<html><div style='background-color:'><P>Hi All,</P>
<P>Please suggest a free Diameter Server for me as M is developing a Translation Agent b/w </P>
<P>Radius and Diameter and I need to sent the RADIUS Packets (decoded in the form of Diameter Packets ) to Diameter Server.<BR><BR></P><BR><BR><BR>
<DIV>
<P><EM><FONT color=#3333cc><IMG height=2 src="http://graphics.hotmail.com/greypixel.gif" width="100%" vspace=9></FONT></EM><EM><FONT face="Times New Roman, Times, Serif" color=#3333cc>khursheedAhmedQAU <BR>INTEGRATORS(S-05) </FONT></EM><EM><FONT color=#3333cc><A href="mailto:khursheedahmedqau@hotmail.com"><FONT face="Times New Roman, Times,
Serif">mailto:khursheedahmedqau@hotmail.com</FONT></A><BR><FONT face="Times New Roman, Times,
Serif">+92346-5099331
SkA</FONT></FONT></EM><IMG height=2 src="http://graphics.hotmail.com/greypixel.gif" width="100%" vspace=9></P></DIV>
<BLOCKQUOTE style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #a0c6e5 2px solid; MARGIN-RIGHT: 0px"><FONT style="FONT-SIZE: 11px; FONT-FAMILY: tahoma,sans-serif">
<HR color=#a0c6e5 SIZE=1>
From: <I>freeradius-users-request@lists.freeradius.org</I><BR>Reply-To: <I>freeradius-users@lists.freeradius.org</I><BR>To: <I>freeradius-users@lists.freeradius.org</I><BR>Subject: <I>Freeradius-Users Digest, Vol 25, Issue 9</I><BR>Date: <I>Thu, 03 May 2007 04:10:31 +0200</I><BR>>Send Freeradius-Users mailing list submissions to<BR>> freeradius-users@lists.freeradius.org<BR>><BR>>To subscribe or unsubscribe via the World Wide Web, visit<BR>> http://lists.freeradius.org/mailman/listinfo/freeradius-users<BR>>or, via email, send a message with subject or body 'help' to<BR>> freeradius-users-request@lists.freeradius.org<BR>><BR>>You can reach the person managing the list at<BR>> freeradius-users-owner@lists.freeradius.org<BR>><BR>>When replying, please edit your Subject line so it is more specific<BR>>than "Re: Contents of Freeradius-Users
digest..."<BR>><BR>><BR>>Today's Topics:<BR>><BR>> 1. Re: FreeRadius+AD integration (A.L.M.Buxey@lboro.ac.uk)<BR>> 2. Force Inner=Outer identity (Matt Ashfield)<BR>> 3. RE: FreeRadius+AD integration (Danner, Mearl)<BR>> 4. Re: Default Authentication (Norman Zhang)<BR>> 5. Missing Huntgroups Man Pages (Norman Zhang)<BR>> 6. Re: Problem with mysql authorization (Ian Truelsen)<BR>> 7. Re: Default Authentication (tnt@kalik.co.yu)<BR>> 8. RE: VLAN Queries [SEC=UNCLASSIFIED] (Ranner, Frank MR)<BR>> 9. Re: VLAN Queries [SEC=UNCLASSIFIED] (Jacob Jarick)<BR>><BR>><BR>>----------------------------------------------------------------------<BR>><BR>>Message: 1<BR>>Date: Wed, 2 May 2007 15:18:21 +0100<BR>>From: A.L.M.Buxey@lboro.ac.uk<BR>>Subject: Re: FreeRadius+AD integration<BR>>To: FreeRadius users mailing list<BR>>
<freeradius-users@lists.freeradius.org><BR>>Message-ID: <20070502141821.GB3861@lboro.ac.uk><BR>>Content-Type: text/plain; charset=us-ascii<BR>><BR>>Hi,<BR>> > It must be you. so your are the right person to tell me what is<BR>> > causing ntlm_auth to send OK.<BR>><BR>>huh?<BR>><BR>>ntlm_auth is part of the SAMBA package. just do a 'man ntlm_auth'<BR>>or somesuch. check freeradius source code. there is no ntlm_auth.<BR>><BR>><BR>>if your SAMBA is configured in a different way, then it will be using<BR>>another authenticaion file - check your /etc/smb.conf or whatever it<BR>>is on your system! your SAMBA might be using PAM to authenticate<BR>>and the user is a valid user!<BR>><BR>>alan<BR>><BR>><BR>>------------------------------<BR>><BR>>Message: 2<BR>>Date: Wed, 2 May 2007 11:29:23
