RE: Freeradius-Users Digest, Vol 25, Issue 9

Hi All,

Please suggest a free Diameter Server for me as M is developing a Translation Agent b/w

Radius and Diameter and I need to sent the RADIUS Packets (decoded in the form of Diameter Packets ) to Diameter Server.




khursheedAhmedQAU
INTEGRATORS(S-05)                                                                                    mailto:khursheedahmedqau@hotmail.com
+92346-5099331                                                                                                                                                  SkA

From: freeradius-users-request@lists.freeradius.org
Reply-To: freeradius-users@lists.freeradius.org
To: freeradius-users@lists.freeradius.org
Subject: Freeradius-Users Digest, Vol 25, Issue 9
Date: Thu, 03 May 2007 04:10:31 +0200
>Send Freeradius-Users mailing list submissions to
> freeradius-users@lists.freeradius.org
>
>To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.freeradius.org/mailman/listinfo/freeradius-users
>or, via email, send a message with subject or body 'help' to
> freeradius-users-request@lists.freeradius.org
>
>You can reach the person managing the list at
> freeradius-users-owner@lists.freeradius.org
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of Freeradius-Users digest..."
>
>
>Today's Topics:
>
> 1. Re: FreeRadius+AD integration (A.L.M.Buxey@lboro.ac.uk)
> 2. Force Inner=Outer identity (Matt Ashfield)
> 3. RE: FreeRadius+AD integration (Danner, Mearl)
> 4. Re: Default Authentication (Norman Zhang)
> 5. Missing Huntgroups Man Pages (Norman Zhang)
> 6. Re: Problem with mysql authorization (Ian Truelsen)
> 7. Re: Default Authentication (tnt@kalik.co.yu)
> 8. RE: VLAN Queries [SEC=UNCLASSIFIED] (Ranner, Frank MR)
> 9. Re: VLAN Queries [SEC=UNCLASSIFIED] (Jacob Jarick)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Wed, 2 May 2007 15:18:21 +0100
>From: A.L.M.Buxey@lboro.ac.uk
>Subject: Re: FreeRadius+AD integration
>To: FreeRadius users mailing list
> <freeradius-users@lists.freeradius.org>
>Message-ID: <20070502141821.GB3861@lboro.ac.uk>
>Content-Type: text/plain; charset=us-ascii
>
>Hi,
> > It must be you. so your are the right person to tell me what is
> > causing ntlm_auth to send OK.
>
>huh?
>
>ntlm_auth is part of the SAMBA package. just do a 'man ntlm_auth'
>or somesuch. check freeradius source code. there is no ntlm_auth.
>
>
>if your SAMBA is configured in a different way, then it will be using
>another authenticaion file - check your /etc/smb.conf or whatever it
>is on your system! your SAMBA might be using PAM to authenticate
>and the user is a valid user!
>
>alan
>
>
>------------------------------
>
>Message: 2
>Date: Wed, 2 May 2007 11:29:23 -0300
>From: "Matt Ashfield" <mda@unb.ca>
>Subject: Force Inner=Outer identity
>To: "'FreeRadius users mailing list'"
> <freeradius-users@lists.freeradius.org>
>Message-ID: <003601c78cc6$479d1a80$6eb0ca83@flanders>
>Content-Type: text/plain; charset="us-ascii"
>
>Hi All
>
>Using EAP-TTLS PAP with FR authenticated against LDAP. In looking at our
>monitoring software, it displays the user's outer identity. Problem is, a
>user can specify any userID as it's outer Identity and as long as it's a
>valid outer Identity, that's what shows up in our monitoring software. Makes
>user tracking quite difficult.
>
>Is there any way to force a users's outer identity to equal their inner
>identity?
>
>Thanks
>
>Matt Ashfield
>mda@unb.ca
>
>
>
>
>
>
>------------------------------
>
>Message: 3
>Date: Wed, 2 May 2007 10:46:13 -0500
>From: "Danner, Mearl" <jmdanner@samford.edu>
>Subject: RE: FreeRadius+AD integration
>To: "FreeRadius users mailing list"
> <freeradius-users@lists.freeradius.org>
>Message-ID:
> <821AB4E5068CAB43A2539D4DD81F38E30295AE85@SAMFORDMAIL.ad.samford.edu>
>Content-Type: text/plain; charset="us-ascii"
>
>Why not try this? Worked for us.
>
>http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
>
>
>Note that the first thing configured is the Samba server. It doesn't
>even mention installing the Freeradius server until after the Samba
>configuration is completed.
>
>
>Hi,
> > It must be you. so your are the right person to tell me what is
> > causing ntlm_auth to send OK.
>
>
>
>
>------------------------------
