key from freeRadius to NAS

Arran Cudbard-Bell A.Cudbard-Bell at sussex.ac.uk
Tue May 29 09:42:06 CEST 2007


ashola ashola wrote:
> Hi,
> 
> How can we transmit a key from FreeRadius to the NAS (Access Point) ?
> 
> 
> Ashola
> 
> Get the Yahoo! toolbar and be alerted to new email 
> <http://us.rd.yahoo.com/evt=48225/*http://new.toolbar.yahoo.com/toolbar/features/mail/index.php>wherever 
> you're surfing.
> 
> 
> ------------------------------------------------------------------------
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html

By the magic of ssh / snmp / web interface.

i.e you can't.


Store all your nases in an SQL database and load them into FreeRADIUS 
using Rlm_SQL.

You can populate the secrets using this SQL query (if using MySQL)

UPDATE `nas` SET nas.secret = 
substr(md5(concat(RAND(),nas.nasname)),1,31) WHERE master.secret = ""

See here for default schema
http://wiki.freeradius.org/MySQL_DDL_script

Then write a script to pull the secret out of SQL and write it to the 
NAS using SNMP.

||

Write a script to open ssh shell sessions to your APs and write the 
secret to them using ssh.

||

I've got some very basic PHP classes which I wrote and use , though 
you'll need the ssh2 extension compiled in. And you'll have to modify 
some of the SQL queries.

||

If anyone has any scripts in other languages they would like to donate...

||

If you really have nothing better to do you can do them all by hand :)

We have ~ 500 switches and my scripts seem to do them fine, though they 
don't work with ssh v1 only v2 , so I have to do the hundred or so 
HP2524s by hand *ick*.

Damn you HP for not supporting SNMP setting of shared secrets :(
-- 
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900



More information about the Freeradius-Devel mailing list