Hi,
[files] users: Matched entry test at line 86
++[files] returns ok
and what is that entry?
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the
user
what type of authentication is this?
sucketh and found similar recriminations to RTFM and run radiusd -X. I
Pete Ashdown wrote:
I also searched via Google site:lists.freeradius.org because Mailman's archive
sucketh and found similar recriminations to RTFM and run radiusd -X.
That text *also* said to POST THE OUTPUT TO THE LIST.
It's understandable that you're not a RADIUS expert. That's what
Pete,
On Sat, May 25, 2013 at 02:31:12PM -0600, Pete Ashdown wrote:
I'm trying to restrict a guest user from a single NAS-IP-Address via users
and I can't get it to work.
Doesn't work:
test NAS-IP-Address == 127.0.0.1
Auth-Type := Accept
Try:
test NAS-IP-Address == 127.0.0.1
I'm trying to restrict a guest user from a single NAS-IP-Address via users
and I can't get it to work.
Doesn't work:
testNAS-IP-Address == 127.0.0.1
Auth-Type := Accept
testNAS-IP-Address == 127.0.1.1
Auth-Type := Accept
Works, but it isn't restricted by NAS:
test
Pete Ashdown wrote:
I'm trying to restrict a guest user from a single NAS-IP-Address via users
and I can't get it to work.
Doesn't work:
test NAS-IP-Address == 127.0.0.1
Auth-Type := Accept
That's wrong. Why? See the debug output. It *tells* you what's
wrong, and how to fix
On Sat, May 25, 2013 at 06:23:44PM -0400, Alan DeKok wrote:
You *did* run the server in debugging mode, as suggested in the FAQ,
README, man page, and daily on this list?
Yes I did, over a period of about 3 hours of trial and error before banging my
head against:
[...]
[files] users:
section. Using default return values.
Sending Access-Request of id 122 to 10.200.0.1 port 1812
User-Name =3D noo
User-Password =3D test
NAS-IP-Address =3D 10.10.10.10
Proxy-State =3D 0x3130
Proxying request 0 to home server 10.200.0.1 port 1812
Sending Access-Request
Jeremiah Peterson wrote:
Thanks Alan.
I have been researching what you said and have seen from debug that the
code you gave me seems to be accepted by the server when it is
processed. I put the code in the authorize section of the
/etc/freeradius/sites-enabled/default.
I get:
Well...
--
If you reply to this email, your message will be added to the discussion
below:
http://freeradius.1045715.n5.nabble.com/Selecting-authentication-based-on-NAS-IP-Address-or-Client-IP-Address-tp5720259p5720330.html
To unsubscribe from FreeRADIUS, click
herehttp://freeradius
Jeremiah Peterson wrote:
I see that it is possible to create realms and have each realm use a
different proxy, but what I am more interested in is having the
authentication method be selected based on client.
For example:
If the request comes from IP 10.10.10.10 and user bob then use
I see that it is possible to create realms and have each realm use a different
proxy, but what I am more interested in is having the authentication method be
selected based on client.
For example:
If the request comes from IP 10.10.10.10 and user bob then use home_server_pool
xxx (and return
NAS-Port-Type = Ethernet
User-Name = 7622240489
Calling-Station-Id = 90:F6:52:D5:74:96
Called-Station-Id = EHO-L
NAS-Port-Id = 902- ADSL-EMAM-HOSIEN
NAS-Identifier = 2800gs-langha
NAS-IP-Address = 10.185.3.5
SQL-User-Name = 7622240489
= EHO-L
NAS-Port-Id = 902- ADSL-EMAM-HOSIEN
NAS-Identifier = 2800gs-langha
NAS-IP-Address = 10.185.3.5
SQL-User-Name = 7622240489
But not work for Cisco :
Packet-Type = Access-Request
Cisco-AVPair = client-mac-address=9094.e483.**390b
NAS-Port = 11062419
NAS-Port-Type = Ethernet
User-Name = 7622240489
Calling-Station-Id = 90:F6:52:D5:74:96
Called-Station-Id = EHO-L
NAS-Port-Id = 902- ADSL-EMAM-HOSIEN
NAS-Identifier = 2800gs-langha
NAS-IP-Address = 10.185.3.5
2012/6/25 Fajar A. Nugraha l...@fajar.net:
NAS-IP-Address should be whatever the NAS sends, which can be its
loopback/admin address, or it's private IP address in case of NAT.
