Arran,
Yes. You're right. It works. Great!
Thanks!
Tom
-- Original --
From: "a.cudbardb";
Date: Tue, Sep 13, 2011 03:56 PM
To: "2394263740"<2394263...@qq.com>;
Subject: Re: NAS IP Address
Ah you w
On 12 Sep 2011, at 13:58, 2394263740 wrote:
> Hello,
> I'm using free radius server 2.1.11 on Linux Enterprise Server 6.1.
> OS: Linux Enterprise Server 6.1
> Radius: free radius server 2.1.11
> Database: Mysql
>
> The WIFI routers we're using are in diffirent private networks, behind the
> in
Eric Geier wrote:
> I found %{Packet-Src-IP-Address} but when I include this in the
> postauth_query, it doesn't work...the fields are blank in the DB when I view
> it.
And what does debug log say?
If Packet-Src-IP-Address doesn't work, odds are you're running 1.x.
Upgrade.
Alan DeKok.
-
L
geier@lists.freeradius.org
[mailto:freeradius-users-bounces+me=egeier@lists.freeradius.org] On
Behalf Of Eric Geier
Sent: Tuesday, August 16, 2011 3:49 PM
To: 'FreeRadius users mailing list'
Subject: RE: NAS-IP-Address or NAS-Identifier in Access-Request?
Understood, thanks!
Can I lo
, August 16, 2011 10:38 AM
To: FreeRadius users mailing list
Subject: Re: NAS-IP-Address or NAS-Identifier in Access-Request?
Eric Geier wrote:
> Yes I read that in the RFC, but was wondering what vendors usually do,
> what's the most typical, etc. I'm also wondering the same abou
Eric Geier wrote:
> Yes I read that in the RFC, but was wondering what vendors usually do,
> what's the most typical, etc. I'm also wondering the same about the
> Calling-Station-Id and Called-Station-ID. But sounds like those aren't
> included very often, completely optional.
There's no way to
radius-users-bounces+me=egeier@lists.freeradius.org] On
Behalf Of Alan Buxey
Sent: Tuesday, August 16, 2011 4:32 AM
To: FreeRadius users mailing list
Subject: Re: NAS-IP-Address or NAS-Identifier in Access-Request?
Hi,
> Does anyone happen to know if consumer-level Wi-Fi routers typically
>
Hi,
> Does anyone happen to know if consumer-level Wi-Fi routers typically
> transmit the NAS-IP-Address or NAS-Identifier (or maybe both) in the
> Access-Request?
RFC's say
An Access-Request MUST contain either a NAS-IP-Address attribute or a
NAS-Identifier
attribute (or both).
so, you will ge
On Mon, Jun 22, 2009 at 23:08, Ivan Kalik wrote:
> > I installed freeradius 2 but my problem is still there.
> > To remember it :
> >
> > I configured Freeradius to look in openldap directory to authenticate and
> > authorize an user.
> > The authentication phase is OK
> > During the authorize ph
Hi,
I installed freeradius 2 but my problem is still there.
To remember it :
I configured Freeradius to look in openldap directory to authenticate and
authorize an user.
The authentication phase is OK
During the authorize phase, a ldap search is done : if the user is member of
a group identified
thanks for the quick answer :)
Indeed, the version installed is not the last one but the "no longer
maintained one"
I just did yum install freeradius.
I will fix this right now
Thanks again
--
KeV
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> I have a big problem in freeradius installed in version 1.1.4 on RHEL 5,
> and
> today it's the third day i'm looking for a solution :(
Upgrade. This was likely fixed ages ago.
http://wiki.freeradius.org/Red_Hat_FAQ
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http:
Dmitry V. Krivenok wrote:
> It looks cool.
> Where can I use this code?
> In authorize section?
Anywhere.
> request->client->ipaddr seems to be what I need.
It may *not* be the same as request->packet->src_ipaddr. The client
IP address may be a netmask, and not a /32.
> I tested via the fo
Alan DeKok wrote:
Dmitry V. Krivenok wrote:
I deal with bad "hand-made" NAS, which doesn't include "Nas-Ip-Address"
attribute into the packet.
So I can't distinguish packets from different NAS'es.
Look at Packet-Src-IP-Address. It is a "virtual" attribute that you
can use in dynamic
Dmitry V. Krivenok wrote:
> I deal with bad "hand-made" NAS, which doesn't include "Nas-Ip-Address"
> attribute into the packet.
> So I can't distinguish packets from different NAS'es.
Look at Packet-Src-IP-Address. It is a "virtual" attribute that you
can use in dynamic expansions.