-0300<BR>>From: "Matt Ashfield" <mda@unb.ca><BR>>Subject: Force Inner=Outer identity<BR>>To: "'FreeRadius users mailing list'"<BR>> <freeradius-users@lists.freeradius.org><BR>>Message-ID: <003601c78cc6$479d1a80$6eb0ca83@flanders><BR>>Content-Type: text/plain; charset="us-ascii"<BR>><BR>>Hi All<BR>><BR>>Using EAP-TTLS PAP with FR authenticated against LDAP. In looking at our<BR>>monitoring software, it displays the user's outer identity. Problem is, a<BR>>user can specify any userID as it's outer Identity and as long as it's a<BR>>valid outer Identity, that's what shows up in our monitoring software. Makes<BR>>user tracking quite difficult.<BR>><BR>>Is there any way to force a users's outer identity to equal their inner<BR>>identity?<BR>><BR>>Thanks<BR>><BR>>Matt
Ashfield<BR>>mda@unb.ca<BR>><BR>><BR>><BR>><BR>><BR>><BR>>------------------------------<BR>><BR>>Message: 3<BR>>Date: Wed, 2 May 2007 10:46:13 -0500<BR>>From: "Danner, Mearl" <jmdanner@samford.edu><BR>>Subject: RE: FreeRadius+AD integration<BR>>To: "FreeRadius users mailing list"<BR>> <freeradius-users@lists.freeradius.org><BR>>Message-ID:<BR>> <821AB4E5068CAB43A2539D4DD81F38E30295AE85@SAMFORDMAIL.ad.samford.edu><BR>>Content-Type: text/plain; charset="us-ascii"<BR>><BR>>Why not try this? Worked for us.<BR>><BR>>http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO<BR>><BR>><BR>>Note that the first thing configured is the Samba server. It doesn't<BR>>even mention installing the Freeradius server until after the Samba<BR>>configuration is
completed.<BR>><BR>><BR>>Hi,<BR>> > It must be you. so your are the right person to tell me what is<BR>> > causing ntlm_auth to send OK.<BR>><BR>><BR>><BR>><BR>>------------------------------<BR>><BR>>Message: 4<BR>>Date: Wed, 02 May 2007 11:05:22 -0600<BR>>From: Norman Zhang <norman.zhang@gmail.com><BR>>Subject: Re: Default Authentication<BR>>To: freeradius-users@lists.freeradius.org<BR>>Message-ID: <f1agce$muv$1@sea.gmane.org><BR>>Content-Type: text/plain; charset=ISO-8859-1; format=flowed<BR>><BR>>Alan DeKok wrote:<BR>> >> Is there a way to force only group router-ro and router-rw can login?<BR>> ><BR>> > Switch the entries around:<BR>> ><BR>> > DEFAULT Group == router-ro<BR>> > Fall-Through = Yes,<BR>> > cisco-avpair := "shell:priv-lvl=7"<BR>> ><BR>>
> DEFAULT Group == router-rw<BR>> > Fall-Through = Yes,<BR>> > cisco-avpair := "shell:priv-lvl=15"<BR>> ><BR>> > DEFAULT Auth-Type = System<BR>> > Service-Type = NAS-Prompt-User<BR>><BR>>This won't work, as Auth-Type = System will act as the clean-up default.<BR>>All other Unix users will be able to login, except they have privilege =<BR>>1. I read through users(5) few times, not sure if there's a way that I<BR>>can avoid this. Can you give more hints?<BR>><BR>>Norman<BR>><BR>><BR>><BR>>------------------------------<BR>><BR>>Message: 5<BR>>Date: Wed, 02 May 2007 11:41:57 -0600<BR>>From: Norman Zhang <norman.zhang@gmail.com><BR>>Subject: Missing Huntgroups Man Pages<BR>>To: freeradius-users@lists.freeradius.org<BR>>Message-ID: <f1aih1$usp$1@sea.gmane.org><BR>>Content-Type: text/plain;
charset=ISO-8859-1; format=flowed<BR>><BR>>Is huntgroups(5) removed from FreeRADIUS? I googled but all end up with<BR>>dead links and downloaded 1.1.6 source, can't find it in there either.<BR>>Please help.<BR>><BR>>Norman<BR>><BR>><BR>><BR>>------------------------------<BR>><BR>>Message: 6<BR>>Date: Wed, 02 May 2007 12:23:38 -0700<BR>>From: Ian Truelsen <ian.truelsen@gmail.com><BR>>Subject: Re: Problem with mysql authorization<BR>>To: FreeRadius users mailing list<BR>> <freeradius-users@lists.freeradius.org><BR>>Message-ID: <1178133818.5773.0.camel@mercury><BR>>Content-Type: text/plain<BR>><BR>>On Tue, 2007-05-01 at 21:56 +0100, tnt@kalik.co.yu wrote:<BR>> > Check that it's not picking up the Auth-Type System from the users file.<BR>> > Comment it out there and it should work.<BR>>