Well, I don't think that. NAS is sending its public IP, I mean the nat
device IP, not its actual IP.
Except that I am
Hi,
I wonder radwho can show the actual Nas-IP-Address os and not the
Nat device IP nat. Another interesting option would be NAS-Identifier.
Is that feasible?
Thanks in advance!
--
--
Sergio Belkin http://www.sergiobelkin.com
Watch More TV http://sebelk.blogspot.com
LPIC-2 Certified - http
NAS-IP-Address should be whatever the NAS sends, which can be its
loopback/admin address, or it's private IP address in case of NAT.
Packet-Src-IP-Address, on the other hand, is whatever the radius sees
the packet coming from, which should be the NAS/firewal's public IP
address in your case
Arran,
Yes. You're right. It works. Great!
Thanks!
Tom
-- Original --
From: a.cudbardba.cudba...@freeradius.org;
Date: Tue, Sep 13, 2011 03:56 PM
To: 23942637402394263...@qq.com;
Subject: Re: NAS IP Address
Ah you want
addres(Internet gateway IP
address) to MySql database.
edit the queries in
raddb/sql/mysql/dialup.conf
and add the additional columns to the SQL database.
The original IP address of the NAS may be sent in the NAS-IP-Address attribute,
in which case use the expansion %{NAS-IP-Address
Eric Geier wrote:
I found %{Packet-Src-IP-Address} but when I include this in the
postauth_query, it doesn't work...the fields are blank in the DB when I view
it.
And what does debug log say?
If Packet-Src-IP-Address doesn't work, odds are you're running 1.x.
Upgrade.
Alan DeKok.
-
Hi,
Does anyone happen to know if consumer-level Wi-Fi routers typically
transmit the NAS-IP-Address or NAS-Identifier (or maybe both) in the
Access-Request?
RFC's say
An Access-Request MUST contain either a NAS-IP-Address attribute or a
NAS-Identifier
attribute (or both).
so, you will get
of it, if there isn't a NAS-IP-Address then
authentication wouldn't work, right? Cause FR needs to lookup the shared
secret based upon the NAS-IP-Address?
- Eric
-Original Message-
From: freeradius-users-bounces+me=egeier@lists.freeradius.org
[mailto:freeradius-users-bounces+me=egeier
, August 16, 2011 10:38 AM
To: FreeRadius users mailing list
Subject: Re: NAS-IP-Address or NAS-Identifier in Access-Request?
Eric Geier wrote:
Yes I read that in the RFC, but was wondering what vendors usually do,
what's the most typical, etc. I'm also wondering the same about the
Calling
@lists.freeradius.org
[mailto:freeradius-users-bounces+me=egeier@lists.freeradius.org] On
Behalf Of Eric Geier
Sent: Tuesday, August 16, 2011 3:49 PM
To: 'FreeRadius users mailing list'
Subject: RE: NAS-IP-Address or NAS-Identifier in Access-Request?
Understood, thanks!
Can I log the source IP
Does anyone happen to know if consumer-level Wi-Fi routers typically
transmit the NAS-IP-Address or NAS-Identifier (or maybe both) in the
Access-Request?
Would be great if there was a central place to look up the exact attributes
and formats vendors use.
Thanks, Eric
-
List info/subscribe
On 10/21/2010 03:34 AM, ichiro tanaka wrote:
Hi.
i have a problem proxy.
Proxying to auth-server, and NAS-IP-Address was automatically added by proxy.
can I stop it?
It was probably added by the preprocess module, if memory serves.
Why would you want to stop it?
If you do, just remove
to handle.
