hi,<br>it is working now.thanks for your help<br>i was missing the following entry<br><br><dl><dt>
<a href="http://www.juniper.net/techpubs/software/junos/junos84/swconfig84-system-basics/id-11121928.html#id-11121928">user</a> remote {</dt><dd>full-name "All remote users";</dd><dd>uid <span class="ExampleInline">
<i>uid-value</i></span>;</dd><dd>class <span class="ExampleInline"><i>class-name</i></span>;</dd></dl>thanks again.<br><br><br><br><br><br><div><span class="gmail_quote">On 8/16/07, <b class="gmail_sendername"><a href="mailto:freeradius-users-request@lists.freeradius.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
freeradius-users-request@lists.freeradius.org</a></b> <<a href="mailto:freeradius-users-request@lists.freeradius.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
freeradius-users-request@lists.freeradius.org</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Send Freeradius-Users mailing list submissions to
<br> <a href="mailto:freeradius-users@lists.freeradius.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">freeradius-users@lists.freeradius.org</a><br><br>To subscribe or unsubscribe via the World Wide Web, visit
<br> <a href="http://lists.freeradius.org/mailman/listinfo/freeradius-users" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://lists.freeradius.org/mailman/listinfo/freeradius-users</a><br>or, via email, send a message with subject or body 'help' to<br> <a href="mailto:freeradius-users-request@lists.freeradius.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
freeradius-users-request@lists.freeradius.org
</a><br><br>You can reach the person managing the list at<br> <a href="mailto:freeradius-users-owner@lists.freeradius.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">freeradius-users-owner@lists.freeradius.org
</a><br><br>When replying, please edit your Subject line so it is more specific
<br>than "Re: Contents of Freeradius-Users digest..."<br><br><br>Today's Topics:<br><br> 1. juniper authentication with freeradius (ashish verma)<br> 2. Re: juniper authentication with freeradius (Bj?rn Mork)
<br> 3. Re: Big Problem with peap-mschapv2+freeradius 1.1.7 (Alan DeKok)<br> 4. freeradius stops immediately (<a href="mailto:Ruben.Savia@alcatel-lucent.com.ar" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
Ruben.Savia@alcatel-lucent.com.ar</a>)<br> 5. Re: freeradius stops immediately (Alan DeKok)
<br> 6. Enterasys Mac-auth Dynamic-VLAN (Fabrizio Stoppani)<br><br><br>----------------------------------------------------------------------<br><br>Message: 1<br>Date: Thu, 16 Aug 2007 16:00:07 +0530<br>From: "ashish verma" <
<a href="mailto:ashish.scit@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">ashish.scit@gmail.com</a>><br>Subject: juniper authentication with freeradius<br>To: <a href="mailto:freeradius-users@lists.freeradius.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
freeradius-users@lists.freeradius.org</a>
<br>Message-ID:<br> <<a href="mailto:11b554120708160330o1e78ad48o112b4cd2d11b6dc8@mail.gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">11b554120708160330o1e78ad48o112b4cd2d11b6dc8@mail.gmail.com
</a>><br>Content-Type: text/plain; charset="iso-8859-1"
<br><br>hi,<br><br>oh.. i didnt have dictionary.juniper file under /etc/freeradius.<br>so i added those lines in "dictionary" file under /etc/freeradius.<br>and this is my juniper side configuration.<br><br>authentication-order [ radius password ];
<br> radius-server {<br> <a href="http://192.168.1.49" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.1.49</a> {<br> port 1812;<br> accounting-port 1813;<br> secret "$9$mTnCOBEyrvO1SeKM-d"; ## SECRET-DATA
<br> }
<br> }<br><br>i tried doing it without specifying the ports as well..but didnt work.<br><br>under "users" file i have this<br><br>edward Auth-type := Local, User-Password = "edward"<br> Juniper-Local-User-Name = "fritz12"
<br><br>clients.conf contains<br><br>client <a href="http://192.168.1.10/24" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.1.10/24</a> {<br> secret = secret<br> shortname = <a href="http://junoscope.server.name" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
junoscope.server.name</a><br> type = Juniper:nas
<br> }<br><br><br>On 8/16/07, <a href="mailto:freeradius-users-request@lists.freeradius.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">freeradius-users-request@lists.freeradius.org</a> <
<br><a href="mailto:freeradius-users-request@lists.freeradius.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">freeradius-users-request@lists.freeradius.org