> Is there
>I deal with bad "hand-made" NAS, which doesn't include "Nas-Ip-Address"
>attribute into the packet.
>So I can't distinguish packets from different NAS'es.
>
>Is there a way to add this attribute (with value of source address of
>UDP datagram) using standard FreeRadius facilities?
Packet-Src-IP-Ad
Sewell, Adam W wrote:
> Thanks for the help guys, but I don't think that's going to work
> for me. I was doing some testing today and it doesn't seem like
> I can add a filter-id to the access-accept packet from the
> post-auth function.
Uh... no. You can add almost anything to the Access-Accep
something here?
- Original Message -
From: [EMAIL PROTECTED]
Sent: Fri, 8/22/2008 3:10am
To: FreeRadius users mailing list
Subject: Re: NAS-IP-Address, rlm_perl, and loopback
Hi,
> Which explains what's going on. PEAP is really two things: an outer
> TLS session, and inner EAP-MSCHAPv2
Hi,
> Which explains what's going on. PEAP is really two things: an outer
> TLS session, and inner EAP-MSCHAPv2 authentication. So there are *two*
> streams of RADIUS packets. One that sets up the tunnel, and one that
> does the authentication inside of the tunnel.
yep - so if you only want
Adam W. Sewell wrote:
> I am using PEAP/MsChapv2.
Exactly. There are multiple packet exchanges as part of one PEAP
authentication.
> I am using a perl script to authorize the user access to the network based on
> some information that is pulled out of a database via our perl script. This
> p
> > This also leads into the second issue I'm having that when
> > the perl script does run, it doesn't always pass the same
> > data in the NAS-IP-Address variable. Half the time it is the
> > correct information and half the time it is 127.0.0.1.
>
> Go read the debug output. The NAS-IP-Addr
Adam W. Sewell wrote:
> I'm having a couple of issues particularly pertaining
> to the NAS-IP-Address variable that is passed from the
> switch. When a client sends the auth-request, we find
> that the authorize function of our perl script is being
> executed multiple times for the same request.
Thanks Ivan that I did'n know :) also, I had disabled accounting, now,
I enabled that and detailed auth log
Now I get something as follow in radacct/10.128.255.80/auth-detail-20080423 :
Wed Apr 23 14:16:22 2008
Packet-Type = Access-Request
User-Name = "quelocoquesoyche"
N
That will be logged in your accounting log.
Ivan Kalik
Kalik Informatika ISP
Dana 23/4/2008, "Sergio Belkin" <[EMAIL PROTECTED]> piše:
>Thanks Ivan,
>
>I know that :) But I want get IP from NAS's that are behind a
>NAT-proxy-firewall server, I want the NAS IP and not the
>NAT-proxy-firewall serv
Thanks Ivan,
I know that :) But I want get IP from NAS's that are behind a
NAT-proxy-firewall server, I want the NAS IP and not the
NAT-proxy-firewall server IP.
In fact my clients.conf has something as follows:
client 10.128.255.86 {
require_message_authenticator = no
secret = "pepepotam
>From clients.conf:
# The short name is used as an alias for the fully qualified
# domain name, or the IP address.
#
shortname = localhost
shortname is printed in the log. Put NAS IP there if you want it in
radius.log.
Ivan Kalik
Kalik Informatika ISP
Da
On Dec 27, 2007 3:28 PM, Jeff Crowe <[EMAIL PROTECTED]> wrote:
Hi all,
I am trying to deny a user from logging in through a couple of nas I have on
my network. I am using freeradius 1.1.3 with mysql.
In my table radgroupcheck, I have added
Groupname Attribute Op Value
Dial-UpNA
On Dec 27, 2007 3:28 PM, Jeff Crowe <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> I am trying to deny a user from logging in through a couple of nas I have
> on
> my network. I am using freeradius 1.1.3 with mysql.
>
> In my table radgroupcheck, I have added
>
> Groupname Attribute Op Value
> D
On Fri 05 Oct 2007, Walter Gould wrote:
> [EMAIL PROTECTED] wrote:
> > You are aware that this is not Cisco technical support?
>
> Yes - I am...smirk.
>
> > radius server attribute 4 a.b.c.d
> >
> > Ivan Kalik
> > Kalik Informatika ISP
>
> That didn't seem to work. For others that may run into th
Walter Gould wrote:
Please excuse me if this has already been covered in the docs or the FAQ
(I looked - but nothing jumped out at me). In accounting packets coming
from Cisco Catalyst 6513 switches, the NAS-IP-Address = 0.0.0.0. Does
anybody know why and if this can be changed? I have tried
[EMAIL PROTECTED] wrote:
You are aware that this is not Cisco technical support?