Oh, I see.
Surely I didn't think that preprocess added NAS-IP-Address.
I used attr_filter, and could stop it.
my settings...
---
/etc/raddb/attrs.pre-proxy
example.jp
User-Name =* ANY,
User-Password =* ANY,
NAS-IP-Address !* ANY
DEFAULT
User-Name =* ANY,
User
Hi.
i have a problem proxy.
Proxying to auth-server, and NAS-IP-Address was automatically added by proxy.
can I stop it?
I used ntradping-1.5 and freeradius-2.1.10.
--hosts--
ntradping-1.5 10.233.55.200
proxy (freeradius-2.1.10) 10.233.36.101
auth-server (freeradius-2.1.10) 10.233.36.100
Hi,
Is it possible to apply special policy based on NAS IP Address, for
example I want to check originating ip address for special NAS or set IP
Address pool for the other NAS .
Thanks in advance
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
...@rasana.net*:
Hi,
Is it possible to apply special policy based on NAS IP Address, for
example I want to check originating ip address for special NAS or
set IP
Address pool for the other NAS .
Thanks in advance
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
|
++--+---+++
select * from radgroupcheck;
++---+++-+
| id | groupname | attribute | op | value |
++---+++-+
| 1 | group1| Nas-IP-Address | == | 192.168.1.5 |
| 2 | group1
On Thu, Mar 18, 2010 at 2:21 PM, power159 power...@gmail.com wrote:
the only problem that I have is if user is membership of 2 groups .
freeradius is processing none of them ! even if both are matching ! but if I
remove one of groups its working without any problem ! and assigning ip from
ip
I have read doc/rlm_sql many times but I unable to find any solution .
adding Fall-Through in radreply for user or radgroupreply for groups doesn't
help ..
even I tried to use huntgroups but same result ..
it works just when the user is membership of a group .. mean if I add user
to second group
phase, a ldap search is done : if the user is member
of
a group identified by the host ip he wants to connect, the user is
authorized.
The problem is here : freeradius receives an Access-Request packet with a
NAS-IP-Address (the good one) and to search in the ldap, it doesn't send
by the host ip he wants to connect, the user is
authorized.
The problem is here : freeradius receives an Access-Request packet with a
NAS-IP-Address (the good one) and to search in the ldap, it doesn't send the
ip received in the packet but another one !
Why this attribute is modified
phase, a ldap search is done : if the user is member of a
group identified by the host ip he wants to connect, the user is authorized.
The problem is here : freeradius receives an Access-Request packet with a
NAS-IP-Address (the good one) and to search in the ldap, it doesn't send the
ip received
I have a big problem in freeradius installed in version 1.1.4 on RHEL 5,
and
today it's the third day i'm looking for a solution :(
Upgrade. This was likely fixed ages ago.
http://wiki.freeradius.org/Red_Hat_FAQ
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
thanks for the quick answer :)
Indeed, the version installed is not the last one but the no longer
maintained one
I just did yum install freeradius.
I will fix this right now
Thanks again
--
KeV
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Checkval with Calling-station-id works fine ! And I want to check also the IP
of the NAS to authenticate my user.
rlm_checkval: Item Name: Calling-Station-Id, Value: 192.168.0.80
rlm_checkval: Value Name: Calling-Station-Id, Value: 192.168.0.80
++[station-check] returns ok
NAS-IP-Address can
Well, I am using checkval to check the attribute NAS-IP-Address, what I want :
I have several users and several NAS, some users allows to authenticate on some
NAS, and others not. I use an openldap database. Each users have an attribute
radiusCheckItem. I don't know if I am right, if it's
d'origine-
De : Ivan Kalik [mailto:t...@kalik.net]
Envoyé : mardi 19 mai 2009 15:09
À : François Mehault
Objet : RE: check-item NAS-IP-ADdress Calling-Station-ID with openldap
Well, I am using checkval to check the attribute NAS-IP-Address, what I
want : I have several users and several NAS
. I have an active directory to do this.
