RE: Cisco Mac-Auth-Bypass with Freeradius 2.0.4
Frank Ivan, Just wanted to thank yall for the advice and let you know this worked like a charm. Just had to change Fall-Through = True to Fall-Through = Yes which was simple enough using the debug output. Version thing with the syntax I guess... Thanks again! Austin -Original Message- Message: 5 Date: Fri, 16 May 2008 10:27:06 +1000 From: Ranner, Frank MR [EMAIL PROTECTED] Subject: RE: Cisco Mac-Auth-Bypass with Freeradius 2.0.4 [SEC=UNCLASSIFIED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org __ From: [EMAIL PROTECTED] g [mailto:[EMAIL PROTECTED] adius.org] On Behalf Of MONTFORD, AUSTIN Sent: Friday, 16 May 2008 07:31 To: freeradius-users@lists.freeradius.org Subject: Cisco Mac-Auth-Bypass with Freeradius 2.0.4 Hey, I just got this working on a test server finally using the users file and have a quick question. I was wondering is there a way where I don't have to type the last 3 lines of this everytime in my users file? I was thinking of using some kind of setup with a seperate file for each vlan containing only the first statement (with the mac address as the user/pass). Then $include each vlanfile in the users file with freeradius appending the correct tunnel statements depending on what vlanfile the mac address was in. Anyways I haven't quite wrapped my head around the syntax to do this or am sure this is the best way. If someone has any advice that would be great. 1234Cleartext-Password := 1234 Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802 Tunnel-Private-Group-Id = Students By the way Freeradius rocks! Thanks, Austin There is a couple of ways to do this. 1. Use groups. 2. Use Fall-Through and group you users file. Example: # Set boilerplate text DEFAULT Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802, Fall-Through = True # Staff systems DEFAULT Tunnel-Private-Group-Id := Staff, Fall-Through = True $INCLUDE staff.users # Student systems DEFAULT Tunnel-Private-Group-Id := Students, Fall-Through = True $INCLUDE student.users ... DEFAULT Auth-Type:=reject Student.users would have lines like: 1234Cleartext-Password := 1234 1235Cleartext-Password := 1235 and could be generated by a script. Regards, Frank Ranner - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cisco Mac-Auth-Bypass with Freeradius 2.0.4
Hey, I just got this working on a test server finally using the users file and have a quick question. I was wondering is there a way where I don't have to type the last 3 lines of this everytime in my users file? I was thinking of using some kind of setup with a seperate file for each vlan containing only the first statement (with the mac address as the user/pass). Then $include each vlanfile in the users file with freeradius appending the correct tunnel statements depending on what vlanfile the mac address was in. Anyways I haven't quite wrapped my head around the syntax to do this or am sure this is the best way. If someone has any advice that would be great. 1234Cleartext-Password := 1234 Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802 Tunnel-Private-Group-Id = Students By the way Freeradius rocks! Thanks, Austin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco Mac-Auth-Bypass with Freeradius 2.0.4
You can create groups for use in users file by using passwd module. Have a look at explanations in radiusd.conf and man pages. You could then assign tunnel attributes with DEFAULT entries in users file checking Group-Name. Ivan Kalik Kalik Informatika ISP Dana 15/5/2008, MONTFORD, AUSTIN [EMAIL PROTECTED] piše: Hey, I just got this working on a test server finally using the users file and have a quick question. I was wondering is there a way where I don't have to type the last 3 lines of this everytime in my users file? I was thinking of using some kind of setup with a seperate file for each vlan containing only the first statement (with the mac address as the user/pass). Then $include each vlanfile in the users file with freeradius appending the correct tunnel statements depending on what vlanfile the mac address was in. Anyways I haven't quite wrapped my head around the syntax to do this or am sure this is the best way. If someone has any advice that would be great. 1234Cleartext-Password := 1234 Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802 Tunnel-Private-Group-Id = Students By the way Freeradius rocks! Thanks, Austin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Cisco Mac-Auth-Bypass with Freeradius 2.0.4 [SEC=UNCLASSIFIED]
UNCLASSIFIED __ From: [EMAIL PROTECTED] g [mailto:[EMAIL PROTECTED] adius.org] On Behalf Of MONTFORD, AUSTIN Sent: Friday, 16 May 2008 07:31 To: freeradius-users@lists.freeradius.org Subject: Cisco Mac-Auth-Bypass with Freeradius 2.0.4 Hey, I just got this working on a test server finally using the users file and have a quick question. I was wondering is there a way where I don't have to type the last 3 lines of this everytime in my users file? I was thinking of using some kind of setup with a seperate file for each vlan containing only the first statement (with the mac address as the user/pass). Then $include each vlanfile in the users file with freeradius appending the correct tunnel statements depending on what vlanfile the mac address was in. Anyways I haven't quite wrapped my head around the syntax to do this or am sure this is the best way. If someone has any advice that would be great. 1234Cleartext-Password := 1234 Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802 Tunnel-Private-Group-Id = Students By the way Freeradius rocks! Thanks, Austin There is a couple of ways to do this. 1. Use groups. 2. Use Fall-Through and group you users file. Example: # Set boilerplate text DEFAULT Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802, Fall-Through = True # Staff systems DEFAULT Tunnel-Private-Group-Id := Staff, Fall-Through = True $INCLUDE staff.users # Student systems DEFAULT Tunnel-Private-Group-Id := Students, Fall-Through = True $INCLUDE student.users ... DEFAULT Auth-Type:=reject Student.users would have lines like: 1234Cleartext-Password := 1234 1235Cleartext-Password := 1235 and could be generated by a script. Regards, Frank Ranner - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
