NAS IP Address
2394263740
2394263740 at qq.com
Tue Sep 13 13:28:52 CEST 2011
Arran,
Yes. You're right. It works. Great!
Thanks!
Tom
------------------ Original ------------------
From: "a.cudbardb"<a.cudbardb at freeradius.org>;
Date: Tue, Sep 13, 2011 03:56 PM
To: "2394263740"<2394263740 at qq.com>;
Subject: Re: NAS IP Address
Ah you want the attribute Packet-Src-IP-Address
-Arran
On 13 Sep 2011, at 03:55, 2394263740 wrote:
Arran,
Looks like the email didn't go through sometime.
Please see below email for my question.
Thanks!
Tom
------------------ Original ------------------
From: "2394263740"<2394263740 at qq.com>;
Date: Tue, Sep 13, 2011 09:28 AM
To: "freeradius-users"<freeradius-users at lists.freeradius.org>;
Subject: Re:NAS IP Address
Arran,
Thanks for your help and reply.
%{NAS-IP-Address} doesn't work for this case.
The connection like below.
Mobile --- WiFi Router --- Internet Gateway (NAT) ---Internet --- FreeRadius Server.
The %{NAS-IP-Address} will be the LAN interfact IP, such as 192.168.1.1. This is not I need.
I need the IP address, with such IP address, FreeRadius Server is communicating. This means, when FreeRadius receive the access request, the request IP packet was sourced from the Internet Gateway IP address, and this is the IP address I need. Inside the access request, there is %{NAS-IP-Address}, it's the LAN IP address of the WIFI router, %{NAS-IP-Address} is not the information I need in such case.
Thanks!
Tom
------------------ Original ------------------
From: "freeradius-users"<freeradius-users-request at lists.freeradius.org>;
Date: Mon, Sep 12, 2011 10:44 PM
To: "freeradius-users"<freeradius-users at lists.freeradius.org>;
Subject: Freeradius-Users Digest, Vol 77, Issue 42
Send Freeradius-Users mailing list submissions to
freeradius-users at lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
freeradius-users-request at lists.freeradius.org
You can reach the person managing the list at
freeradius-users-owner at lists.freeradius.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. NAS IP Address ( 2394263740 )
2. Re: NAS IP Address (Arran Cudbard-Bell)
3. Best Practices - maximum NAS entries in clients.conf
(Sallee, Stephen (Jake))
4. Re: Best Practices - maximum NAS entries in clients.conf
(Alan DeKok)
5. Re: Best Practices - maximum NAS entries in clients.conf
(Arran Cudbard-Bell)
6. Re: Best Practices - maximum NAS entries in clients.conf
(Arran Cudbard-Bell)
7. Re: Best Practices - maximum NAS entries in clients.conf
(Bruce Nunn)
8. Unable to Authenticate with SHA Password (Rajkumar balaji)
----------------------------------------------------------------------
Message: 1
Date: Mon, 12 Sep 2011 19:58:18 +0800
From: " 2394263740 " <2394263740 at qq.com>
Subject: NAS IP Address
To: " freeradius-users " <freeradius-users at lists.freeradius.org>
Message-ID: <tencent_5E7B240C4B421E587B96F796 at qq.com>
Content-Type: text/plain; charset="iso-8859-1"
Hello,
I'm using free radius server 2.1.11 on Linux Enterprise Server 6.1.
OS: Linux Enterprise Server 6.1
Radius: free radius server 2.1.11
Database: Mysql
The WIFI routers we're using are in diffirent private networks, behind the internet gateways. The WIFI router has private IP address, such as 192.168.1.1.
For some reason, we need know which Internet IP address, the WIFI router is using to do the authention with the FreeRadius server. The FreeRadius server is on internet.
As the business needs, we need save the IP addres(Internet gateway IP address) to MySql database.
Can anyone advise how to do so?
Thanks!
Tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110912/9e460040/attachment.html>
------------------------------
Message: 2
Date: Mon, 12 Sep 2011 14:10:48 +0200
From: Arran Cudbard-Bell <a.cudbardb at freeradius.org>
Subject: Re: NAS IP Address
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <8B265A64-D969-4949-A8C8-A0BD016C62E8 at freeradius.org>
Content-Type: text/plain; charset="iso-8859-1"
On 12 Sep 2011, at 13:58, 2394263740 wrote:
> Hello,
> I'm using free radius server 2.1.11 on Linux Enterprise Server 6.1.