I configure slapd.conf, radius.conf, clients.conf, module ldap etc ... and it's
works. And now I would like to add some check-item like NAS-IP-Address and
Caliing-Station-ID. But I don't succeed :s, I use checkval to do this.
I have 2 questions
have in my log «
rlm_checkval: Item Name: NAS-IP-Address, Value: À¨ » instead of
192.168.0.50, what is the problem ???
NAS-IP-Address can be forged. Use Client-IP-Address. I am not sure why did
it come out like that in checkval when elsewhere in the debug it looks OK.
Ivan Kalik
Kalik
Original-Nachricht
Datum: Fri, 30 Jan 2009 11:51:20 +0100
Von: t...@kalik.net
An: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Betreff: Re: IP-Assignment with sqlippool based on nas-ip-address
Now, the behaviour of the server changed in the way
I'm afriad, but this won't work in my environment. I will need a different
subnetmask.
Can you explain why do you think 255.255.255.255 netmask won't work for
you. Do you know how that netmask works?
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
That should happen only if IP allocation has expired (see lease-duration
in sqlippool.conf). There is another allocate-find query that issues
random IPs.
Hmmm, maybe there is another problem in my config. I tried two requests within
ten seconds. Attached you'll find the debug. During the
I have attached new schema and queries for mysql sqlippool. These should
work with both 4 and 5 MySQL versions (I have done some manual testing
on both; 4 on Linux and 5 on Windows). In version 5 (at least the
Windows one I have tested on) CURRENT_TIMESTAMP defaults to '-00-00
00:00:00'
Now, the behaviour of the server changed in the way, that the freeradius
reserves only one ip-address per user. if the same user logs in again on the
same nas (without accounting-stop-packet before), the old ip-address is freed
and the user receives a new one.
That should happen only if IP
Hm, does it see NULL greater than now()? Replace NULL in expiry_time
column with -00-00 00:00:00 (that's what MySQL thinks null
datetime is - it will match IS NULL). And in that previous query replace
= NULL with = '-00-00 00:00:00'.
If this is so, sqlippool schema will need to
Sebastian Heil wrote:
Hm, does it see NULL greater than now()? Replace NULL in expiry_time
column with -00-00 00:00:00 (that's what MySQL thinks null
datetime is - it will match IS NULL). And in that previous query replace
= NULL with = '-00-00 00:00:00'.
If this is so, sqlippool
i have another question: when does the server free an ip-address? i
tested a login with the same username within one minute and the server
reserved
two different ip-addresses. i thought, that the server will use the same
ip-address for the second login, but the server doesn't.
Which
Hm, does it see NULL greater than now()? Replace NULL in expiry_time
column with -00-00 00:00:00 (that's what MySQL thinks null
datetime is - it will match IS NULL). And in that previous query replace
= NULL with = '-00-00 00:00:00'.
If this is so, sqlippool schema will need to be
Is there another possibility to reassign the same ip-address to the user again?
Not while first connection is still active. That can't possibly work.
NAS will reject such IP.
Are you trying to create a multilink? That is NAS, not radius capability.
Ivan Kalik
Kalik Informatika ISP
-
List
Is there another possibility to reassign the same ip-address to the user
again?
Not while first connection is still active. That can't possibly work.
NAS will reject such IP.
Are you trying to create a multilink? That is NAS, not radius capability.
Ivan Kalik
Kalik Informatika ISP
:
-
## This series of queries allocates an IP address
## (Note: If your pool-key is set to Calling-Station-Id and not NAS-Port
## then you may wish to delete the AND nasipaddress = '%{Nas-IP-Address}'
## from the WHERE clause)
allocate-clear = UPDATE ${ippool_table} \
SET nasipaddress = '', pool_key = 0
Hm, does it see NULL greater than now()? Replace NULL in expiry_time
column with -00-00 00:00:00 (that's what MySQL thinks null
datetime is - it will match IS NULL). And in that previous query
replace
= NULL with = '-00-00 00:00:00'.