><BR>>That was the problem. Thanks.<BR>>--<BR>>Ian Truelsen<BR>>s/v Sting<BR>>Email: ian.truelsen@gmail.com<BR>>AIM: ihtruelsen<BR>>MSN: ihtruelsen@hotmail.com<BR>>Google Talk: ian.truelsen@gmail.com<BR>><BR>><BR>><BR>>------------------------------<BR>><BR>>Message: 7<BR>>Date: Wed, 02 May 2007 20:51:28 +0100<BR>>From: <tnt@kalik.co.yu><BR>>Subject: Re: Default Authentication<BR>>To: "FreeRadius users mailing list"<BR>> <freeradius-users@lists.freeradius.org><BR>>Message-ID: <bpHGIrZk.1178135488.6017250.tnt@kalik.co.yu><BR>>Content-Type: text/plain; charset=ISO-8859-2<BR>><BR>>Add a huntgroup:<BR>><BR>>onlythem NAS-IP-Address == a.b.c.d, Service-Type == admin or prompt<BR>> Group = router-ro,<BR>> Group = router-rw<BR>><BR>>Ivan Kalik<BR>>Kalik Informatika
ISP<BR>><BR>><BR>>Dana 2/5/2007, "Norman Zhang" <norman.zhang@gmail.com> pi?e:<BR>><BR>> >Alan DeKok wrote:<BR>> >>> Is there a way to force only group router-ro and router-rw can login?<BR>> >><BR>> >> Switch the entries around:<BR>> >><BR>> >> DEFAULT Group == router-ro<BR>> >> Fall-Through = Yes,<BR>> >> cisco-avpair := "shell:priv-lvl=7"<BR>> >><BR>> >> DEFAULT Group == router-rw<BR>> >> Fall-Through = Yes,<BR>> >> cisco-avpair := "shell:priv-lvl=15"<BR>> >><BR>> >> DEFAULT Auth-Type = System<BR>> >> Service-Type = NAS-Prompt-User<BR>> ><BR>> >This won't work, as Auth-Type = System will act as the clean-up default.<BR>> >All other Unix users will be able to login, except they have privilege =<BR>> >1. I read
through users(5) few times, not sure if there's a way that I<BR>> >can avoid this. Can you give more hints?<BR>> ><BR>> >Norman<BR>> ><BR>> >-<BR>> >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<BR>> ><BR>> ><BR>><BR>><BR>><BR>>------------------------------<BR>><BR>>Message: 8<BR>>Date: Thu, 3 May 2007 11:24:23 +1000<BR>>From: "Ranner, Frank MR" <Frank.Ranner@defence.gov.au><BR>>Subject: RE: VLAN Queries [SEC=UNCLASSIFIED]<BR>>To: "FreeRadius users mailing list"<BR>> <freeradius-users@lists.freeradius.org><BR>>Message-ID:<BR>> <3497E314EE23D54EACE26B5CFFD896980A6141@drnrxm01.drn.mil.au><BR>>Content-Type: text/plain; charset="US-ASCII"<BR>><BR>> > -----Original Message-----<BR>> > From:<BR>> >
freeradius-users-bounces+frank.ranner=defence.gov.au@lists.fre<BR>>eradius.org [mailto:freeradius-users-><BR>>bounces+frank.ranner=defence.gov.au@lists.freeradius.org] On<BR>> > Behalf Of Jacob Jarick<BR>> > Sent: Wednesday, 2 May 2007 18:28<BR>> > To: FreeRadius users mailing list<BR>> > Subject: VLAN Queries<BR>> ><BR>> > Salutations all,<BR>> ><BR>> > I will be attempting VLAN assignment tomorrow via FR + ADS +<BR>> > cisco wap.<BR>> ><BR>> > 1st Question: Is it possible to assign VLAN based solely on<BR>> > what ldap server authorized it. (The sites we are looking @<BR>> > have 1 domain server for staff and 1 for students).<BR>> ><BR>> > 2: Ive been looking @ Mat Ashfields email query regarding<BR>> > vlans, it looks nice and straight forward to me, my only<BR>> > query: Is
the ldap group automatically fetched or is some<BR>> > extra configuration needed under the ldap modules or ldap.attrbmap.<BR>> ><BR>> > Mats Example:<BR>> ><BR>> > DEFAULT Huntgroup-Name == mySWITCH1, Ldap-Group == staff<BR>> > User-Name=`%{User-Name}`,<BR>> > Tunnel-Private-Group-Id=176,<BR>> > Tunnel-Type=VLAN,<BR>> > Fall-Through = no<BR>> ><BR>> > DEFAULT Huntgroup-Name == mySWITCH1, Ldap-Group == student<BR>> > User-Name=`%{User-Name}`,<BR>> > Tunnel-Private-Group-Id=177,<BR>> > Tunnel-Type=VLAN,<BR>> > Fall-Through = no<BR>> ><BR>><BR>>An ldap group query is triggered by the presence of the Ldap-Group<BR>>attribute in the users file. The query uses the groupmembership_filter<BR>>to locate the entry relevent to the user and matches the groupname