> OS: Linux Enterprise Server 6.1
> Radius: free radius server 2.1.11
> Database: Mysql
>
> The WIFI routers we're using are in diffirent private networks, behind the internet gateways. The WIFI router has private IP address, such as 192.168.1.1.
>
> For some reason, we need know which Internet IP address, the WIFI router is using to do the authention with the FreeRadius server. The FreeRadius server is on internet.
>
> As the business needs, we need save the IP addres(Internet gateway IP address) to MySql database.
edit the queries in
raddb/sql/mysql/dialup.conf
and add the additional columns to the SQL database.
The original IP address of the NAS may be sent in the NAS-IP-Address attribute, in which case use the expansion %{NAS-IP-Address} for the value of the new column.
Arran Cudbard-Bell
a.cudbardb at freeradius.org
RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110912/0e06bff5/attachment.html>
------------------------------
Message: 3
Date: Mon, 12 Sep 2011 14:04:53 +0000
From: "Sallee, Stephen (Jake)" <Jake.Sallee at umhb.edu>
Subject: Best Practices - maximum NAS entries in clients.conf
To: freeradius-users <freeradius-users at lists.freeradius.org>
Message-ID: <3A9815D880FBAF41A523B3A35AF3C3DF170E6FD1 at AVATAR.umhb.edu>
Content-Type: text/plain; charset="iso-8859-1"
@ everyone
We have about 100 NAS entries in our clients.conf file, it makes the file a bear to deal with but the server seems to handle it fine. We will be expanding our infrastructure soon and the number of NAS entries will increase significantly. At what point should we think about putting them into a database for FR to use?
Also, I have seen some chatter on the list about dynamic NASs. Am I correct in assuming that if we are using a DB instead of the clients.conf file we can add or remove clients simply by making changes to the correct table, all without having to restart FR?
Jake Sallee
Godfather of Bandwidth
Network Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
------------------------------
Message: 4
Date: Mon, 12 Sep 2011 16:17:40 +0200
From: Alan DeKok <aland at deployingradius.com>
Subject: Re: Best Practices - maximum NAS entries in clients.conf
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <4E6E1484.70200 at deployingradius.com>
Content-Type: text/plain; charset=ISO-8859-1
Sallee, Stephen (Jake) wrote:
> We have about 100 NAS entries in our clients.conf file, it makes the file a bear to deal with but the server seems to handle it fine. We will be expanding our infrastructure soon and the number of NAS entries will increase significantly. At what point should we think about putting them into a database for FR to use?
Whenever you get tired of managing them in clients.conf.
The server has been tested with 500K clients in clients.conf. It
takes a few seconds to start, and a gig or so of RAM, but it works.
> Also, I have seen some chatter on the list about dynamic NASs. Am I correct in assuming that if we are using a DB instead of the clients.conf file we can add or remove clients simply by making changes to the correct table, all without having to restart FR?
Yes.
You can also do this with files. See raddb/dynamic_clients in
2.1.12. (When it comes out)
Alan DeKok.
------------------------------
Message: 5
Date: Mon, 12 Sep 2011 16:21:45 +0200
From: Arran Cudbard-Bell <a.cudbardb at freeradius.org>
Subject: Re: Best Practices - maximum NAS entries in clients.conf
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <D41AD9A3-B5A6-4690-B053-58361E3D7D71 at freeradius.org>
Content-Type: text/plain; charset=us-ascii
On 12 Sep 2011, at 16:04, Sallee, Stephen (Jake) wrote:
> @ everyone
>
> We have about 100 NAS entries in our clients.conf file, it makes the file a bear to deal with but the server seems to handle it fine. We will be expanding our infrastructure soon and the number of NAS entries will increase significantly. At what point should we think about putting them into a database for FR to use?
When it becomes a bear to deal with the clients.conf file :) - I guess memory might be a concern? But i'm sure there are sites out there with client.conf files holding thousands of entries... It's a hash table in C, it's going to be fast.