</a>> wrote:<br>><br>> Send Freeradius-Users mailing list submissions to<br>> <a href="mailto:freeradius-users@lists.freeradius.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
freeradius-users@lists.freeradius.org</a><br>><br>> To subscribe or unsubscribe via the World Wide Web, visit
<br>> <a href="http://lists.freeradius.org/mailman/listinfo/freeradius-users" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://lists.freeradius.org/mailman/listinfo/freeradius-users
</a><br>> or, via email, send a message with subject or body 'help' to
<br>> <a href="mailto:freeradius-users-request@lists.freeradius.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">freeradius-users-request@lists.freeradius.org</a><br>><br>> You can reach the person managing the list at
<br>> <a href="mailto:freeradius-users-owner@lists.freeradius.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
freeradius-users-owner@lists.freeradius.org</a><br>><br>> When replying, please edit your Subject line so it is more specific<br>> than "Re: Contents of Freeradius-Users digest..."<br>><br>><br>> Today's Topics:
<br>><br>> 1. Re: juniper authentication with freeradius (Bj?rn Mork)<br>><br>><br>> ----------------------------------------------------------------------<br>><br>> Message: 1<br>> Date: Thu, 16 Aug 2007 11:20:09 +0200
<br>> From: Bj?rn Mork <<a href="mailto:bjorn@mork.no" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">bjorn@mork.no</a>><br>> Subject: Re: juniper authentication with freeradius<br>> To: FreeRadius users mailing list
<br>> <<a href="mailto:freeradius-users@lists.freeradius.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
freeradius-users@lists.freeradius.org</a>><br>> Message-ID: <<a href="mailto:87wsvv3kfq.fsf@obelix.mork.no" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">87wsvv3kfq.fsf@obelix.mork.no</a>
><br>> Content-Type: text/plain; charset=iso-8859-1<br>><br>> "ashish verma" <
<a href="mailto:ashish.scit@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">ashish.scit@gmail.com</a>> writes:<br>><br>> > I am trying to do juniper m7i router authentication with freeradius.
<br>> > Can someone provide me some documentation?
<br>> ><br>> > I have configured juniper but i suppose i missing something on radius<br>> side.<br>><br>> You don't say how you configured neither the JUNOS box nor FreeRADIUS.<br>> My guess is that you're lacking something on the router:
<br>><br>> <a href="http://www.juniper.net/techpubs/software/junos/junos84/swconfig84-system-basics/id-10674699.html" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.juniper.net/techpubs/software/junos/junos84/swconfig84-system-basics/id-10674699.html
</a>
<br>><br>><br>> > added following in dictionary file.<br>><br>> why? They have been in the default dictionary.juniper for ages.<br>><br>><br>><br>> Bj?rn<br>><br>><br>><br>> ------------------------------
<br>><br>> -<br>> List info/subscribe/unsubscribe? See<br>> <a href="http://www.freeradius.org/list/users.html" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.freeradius.org/list/users.html
</a><br>><br>><br>> End of Freeradius-Users Digest, Vol 28, Issue 55
<br>> ************************************************<br>><br>-------------- next part --------------<br>An HTML attachment was scrubbed...<br>URL: <a href="https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070816/6923e495/attachment-0001.html" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070816/6923e495/attachment-0001.html</a><br><br>------------------------------<br><br>Message: 2<br>Date: Thu, 16 Aug 2007 12:57:29 +0200<br>From: Bj?rn Mork <
<a href="mailto:bjorn@mork.no" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">bjorn@mork.no</a>><br>Subject: Re: juniper authentication with freeradius<br>To: FreeRadius users mailing list<br> <
<a href="mailto:freeradius-users@lists.freeradius.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">freeradius-users@lists.freeradius.org
</a>><br>Message-ID: <<a href="mailto:87643f3fxi.fsf@obelix.mork.no" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">87643f3fxi.fsf@obelix.mork.no</a>><br>Content-Type: text/plain; charset=iso-8859-1
<br><br>"ashish verma" <<a href="mailto:ashish.scit@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
ashish.scit@gmail.com</a>> writes:<br><br>> oh.. i didnt have dictionary.juniper file under /etc/freeradius.<br>> so i added those lines in "dictionary" file under /etc/freeradius.<br>> and this is my juniper side configuration.