If this is so, sqlippool schema will need
@@
SET nasipaddress = '%{NAS-IP-Address}', pool_key = '${pool-key}', \
callingstationid = '%{Calling-Station-Id}', username = '%{User-Name}', \
expiry_time = NOW() + INTERVAL ${lease-duration} SECOND \
- WHERE framedipaddress = '%I' AND expiry_time = NULL
+ WHERE framedipaddress = '%I
You don't. You use sql groups.
Create two groups, group1 and group2; add to radgroupcheck:
Nas-IP-Address == nas1 address and Pool-Name := pool1 for group1 and
Nas-IP-Address == nas2 address and Pool-Name := pool2 for group2. Add
the user to both groups.
Thanks,
it seems
it seems, as if this is working...
But there seems to be another problem or even a bug:
What does this errormessage mean?
rlm_sql_mysql: MYSQL check_error: 1064 received
sqlippool_command: database query error in: 'UPDATE radippool SET
nasipaddress = '',
TRANSACTION
[sqlippool] expand: UPDATE radippool SET nasipaddress = '', pool_key = 0,
callingstationid = '', username = '', expiry_time = NULL WHERE
expiry_time = NOW() - INTERVAL 1 SECOND AND nasipaddress =
'%{Nas-IP-Address}' - UPDATE radippool SET nasipaddress = '', pool_key
But there seems to be a problem with this statement now:
-
SELECT framedipaddress FROM radippool WHERE pool_name = 'poolDE' AND
expiry_time NOW() ORDER BY (username 'peter2'), (callingstationid
''), expiry_time LIMIT 1 FOR UPDATE
This statement should receive
Hello,
we are using freeradius 2.1.1 on suse linux enterprise server 10.
We have different Network Access Servers, which are located in different
locations. The users, which login to this NAS, will be assigned an ip-address
by the sqlippool-module.
I read a lot of the documentation and tried
the sqlippool-module to assign an ipaddress based
on the nas, on the which the users logs in.
You don't. You use sql groups.
Create two groups, group1 and group2; add to radgroupcheck:
Nas-IP-Address == nas1 address and Pool-Name := pool1 for group1 and
Nas-IP-Address == nas2 address and Pool-Name := pool2
Hello!
I deal with bad hand-made NAS, which doesn't include Nas-Ip-Address
attribute into the packet.
So I can't distinguish packets from different NAS'es.
Is there a way to add this attribute (with value of source address of
UDP datagram) using standard FreeRadius facilities?
We don't use
I deal with bad hand-made NAS, which doesn't include Nas-Ip-Address
attribute into the packet.
So I can't distinguish packets from different NAS'es.
Is there a way to add this attribute (with value of source address of
UDP datagram) using standard FreeRadius facilities?
Packet-Src-IP-Address
Dmitry V. Krivenok wrote:
I deal with bad hand-made NAS, which doesn't include Nas-Ip-Address
attribute into the packet.
So I can't distinguish packets from different NAS'es.
Look at Packet-Src-IP-Address. It is a virtual attribute that you
can use in dynamic expansions.
Is there a way
Alan DeKok wrote:
Dmitry V. Krivenok wrote:
I deal with bad hand-made NAS, which doesn't include Nas-Ip-Address
attribute into the packet.
So I can't distinguish packets from different NAS'es.
Look at Packet-Src-IP-Address. It is a virtual attribute that you
can use in dynamic
Dmitry V. Krivenok wrote:
It looks cool.
Where can I use this code?
In authorize section?
Anywhere.
request-client-ipaddr seems to be what I need.
It may *not* be the same as request-packet-src_ipaddr. The client
IP address may be a netmask, and not a /32.
I tested via the following
Sewell, Adam W wrote:
Thanks for the help guys, but I don't think that's going to work
for me. I was doing some testing today and it doesn't seem like
I can add a filter-id to the access-accept packet from the
post-auth function.
Uh... no. You can add almost anything to the Access-Accept
?