>
>Message: 4
>Date: Wed, 02 May 2007 11:05:22 -0600
>From: Norman Zhang <norman.zhang@gmail.com>
>Subject: Re: Default Authentication
>To: freeradius-users@lists.freeradius.org
>Message-ID: <f1agce$muv$1@sea.gmane.org>
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
>Alan DeKok wrote:
> >> Is there a way to force only group router-ro and router-rw can login?
> >
> > Switch the entries around:
> >
> > DEFAULT Group == router-ro
> > Fall-Through = Yes,
> > cisco-avpair := "shell:priv-lvl=7"
> >
> > DEFAULT Group == router-rw
> > Fall-Through = Yes,
> > cisco-avpair := "shell:priv-lvl=15"
> >
> > DEFAULT Auth-Type = System
> > Service-Type = NAS-Prompt-User
>
>This won't work, as Auth-Type = System will act as the clean-up default.
>All other Unix users will be able to login, except they have privilege =
>1. I read through users(5) few times, not sure if there's a way that I
>can avoid this. Can you give more hints?
>
>Norman
>
>
>
>------------------------------
>
>Message: 5
>Date: Wed, 02 May 2007 11:41:57 -0600
>From: Norman Zhang <norman.zhang@gmail.com>
>Subject: Missing Huntgroups Man Pages
>To: freeradius-users@lists.freeradius.org
>Message-ID: <f1aih1$usp$1@sea.gmane.org>
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
>Is huntgroups(5) removed from FreeRADIUS? I googled but all end up with
>dead links and downloaded 1.1.6 source, can't find it in there either.
>Please help.
>
>Norman
>
>
>
>------------------------------
>
>Message: 6
>Date: Wed, 02 May 2007 12:23:38 -0700
>From: Ian Truelsen <ian.truelsen@gmail.com>
>Subject: Re: Problem with mysql authorization
>To: FreeRadius users mailing list
> <freeradius-users@lists.freeradius.org>
>Message-ID: <1178133818.5773.0.camel@mercury>
>Content-Type: text/plain
>
>On Tue, 2007-05-01 at 21:56 +0100, tnt@kalik.co.yu wrote:
> > Check that it's not picking up the Auth-Type System from the users file.
> > Comment it out there and it should work.
> >
>That was the problem. Thanks.
>--
>Ian Truelsen
>s/v Sting
>Email: ian.truelsen@gmail.com
>AIM: ihtruelsen
>MSN: ihtruelsen@hotmail.com
>Google Talk: ian.truelsen@gmail.com
>
>
>
>------------------------------
>
>Message: 7
>Date: Wed, 02 May 2007 20:51:28 +0100
>From: <tnt@kalik.co.yu>
>Subject: Re: Default Authentication
>To: "FreeRadius users mailing list"
> <freeradius-users@lists.freeradius.org>
>Message-ID: <bpHGIrZk.1178135488.6017250.tnt@kalik.co.yu>
>Content-Type: text/plain; charset=ISO-8859-2
>
>Add a huntgroup:
>
>onlythem NAS-IP-Address == a.b.c.d, Service-Type == admin or prompt
> Group = router-ro,
> Group = router-rw
>
>Ivan Kalik
>Kalik Informatika ISP
>
>
>Dana 2/5/2007, "Norman Zhang" <norman.zhang@gmail.com> pi?e:
>
> >Alan DeKok wrote:
> >>> Is there a way to force only group router-ro and router-rw can login?
> >>
> >> Switch the entries around:
> >>
> >> DEFAULT Group == router-ro
> >> Fall-Through = Yes,
> >> cisco-avpair := "shell:priv-lvl=7"
> >>
> >> DEFAULT Group == router-rw
> >> Fall-Through = Yes,
> >> cisco-avpair := "shell:priv-lvl=15"
> >>
> >> DEFAULT Auth-Type = System
> >> Service-Type = NAS-Prompt-User
> >
> >This won't work, as Auth-Type = System will act as the clean-up default.
> >All other Unix users will be able to login, except they have privilege =
> >1. I read through users(5) few times, not sure if there's a way that I
> >can avoid this. Can you give more hints?
> >
> >Norman
> >
> >-
> >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
> >
>
>
>
>------------------------------
>
>Message: 8
>Date: Thu, 3 May 2007 11:24:23 +1000
>From: "Ranner, Frank MR" <Frank.Ranner@defence.gov.au>
>Subject: RE: VLAN Queries [SEC=UNCLASSIFIED]
>To: "FreeRadius users mailing list"
> <freeradius-users@lists.freeradius.org>
>Message-ID:
> <3497E314EE23D54EACE26B5CFFD896980A6141@drnrxm01.drn.mil.au>
>Content-Type: text/plain; charset="US-ASCII"
>
> > -----Original Message-----
> > From:
> > freeradius-users-bounces+frank.ranner=defence.gov.au@lists.fre
>eradius.org [mailto:freeradius-users->
>bounces+frank.ranner=defence.gov.au@lists.freeradius.org] On
> > Behalf Of Jacob Jarick
> > Sent: Wednesday, 2 May 2007 18:28
> > To: FreeRadius users mailing list
> > Subject: VLAN Queries
> >
> > Salutations all,
> >
