Multiple NAS configuration

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Wed Sep 21 09:07:04 CEST 2011


That error message has nothing to do with the NAS-IP-Address config (clients.conf looks fine) , ensure that the test you send uses a method that your RADIUS server can deal with. What/how are you doing the testing and you'd help enormously by providing 'radius -X' output. This sort of thing works out of the box so I'm concerned that you're butchered the config

alan

--
Message may be brief as it has been sent from my mobile

----- Reply message -----
From: "Dagia Dorjsuren" <dagmid_d at yahoo.com>
Date: Wed, Sep 21, 2011 03:08
Subject: Multiple NAS configuration
To: "Fred" <fred.maison at gmail.com>, "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>

Hi,

   I try to figure out how to make following configuration:
1. Three clients. (Three access points. NAS1, NAS2 and NAS3)
2. There is one, central freeradius server holding all acounts, for three locations.

Now, what I try to do is to create accounts that are location dependant... so account created for NAS1 and NAS2, can't be used on NAS3.

For example :
NAS1 ip address : 192.168.1.10
NAS2 ip address : 192.168.1.20
NAS3 ip address : 192.168.1.30
=============================
In clients.conf
client 192.168.1.10 {
       secret = testap1
       shortname = nas1
       nastype = other
}
client 192.168.1.20 {
       secret = testap2
       shortname = nas2
       nastype = other
}
client 192.168.1.30 {
       secret = testap3
       shortname = nas3
       nastype = other
}
=============================

I have configured it for one user "test" in radcheck table as below.

+-----+-------------------+--------------------+----+----------------------------+
| id  | username          | attribute          | op | value                      |
+-----+-------------------+--------------------+----+----------------------------+
|  1  | test            | NAS-IP-Address     | == | 192.168.1.10             |
|  2  | test            | NAS-IP-Address     | == | 192.168.1.20             |
|  3  | test            | NAS-IP-Address     | !=  | 192.168.1.30             |
+-----+-------------------+--------------------+----+----------------------------+


But, it is not working.

The following was in radius.log file.
Wed Sep 21 09:34:19 2011 : Auth: Login incorrect (rlm_chap: Clear text password not available): [test/<CHAP-Password>] (from client nas1 port 4 cli 00-26-5E-EF-56-CC)



Have you any idea?

________________________________
From: Fred <fred.maison at gmail.com>
To: Dagia Dorjsuren <dagmid_d at yahoo.com>; FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Sent: Wednesday, September 21, 2011 4:41 AM
Subject: Re: Multiple NAS configuration

htt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110921/f3e396ca/attachment.html>


More information about the Freeradius-Users mailing list