- Original Message -
From: [EMAIL PROTECTED]
Sent: Fri, 8/22/2008 3:10am
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Subject: Re: NAS-IP-Address, rlm_perl, and loopback
Hi,
Which explains what's going on. PEAP is really two things: an outer
TLS session, and inner EAP
is working ok. What I want to happen is with the NAS-IP-Address being
sent back, I can tell the port on the switch (NAS) which policy this person
should have. This would work great if I could get some consistent data from
the NAS.
Then put it in the post-auth section. In 2.0.5,
raddb
Hi,
Which explains what's going on. PEAP is really two things: an outer
TLS session, and inner EAP-MSCHAPv2 authentication. So there are *two*
streams of RADIUS packets. One that sets up the tunnel, and one that
does the authentication inside of the tunnel.
yep - so if you only want to
I'm having a couple of issues particularly pertaining to the NAS-IP-Address
variable that is passed from the switch. When a client sends the auth-request,
we find that the authorize function of our perl script is being executed
multiple times for the same request. I would think
Adam W. Sewell wrote:
I'm having a couple of issues particularly pertaining
to the NAS-IP-Address variable that is passed from the
switch. When a client sends the auth-request, we find
that the authorize function of our perl script is being
executed multiple times for the same request
This also leads into the second issue I'm having that when
the perl script does run, it doesn't always pass the same
data in the NAS-IP-Address variable. Half the time it is the
correct information and half the time it is 127.0.0.1.
Go read the debug output. The NAS-IP-Address
hello!
now i have this. i hope this time your answerme!!1
Sending Access-Request of id 42 to 10.0.6.29 port 1812
User-Name = test
User-Password = testing123
NAS-IP-Address = 10.30.1.104
NAS-Port = 1812
rad_recv: Access-Reject packet from host
hi,
you need to look at the debug log for the
RADIUS server which lives at 10.0.6.29
as that is the thing doing the rejecting!
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
= testing123
NAS-IP-Address = 10.30.1.104 http://10.30.1.104
NAS-Port = 1812
rad_recv: Access-Reject packet from host 10.0.6.29 http://10.0.6.29
port 1812, id=42, length=88
State =
0xb58bf2bf2470c7b33a07ab72ff21378e
-Request of id 74 to 10.0.6.29 port 1812
User-Name = test
User-Password = testing123
NAS-IP-Address = 10.30.1.104
NAS-Port = 1812
rad_recv: Access-Reject packet from host 10.0.6.29 port 1812, id=74,
length=88
State
Hi,
hi ! to firts alan my server is 10.30.1.104 no 10.0.6.29 and when i write
this: radiusd -i 10.30.1.104 -p 1812 -x -X :
okay. your server is 10.30.1.104
ok, and when i write : radtest test testing123 10.0.6.29 1812 testing123 i
get:
do you know what that command means? you are sending
hi ! to firts alan my server is 10.30.1.104 no 10.0.6.29
Fine.
ok, and when i write : radtest test testing123 10.0.6.29 1812 testing123
So why are you sending the request to the wrong radius server? Read
instructions how to use radtest again.
Ivan Kalik
Kalik Informatika ISP
-
List
Hi,
I am using freeradius 2.0.5 with MySQL, I am very new to Radius and
FreRadius so please pardon my ignorance
I need to reject user if his NAS-IP-Address input attribute does not match
check attributes defined for his group.
For example radgroupcheck
| 1 | GROUP1 | NAS-IP-Address
leopold wrote:
If user is coming from NAS-IP-Address x.x.x.1 or x.x.x.2 or x.x.x.3 the user
should be accepted and reply attributes are sent back
If however if user is coming from NAS-IP-Address y.y.y.1 he should be
rejected (even in the case he provide a valid password and NAS y.y.y.1
output a valid user with valid password comes from wrong
NAS-IP-Address which does not belong to check attributes of the user's group
++[sql] returns ok
++? if (!reply:Service-Type)
? Evaluating !(reply:Service-Type) - FALSE
++? if (!reply:Service-Type) - TRUE
++- entering if (!reply:Service-Type
See in debug output a valid user with valid password comes from wrong
NAS-IP-Address which does not belong to check attributes of the user's group
++[sql] returns ok
That is wrong. If group check fails sql should return notfound. Check
your sql entries again. Have you altered default sql queries
Ivan,
Even with default SQL query it returns OK, because user is defined properly,
it is just check attributes of group do not match
I went to the code and I saw that rlm_sql_process_groups function causes the
whole module to return OK even though NAS-IP-Address attribute does not
match
Note
{
/* rows == 0 here */
found = 0;
Comments?