<br>><br>> authentication-order [ radius password ];<br>> radius-server {<br>> <a href="http://192.168.1.49" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.1.49</a> {
<br>> port 1812;<br>> accounting-port 1813;<br>
> secret "$9$mTnCOBEyrvO1SeKM-d"; ## SECRET-DATA<br>> }<br>> }<br><br>You might need to specify the source address here. I.e.<br><br> radius-server {<br> <a href="http://192.168.1.49" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
192.168.1.49</a> {<br> port 1812;<br> accounting-port 1813;<br> secret "$9$mTnCOBEyrvO1SeKM-d"; ## SECRET-DATA<br> source-address <a href="http://192.168.1.10" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
192.168.1.10
</a>;<br> }<br> }<br><br><br>> i tried doing it without specifying the ports as well..but didnt work.<br>><br>> under "users" file i have this<br>><br>> edward Auth-type := Local, User-Password = "edward"
<br>> Juniper-Local-User-Name = "fritz12"<br><br>Did you define the local user "fritz12" on the router?<br><br>> clients.conf contains<br>><br>> client <a href="http://192.168.1.10/24" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
192.168.1.10/24</a> {<br>> secret = secret<br>> shortname = <a href="http://junoscope.server.name" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">junoscope.server.name</a><br>> type = Juniper:nas
<br>> }<br><br>That's a somewhat strange entry. I would have expected either
<br>'client <a href="http://192.168.1.0/24" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.1.0/24</a>' or 'client <a href="http://192.168.1.1" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
192.168.1.1</a>'<br><br>Do you get anything in the radius logs, indicating that the connection<br>is OK?
<br><br><br><br><br>Bj?rn<br><br><br><br>------------------------------<br><br>Message: 3<br>Date: Thu, 16 Aug 2007 09:45:27 -0400<br>From: Alan DeKok <<a href="mailto:aland@deployingradius.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
aland@deployingradius.com
</a>><br>Subject: Re: Big Problem with peap-mschapv2+freeradius 1.1.7<br>To: <a href="mailto:Christian.Frank@rsel.renesas.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">Christian.Frank@rsel.renesas.com
</a>, FreeRadius users mailing list<br> <<a href="mailto:freeradius-users@lists.freeradius.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
freeradius-users@lists.freeradius.org</a>><br>Message-ID: <<a href="mailto:46C454F7.4050201@deployingradius.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">46C454F7.4050201@deployingradius.com
</a>><br>Content-Type: text/plain; charset=ISO-8859-1<br><br>Christian Frank wrote:
<br>> I have a big problem with my radius setup. I want to authenticate<br>> my users with peap+mschapv2. The radius backend is an ldap server.<br><br> Does the LDAP server contain a clear-text or NT hashed password for
<br>the user?<br><br>> I have this setup working with Freeradius 1.0.1 on Redhat 4 ES.<br>><br>> But after upgrading to 1.1.7 this setup does not work anymore.<br>> I configured my radius/eap/client config file the same way like the old file was.