Yes - I am...smirk.
radius server attribute 4 a.b.c.d
Ivan Kalik
Kalik Informatika ISP
That didn't seem to work. For others that may run into this problem,
this did:
ip radius source-interface Vlan 1
You are aware that this is not Cisco technical support?
radius server attribute 4 a.b.c.d
Ivan Kalik
Kalik Informatika ISP
Dana 5/10/2007, "Walter Gould" <[EMAIL PROTECTED]> piše:
>Please excuse me if this has already been covered in the docs or the FAQ
>(I looked - but nothing jumped out at m
On Fri, 2007-10-05 at 11:53 -0500, Walter Gould wrote:
> Please excuse me if this has already been covered in the docs or the FAQ
> (I looked - but nothing jumped out at me). In accounting packets coming
> from Cisco Catalyst 6513 switches, the NAS-IP-Address = 0.0.0.0. Does
> anybody know why
Rascher, Markus wrote:
> Hi All,
>
> I have a problem with the radius-Attribute NAS-IP-ADDRESS.
> I use freeradius with pam_radius and a mysql-DB
>
> If i want to ssh-login on the machine, freeradius runs, the nas-ip is
> 127.0.0.1.
> It's correct, but the database does not know 127.0.0.1. It kno
Erico Augusto wrote:
> Hi,
>
> i) during Authentication phase, NAS-IP-Address attribute is filled with
> correct IP.
> During Post-Auth, NAS-IP-Address is filled with loopback 127.0.0.1
> Address ...
If that happens, it's because some configuration you added changes it.
The server doesn't ch
Hi,
Are you using Chillispot or something like that?
Fabián
From: Erico Augusto <[EMAIL PROTECTED]>
Reply-To: FreeRadius users mailing list
To: freeradius-users@lists.freeradius.org
Subject: NAS-IP-Address
Date: Tue, 27 Mar 2007 11:14:19 -0700 (PDT)
Hi,
i) during Authentication phase
On Thu 15 Feb 2007 08:09, Dan Mahoney, System Admin wrote:
> On Thu, 15 Feb 2007, VeNoMouS wrote:
> > Hi guys After doing some tests, I just discovered that I cant have more
> > then one NAS-IP-Address in radgroupcheck (it seems to ignore the others)
> > does anyone know of a work around as i dont
On Thu, 15 Feb 2007, VeNoMouS wrote:
> Hi guys After doing some tests, I just discovered that I cant have more then
> one NAS-IP-Address in radgroupcheck (it seems to ignore the others) does
> anyone know of a work around as i dont want to use the huntgroup file (makes
> it kinda anonying since im
"Min Qiu" <[EMAIL PROTECTED]> writes:
> I would like to restrict user login by NAS-IP-address or
> fqdn if possible. Therefore I can restrict user to login
> a group of devices.
>
> user1 Auth-Type := Local, User-Password == "sceret",
>NAS-IP-address =="10.1.2.0/24"
Using a regexp is
"Moktar KONE" <[EMAIL PROTECTED]> wrote:
> I have a lucent portmaster and I which internal IP is NATed with a
> public address but the NAS-IP-address field in radius accounting packet
> contents the internal IP and not the NATed public IP address.
> How could I change this?
attr_rewrite, probab
Nicolas Justin <[EMAIL PROTECTED]> wrote:
> Does NAS-IP-Address (in huntgroups) could be equals to the shortname
> defined in the clients.conf ?
No.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Saturday 05 June 2004 17:27, Alan DeKok wrote:
> jesk <[EMAIL PROTECTED]> wrote:
> > > can somebody help me, why this dont works?
>
> Have you tried reading the FAQ?
>
> > i have to correct me, the check item "NAS-IP-Address" works never :(
>
> I don't believe you. The problem lies elsewher
jesk <[EMAIL PROTECTED]> wrote:
> > can somebody help me, why this dont works?
Have you tried reading the FAQ?
> i have to correct me, the check item "NAS-IP-Address" works never :(
I don't believe you. The problem lies elsewhere.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
On Saturday 05 June 2004 15:02, jesk wrote:
> hello,
>
> i got some problem with NAS-IP-Address. when im using the "==" operator in
> checking the nas then everything works fine, but when im using the oposite
> "!=" then the following default entry is evertime accepted though the
> request cames fr
Ruslan A Dautkhanov <[EMAIL PROTECTED]> wrote:
> Some my NASes can send defferent NAS-IP-Address attribute (any of
> his NIC's IP-addresses). It's why I can't build simple acls (auth logic etc)
> based on this attribute - much easier using Client-IP-Address...
>
> Is exists any method in FreeRADIU
45 matches
Mail list logo