [EMAIL PROTECTED] wrote: Im in a similar environment, after months of research I have come to the following solution. * Apache * Freeradius * Chillispot * Mysql I have a howto that will help you built a system like this in about half an hour, email me if you want the doc. Chillispot provides a captive portal which makes a user authenticate (over ssl), then you have the power to apply restrictions like bandwidth throttling, session time limit, etc. The only maintenance is creating the account. Tas. Peter Nixon wrote: http://wiki.freeradius.org/EAP -Peter On Tue 23 Jan 2007 00:06, German Kalinec wrote: Therein lies the problem. My potential users are a lot of my students. The idea of having to install certificates in 200+ laptops is not really feasible. And showing them how to install is an exercise in futility, since most of our students are not computer savvy enough to do it. German Kalinec Systems Manager New Roads School 3131 Olympic Blvd. Santa Monica, CA 90404 (310) 828-5582 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] org] On Behalf Of Nazeer Khan Sent: Monday, January 22, 2007 1:44 PM To: FreeRadius users mailing list Cc: freeradius-users@lists.freeradius.org Subject: Re: a freeradious/wireless solution for a school Hi, Use EAP-TLS, the most secure one. It will automatically give encryption key to the clients. U have to do onething, install the client certificates in the beginning in each client machine that will use your wireless and thats it. There are other options like EAP-PEAP, LEAP etc Check out for the types of EAP and you will find out. Cheers. tml -- This email and any attachments may be confidential. They may contain legally privileged information or copyright material. You should not read, copy, use or disclose them without authorisation. If you are not an intended recipient, please contact us at once by return email and then delete both messages. We do not accept liability in connection with computer virus, data corruption, delay, interruption, unauthorised access or unauthorised amendment. This notice should not be removed. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- * Tas Dionisakos IT Manager St Mary's College and Newman College The University of Melbourne T: 03 9342 1708 M: 0439 655 565 E: [EMAIL PROTECTED] C: (0o ()() o0) * - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Never miss an email again! Yahoo! Toolbar alerts you the instant new Mail arrives. http://tools.search.yahoo.com/toolbar/features/mail/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius with Win2K Active Directory
Hi Experts, I am new to freeradius. Can some one point me how to do the Authenticate users in Windows 2000 Active Directory with Freeradius. Is there any how to / step by step document available? Thanks for your Help Regards Naveen - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PEAP
Hi All, I just want to configure freeradius with PEAP ( MS-Chap V2) . iam new to freeradius and certificates. I just want to clear from experts here that does I need any certificate in client side if I use my ownca with open SSL ? Thanks for help Regards Naveen - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: PEAP
Mean I dont want any CA or client certificate right even if I use my ownca by Openssl ? -Original Message- From: Stefan Winter [mailto:[EMAIL PROTECTED] Sent: Thursday, June 15, 2006 5:11 PM To: [EMAIL PROTECTED]; FreeRadius users mailing list Subject: Re: PEAP Hi (sorry, I'm not Alan, hope you don't mind) I just want to configure freeradius with PEAP ( MS-Chap V2) . iam new to freeradius and certificates. I just want to clear from experts here that does I need any certificate in client side if I use my ownca with open SSL ? No. PEAP can do without certs on the client side. You will need one for your server though. Greetings, Stefan Winter -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html