Re: no Client-IP-Address in packet
Mitaine Yoann wrote: > the only problem is that "preprocess" is present in the authorize > section in the radiusd.conf file of the radius server A You should check also the config of the radius server B. And please stop posting with HTML to the mailing list. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE : Re: RE : Re: no Client-IP-Address in packet
Phil Mayers <[EMAIL PROTECTED]> a écrit : Mitaine Yoann wrote:> > */Michael Mitchell <[EMAIL PROTECTED]>/* a écrit :> > Client-IP-Address is an internal freeRADIUS attribute, and is not> defined in the RFC's. Hence it is never proxied to another server.Yes, I am aware of that. I said that, in fact.> > In fact, the "Client-IP-Address" for server B in the example above> would be the address of server A, and not the NAS.> > Exactly, but it would seem that never arrives.> Could you tell me, how to make so that the Client-IP-Address have the > IP address value of server A .Don't remove the preprocess module from authorize.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htmlthe only problem is that "preprocess" is present in the authorize section in the radiusd.conf file of the radius server A :authorize { preprocess suffix eap files Autz-Type LDAP { ldap }}so I don't understand when a proxying request arrives, why the server B didn't match the rule in the users file :DEFAULT Huntgroup-Name == "foo", Ldap-Group == "interne", Autz-Type := Ldapwhere foo Client-IP-Address == x.x.x.xthere is perhaps a bug in the version which I use? Découvrez un nouveau moyen de poser toutes vos questions quelque soit le sujet ! Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions et vos expériences. Cliquez ici. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE : no Client-IP-Address in packet
Mitaine Yoann wrote: In my previous email , I forgot to say that when I received a proxing packet, I tried to match a rule on the radius server B like : DEFAULT Huntgroup-Name == "foo", Autz-Type := Ldap where foo is defining in huntgroups file as : foo Client-IP-Address == x.x.x.x in the users file. But this one hadn't been matched. If somebody has an idea...? Have you run the server in debug mode to see what it is doing? radiusd -X As Phil said "Client-IP-Address is added by the preprocess module. Have you removed this from "authorize"? If so, don't do that." The huntgroups file is also processed in the preprocess module, so if you have removed preprocess from the authorize section then your configuration wont work anyway. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RE : Re: no Client-IP-Address in packet
Mitaine Yoann wrote: */Michael Mitchell <[EMAIL PROTECTED]>/* a écrit : Client-IP-Address is an internal freeRADIUS attribute, and is not defined in the RFC's. Hence it is never proxied to another server. Yes, I am aware of that. I said that, in fact. In fact, the "Client-IP-Address" for server B in the example above would be the address of server A, and not the NAS. Exactly, but it would seem that never arrives. Could you tell me, how to make so that the Client-IP-Address have the IP address value of server A . Don't remove the preprocess module from authorize. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE : Re: no Client-IP-Address in packet
Michael Mitchell <[EMAIL PROTECTED]> a écrit :Client-IP-Address is an internal freeRADIUS attribute, and is not defined in the RFC's. Hence it is never proxied to another server.In fact, the "Client-IP-Address" for server B in the example above would be the address of server A, and not the NAS. Exactly, but it would seem that never arrives. Could you tell me, how to make so that the Client-IP-Address have the IP address value of server A . your sincerly Découvrez un nouveau moyen de poser toutes vos questions quelque soit le sujet ! Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions et vos expériences. Cliquez ici. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: no Client-IP-Address in packet
Phil Mayers wrote: Mitaine Yoann wrote: When I proxied the request from to server A to the server B, there wasn't Client-IP-Address in the packet. Client-IP-Address is added by the preprocess module. Have you removed this from "authorize"? If so, don't do that. Client-IP-Address is an internal freeRADIUS attribute, and is not defined in the RFC's. Hence it is never proxied to another server. In fact, the "Client-IP-Address" for server B in the example above would be the address of server A, and not the NAS. regards, Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE : no Client-IP-Address in packet
Dear everybody,In my previous email , I forgot to say that when I received a proxing packet, I tried to match a rule on the radius server B like :DEFAULT Huntgroup-Name == "foo", Autz-Type := Ldapwhere foo is defining in huntgroups file as : foo Client-IP-Address == x.x.x.xin the users file.But this one hadn't been matched.If somebody has an idea...?Mitaine Yoann <[EMAIL PROTECTED]> a écrit : Dear everybody,I've installed the radius 's CVS version of 08-23-06.I've this architecture : client < > AP <> Radius A <> Radius B 802.1X proxyingThe client does not have adress of IP, it recover his IP address by the DHCP server installed in radius server A, after being authenticated.I'm doing an EAP/TTLS authentication.When I proxied the request from to server A to the server B, there wasn't Client-IP-Address in the packet. I thought radius server A would have put its own ip address for Client-IP-Address attribute before sending the packet to server B. So, I would like to know if it's a normal situation and in this case, how I could insert the Client-IP-Address attribute in the packet. Thanks in advance.Your sincerly. Découvrez un nouveau moyen de poser toutes vos questions quelque soit le sujet ! Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions et vos expériences. Cliquez ici. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Découvrez un nouveau moyen de poser toutes vos questions quelque soit le sujet ! Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions et vos expériences. Cliquez ici. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: no Client-IP-Address in packet
Mitaine Yoann wrote: Dear everybody, I've installed the radius 's CVS version of 08-23-06. I've this architecture : client < > AP <> Radius A <> Radius B 802.1X proxying The client does not have adress of IP, it recover his IP address by the DHCP server installed in radius server A, after being authenticated. I'm doing an EAP/TTLS authentication. Client-IP-Address refers to the client of the radius server, not the client of the NAS When I proxied the request from to server A to the server B, there wasn't Client-IP-Address in the packet. Client-IP-Address is added by the preprocess module. Have you removed this from "authorize"? If so, don't do that. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
no Client-IP-Address in packet
Dear everybody,I've installed the radius 's CVS version of 08-23-06.I've this architecture : client < > AP <> Radius A <> Radius B 802.1X proxyingThe client does not have adress of IP, it recover his IP address by the DHCP server installed in radius server A, after being authenticated.I'm doing an EAP/TTLS authentication.When I proxied the request from to server A to the server B, there wasn't Client-IP-Address in the packet. I thought radius server A would have put its own ip address for Client-IP-Address attribute before sending the packet to server B. So, I would like to know if it's a normal situation and in this case, how I could insert the Client-IP-Address attribute in the packet. Thanks in advance.Your sincerly. Découvrez un nouveau moyen de poser toutes vos questions quelque soit le sujet ! Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions et vos expériences. Cliquez ici. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html