--
View this message in context:
http://www.nabble.com/authorization%3A-unlang-NAS-IP-Address-tp18609937p18617625.html
Sent from the FreeRadius - User mailing list archive at Nabble.com
the
whole module to return OK even though NAS-IP-Address attribute does not
match
Note it does not return attributes, it just return OK
/*
* rows == 0. This is like having the username on
a line
* in the user's file with no check vp's
Hi, I'm running freeradius-1.1.7.1 and have switched to using a subnet
for my NAS devices in clients.conf.
Unfortunately, my logs no longer tell me which NAS device a request
came from and show only the MAC address of the user's laptop.
Is there a way to get the NAS IP address as well
a request
came from and show only the MAC address of the user's laptop.
Is there a way to get the NAS IP address as well in the logs? Having
the NAS IP, the user's laptop IP and also MAC address in one line
would be great.
Thanks!
~Matt
-
List info/subscribe/unsubscribe? See http
Giovanni Lovato wrote:
I would like to assign IP addresses from pools based on which NAS the
request comes from. Can I achieve this? Users are stored in LDAP and NAS
on SQL.
See the sqlippool module.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
I would like to assign IP addresses from pools based on which NAS the
request comes from. Can I achieve this? Users are stored in LDAP and NAS
on SQL.
smime.p7s
Description: S/MIME Cryptographic Signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Giovanni Lovato wrote:
What key on sqippool table should I set to make FR choose a pool based
on NAS-IP-Address?
Read the sqlippool.conf file? This IS documented.
The scenario is:
1. a NAS requires access for a user;
2. if FR doesn't find a Framed-IP-Address on user attributes
on NAS-IP-Address?
The scenario is:
1. a NAS requires access for a user;
2. if FR doesn't find a Framed-IP-Address on user attributes, it should
assign an IP from a pool depending which NAS the request comes from.
I tried to set `nasipaddress' key on sqippool table but FR seems ignore
Users file:
DEFAULT NAS-IP-Address == a.b.c.d, Pool-Name := thatNASpool
Ivan Kalik
Kalik Informatika ISP
Dana 29/5/2008, Giovanni Lovato [EMAIL PROTECTED] piše:
Alan DeKok wrote:
Giovanni Lovato wrote:
I would like to assign IP addresses from pools based on which NAS the
request comes
Hi, how can I get the NAS-IP-Address in radius.log?
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dana 23/4/2008, Sergio Belkin [EMAIL PROTECTED] piše:
Hi, how can I get the NAS-IP-Address in radius.log?
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List
is a remote server (connect to radius via
vpn) with NAS's behind.
If I run in debug mode I can see the actual NAS IP can be read,
For example:
rad_recv: Access-Request packet from host 203.221.198.59 port 2048,
id=0, length=123
User-Name = soyreloco
NAS-IP-Address = 192.168.134.210
Called
packet from host 203.221.198.59 port 2048,
id=0, length=123
User-Name = soyreloco
NAS-IP-Address = 192.168.134.210
Called-Station-Id = 001d7edc2621
Calling-Station-Id = 001b63085e39
NAS-Identifier = 001d7edc2624
NAS-Port = 63
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-IP-Address = 10.128.255.80
Called-Station-Id = 005d7edc25de
Calling-Station-Id = 005cb37ae2ee
NAS-Identifier = 005d7edc25de
NAS-Port = 55
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020c0167736965727232
1 - 100 of 206 matches
Mail list logo