in<BR>>the<BR>>groupmembership_attribute. For active directory, you probably want the<BR>>memberOf attribute in the person record.<BR>><BR>>Something like (radiusd.conf):<BR>>groupmembership_filter =<BR>>"(samaccountname=%{Stripped-User-Name:-%{User-Name}})"<BR>>groupname_attribute = memberOf<BR>><BR>><BR>>Regards<BR>>Frank Ranner<BR>><BR>><BR>><BR>>------------------------------<BR>><BR>>Message: 9<BR>>Date: Thu, 3 May 2007 10:10:23 +0800<BR>>From: "Jacob Jarick" <mem.namefix@gmail.com><BR>>Subject: Re: VLAN Queries [SEC=UNCLASSIFIED]<BR>>To: "FreeRadius users mailing list"<BR>> <freeradius-users@lists.freeradius.org><BR>>Message-ID:<BR>> <d8677f420705021910u5eeddbbdg8ee01f87dd800a1d@mail.gmail.com><BR>>Content-Type: text/plain; charset=ISO-8859-1; format=flowed<BR>><BR>>Thanks Frank
your a wealth of info. I will test it out once Ive<BR>>finished the cgi frontend for freeradius Ive been askes to code.<BR>><BR>>On 5/3/07, Ranner, Frank MR <Frank.Ranner@defence.gov.au> wrote:<BR>> > > -----Original Message-----<BR>> > > From:<BR>> > > freeradius-users-bounces+frank.ranner=defence.gov.au@lists.fre<BR>> > eradius.org [mailto:freeradius-users-><BR>> > bounces+frank.ranner=defence.gov.au@lists.freeradius.org] On<BR>> > > Behalf Of Jacob Jarick<BR>> > > Sent: Wednesday, 2 May 2007 18:28<BR>> > > To: FreeRadius users mailing list<BR>> > > Subject: VLAN Queries<BR>> > ><BR>> > > Salutations all,<BR>> > ><BR>> > > I will be attempting VLAN assignment tomorrow via FR + ADS +<BR>> > > cisco wap.<BR>> > ><BR>> > > 1st
Question: Is it possible to assign VLAN based solely on<BR>> > > what ldap server authorized it. (The sites we are looking @<BR>> > > have 1 domain server for staff and 1 for students).<BR>> > ><BR>> > > 2: Ive been looking @ Mat Ashfields email query regarding<BR>> > > vlans, it looks nice and straight forward to me, my only<BR>> > > query: Is the ldap group automatically fetched or is some<BR>> > > extra configuration needed under the ldap modules or ldap.attrbmap.<BR>> > ><BR>> > > Mats Example:<BR>> > ><BR>> > > DEFAULT Huntgroup-Name == mySWITCH1, Ldap-Group == staff<BR>> > > User-Name=`%{User-Name}`,<BR>> > > Tunnel-Private-Group-Id=176,<BR>> > > Tunnel-Type=VLAN,<BR>> > > Fall-Through = no<BR>> > ><BR>> > > DEFAULT Huntgroup-Name
== mySWITCH1, Ldap-Group == student<BR>> > > User-Name=`%{User-Name}`,<BR>> > > Tunnel-Private-Group-Id=177,<BR>> > > Tunnel-Type=VLAN,<BR>> > > Fall-Through = no<BR>> > ><BR>> ><BR>> > An ldap group query is triggered by the presence of the Ldap-Group<BR>> > attribute in the users file. The query uses the groupmembership_filter<BR>> > to locate the entry relevent to the user and matches the groupname in<BR>> > the<BR>> > groupmembership_attribute. For active directory, you probably want the<BR>> > memberOf attribute in the person record.<BR>> ><BR>> > Something like (radiusd.conf):<BR>> > groupmembership_filter =<BR>> > "(samaccountname=%{Stripped-User-Name:-%{User-Name}})"<BR>> > groupname_attribute = memberOf<BR>> ><BR>> ><BR>> > Regards<BR>> >
Frank Ranner<BR>> ><BR>> > -<BR>> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<BR>> ><BR>><BR>><BR>>------------------------------<BR>><BR>>-<BR>>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<BR>><BR>><BR>>End of Freeradius-Users Digest, Vol 25, Issue 9<BR>>***********************************************<BR></FONT></BLOCKQUOTE></div><br clear=all><hr>FREE pop-up blocking with the new MSN Toolbar <a href="http://g.msn.com/8HMAEN/2755??PS=47575" target="_top">MSN Toolbar</a> Get it now!</html>