> > I will be attempting VLAN assignment tomorrow via FR + ADS +
> > cisco wap.
> >
> > 1st Question: Is it possible to assign VLAN based solely on
> > what ldap server authorized it. (The sites we are looking @
> > have 1 domain server for staff and 1 for students).
> >
> > 2: Ive been looking @ Mat Ashfields email query regarding
> > vlans, it looks nice and straight forward to me, my only
> > query: Is the ldap group automatically fetched or is some
> > extra configuration needed under the ldap modules or ldap.attrbmap.
> >
> > Mats Example:
> >
> > DEFAULT Huntgroup-Name == mySWITCH1, Ldap-Group == staff
> > User-Name=`%{User-Name}`,
> > Tunnel-Private-Group-Id=176,
> > Tunnel-Type=VLAN,
> > Fall-Through = no
> >
> > DEFAULT Huntgroup-Name == mySWITCH1, Ldap-Group == student
> > User-Name=`%{User-Name}`,
> > Tunnel-Private-Group-Id=177,
> > Tunnel-Type=VLAN,
> > Fall-Through = no
> >
>
>An ldap group query is triggered by the presence of the Ldap-Group
>attribute in the users file. The query uses the groupmembership_filter
>to locate the entry relevent to the user and matches the groupname in
>the
>groupmembership_attribute. For active directory, you probably want the
>memberOf attribute in the person record.
>
>Something like (radiusd.conf):
>groupmembership_filter =
>"(samaccountname=%{Stripped-User-Name:-%{User-Name}})"
>groupname_attribute = memberOf
>
>
>Regards
>Frank Ranner
>
>
>
>------------------------------
>
>Message: 9
>Date: Thu, 3 May 2007 10:10:23 +0800
>From: "Jacob Jarick" <mem.namefix@gmail.com>
>Subject: Re: VLAN Queries [SEC=UNCLASSIFIED]
>To: "FreeRadius users mailing list"
> <freeradius-users@lists.freeradius.org>
>Message-ID:
> <d8677f420705021910u5eeddbbdg8ee01f87dd800a1d@mail.gmail.com>
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
>Thanks Frank your a wealth of info. I will test it out once Ive
>finished the cgi frontend for freeradius Ive been askes to code.
>
>On 5/3/07, Ranner, Frank MR <Frank.Ranner@defence.gov.au> wrote:
> > > -----Original Message-----
> > > From:
> > > freeradius-users-bounces+frank.ranner=defence.gov.au@lists.fre
> > eradius.org [mailto:freeradius-users->
> > bounces+frank.ranner=defence.gov.au@lists.freeradius.org] On
> > > Behalf Of Jacob Jarick
> > > Sent: Wednesday, 2 May 2007 18:28
> > > To: FreeRadius users mailing list
> > > Subject: VLAN Queries
> > >
> > > Salutations all,
> > >
> > > I will be attempting VLAN assignment tomorrow via FR + ADS +
> > > cisco wap.
> > >
> > > 1st Question: Is it possible to assign VLAN based solely on
> > > what ldap server authorized it. (The sites we are looking @
> > > have 1 domain server for staff and 1 for students).
> > >
> > > 2: Ive been looking @ Mat Ashfields email query regarding
> > > vlans, it looks nice and straight forward to me, my only
> > > query: Is the ldap group automatically fetched or is some
> > > extra configuration needed under the ldap modules or ldap.attrbmap.
> > >
> > > Mats Example:
> > >
> > > DEFAULT Huntgroup-Name == mySWITCH1, Ldap-Group == staff
> > > User-Name=`%{User-Name}`,
> > > Tunnel-Private-Group-Id=176,
> > > Tunnel-Type=VLAN,
> > > Fall-Through = no
> > >
> > > DEFAULT Huntgroup-Name == mySWITCH1, Ldap-Group == student
> > > User-Name=`%{User-Name}`,
> > > Tunnel-Private-Group-Id=177,
> > > Tunnel-Type=VLAN,
> > > Fall-Through = no
> > >
> >
> > An ldap group query is triggered by the presence of the Ldap-Group
> > attribute in the users file. The query uses the groupmembership_filter
> > to locate the entry relevent to the user and matches the groupname in
> > the
> > groupmembership_attribute. For active directory, you probably want the
> > memberOf attribute in the person record.
> >
> > Something like (radiusd.conf):
> > groupmembership_filter =
> > "(samaccountname=%{Stripped-User-Name:-%{User-Name}})"
> > groupname_attribute = memberOf
> >
> >
> > Regards
> > Frank Ranner
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
>
>
>------------------------------
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>End of Freeradius-Users Digest, Vol 25, Issue 9
>***********************************************

FREE pop-up blocking with the new MSN Toolbar MSN Toolbar Get it now!
This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.