>
> Also, I have seen some chatter on the list about dynamic NASs. Am I correct in assuming that if we are using a DB instead of the clients.conf file we can add or remove clients simply by making changes to the correct table, all without having to restart FR?
Indeed. You can also set them to expire as well, to clean up old unused entries.
-Arran
Arran Cudbard-Bell
a.cudbardb at freeradius.org
RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time.
------------------------------
Message: 6
Date: Mon, 12 Sep 2011 16:25:14 +0200
From: Arran Cudbard-Bell <a.cudbardb at freeradius.org>
Subject: Re: Best Practices - maximum NAS entries in clients.conf
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <CA2EA7A1-A06B-428C-9259-DEE20CFAC278 at freeradius.org>
Content-Type: text/plain; charset=us-ascii
> Fone: 254-295-4658
> Phax: 254-295-4221
Nice :)
Arran Cudbard-Bell
a.cudbardb at freeradius.org
RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time.
------------------------------
Message: 7
Date: Mon, 12 Sep 2011 07:41:16 -0700 (PDT)
From: Bruce Nunn <ironrake at yahoo.com>
Subject: Re: Best Practices - maximum NAS entries in clients.conf
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID:
<1315838476.43108.YahooMailNeo at web110413.mail.gq1.yahoo.com>
Content-Type: text/plain; charset=iso-8859-1
If the network your APs are on is physically secure, and you don't need accounting for individual APs, you can use netmasks to define clients in the clients.conf file.
----- Original Message -----
From: "Sallee, Stephen (Jake)" <Jake.Sallee at umhb.edu>
To: freeradius-users <freeradius-users at lists.freeradius.org>
Cc:
Sent: Monday, September 12, 2011 9:04 AM
Subject: Best Practices - maximum NAS entries in clients.conf
@ everyone
We have about 100 NAS entries in our clients.conf file, it makes the file a bear to deal with but the server seems to handle it fine.? We will be expanding our infrastructure soon and the number of NAS entries will increase significantly.? At what point should we think about putting them into a database for FR to use?
Also, I have seen some chatter on the list about dynamic NASs.? Am I correct in assuming that if we are using a DB instead of the clients.conf file we can add or remove clients simply by making changes to the correct table, all without having to restart FR?
------------------------------
Message: 8
Date: Mon, 12 Sep 2011 07:44:25 -0700 (PDT)
From: Rajkumar balaji <rajkumar.balaji.s at gmail.com>
Subject: Unable to Authenticate with SHA Password
To: freeradius-users at lists.freeradius.org
Message-ID: <1315838665841-4794449.post at n5.nabble.com>
Content-Type: text/plain; charset=us-ascii
Hi All,
I am unable to authenticate the When I send SHA password to the FreeRADIUS.
I have configured SHA-Password := "admin123" in the users file.
My Password is admin123 and after SHA messagedigest its
-50-2710713-59-76-1105593-48-89-126-957495-4-108-29-81-48
RADIUS is getting the request but its rejecting it.
Please find the following radius logs,
rad_recv: Access-Request packet from host 172.17.148.152 port 50459, id=0,
length=111
User-Name = "emsadmin"
User-Password =
"-50-2710713-59-76-1105593-48-89-126-957495-4-108-29-81-48"
NAS-Identifier = "sunems8-zone2"
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "emsadmin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry emsadmin at line 204
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password
"-50-2710713-59-76-1105593-48-89-126-957495-4-108-29-81-48"
[pap] Using SHA1 encryption.
[pap] Configured SHA1 password has incorrect length
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> emsadmin
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 0 to 172.17.148.152 port 50459
Waking up in 4.9 seconds.
Cleaning up request 1 ID 0 with timestamp +6002
Ready to process requests.
--
View this message in context: http://freeradius.1045715.n5.nabble.com/Unable-to-Authenticate-with-SHA-Password-tp4794449p4794449.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest, Vol 77, Issue 42
************************************************
Arran Cudbard-Bell
a.cudbardb at freeradius.org
RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110913/7e5443f9/attachment.html>
More information about the Freeradius-Users
mailing list