<br><br> Are you sure? The configurations are similar, but not identical.<br><br>> rlm_ldap: performing search in dc=rsel,dc=com, with filter (uid=cfra)<br>> rlm_ldap: checking if remote access for cfra is allowed by uid
<br>> rlm_ldap: looking for check items in directory...<br>> rlm_ldap: looking for reply items in directory...<br>> rlm_ldap: user cfra authorized to use remote access<br><br> BUT there was no "known good" password for the user found in LDAP.
<br>That's why authentication is failing.<br><br> Alan DeKok.<br><br><br>------------------------------<br><br>Message: 4<br>Date: Thu, 16 Aug 2007 11:34:44 -0300<br>From: <a href="mailto:Ruben.Savia@alcatel-lucent.com.ar" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
Ruben.Savia@alcatel-lucent.com.ar</a><br>Subject: freeradius stops immediately<br>To: <a href="mailto:freeradius-users@lists.freeradius.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">freeradius-users@lists.freeradius.org
</a><br>Message-ID:<br> <<a href="mailto:OF2B008EA4.0271720D-ON03257339.00500CB4-03257339.00501754@alcatel.com.ar" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
OF2B008EA4.0271720D-ON03257339.00500CB4-03257339.00501754@alcatel.com.ar</a>><br><br>Content-Type: text/plain; charset="iso-8859-1"<br><br>Hello all.<br><br> I am trying to run freeradius-1.1.5 but it stops immediately after
<br>executing the command ./radiusd -X<br><br>The computer?s answer is "Finalizado" because I have chossen spanish as my<br>Solaris language<br><br>There is no log file.<br><br># ./radiusd -X<br>Finalizado<br><br>
# uname -a<br>SunOS xterminal 5.7 Generic_106541-04 sun4u SUNW,Ultra-30 Solaris<br><br>Any help please?<br><br>Thank you<br><br>Ruben Savia<br>Professional Services Specialist<br>Gcia. Operaciones y Servicios<br><a href="mailto:ruben.savia@alcatel-lucent.com.ar" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
ruben.savia@alcatel-lucent.com.ar</a><br><br>Av. Vieytes 1710. (C1275AGT) Ciudad Aut?noma de Buenos Aires<br>Te : 4349-1111 int 1001<br>Fax: 4349-1129<br>-------------- next part --------------<br>An HTML attachment was scrubbed...
<br>URL: <a href="https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070816/757826fe/attachment-0001.html" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070816/757826fe/attachment-0001.html
</a><br><br>------------------------------<br><br>Message: 5<br>Date: Thu, 16 Aug 2007 10:54:19 -0400<br>From: Alan DeKok <<a href="mailto:aland@deployingradius.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
aland@deployingradius.com</a>><br>Subject: Re: freeradius stops immediately
<br>To: FreeRadius users mailing list<br> <<a href="mailto:freeradius-users@lists.freeradius.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">freeradius-users@lists.freeradius.org</a>
><br>Message-ID: <<a href="mailto:46C4651B.30409@deployingradius.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
46C4651B.30409@deployingradius.com</a>><br>Content-Type: text/plain; charset=ISO-8859-1<br><br><a href="mailto:Ruben.Savia@alcatel-lucent.com.ar" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
Ruben.Savia@alcatel-lucent.com.ar</a> wrote:<br>> I am trying to run
freeradius-1.1.5 but it stops immediately<br>> after executing the command ./radiusd -X<br><br> Use 1.1.7.<br><br> Alan DeKok.<br><br><br>------------------------------<br><br>Message: 6<br>Date: Thu, 16 Aug 2007 17:38:01 +0200
<br>From: "Fabrizio Stoppani" <<a href="mailto:vagabond3@virgilio.it" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">vagabond3@virgilio.it</a>><br>Subject: Enterasys Mac-auth Dynamic-VLAN
<br>To: <<a href="mailto:freeradius-users@lists.freeradius.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
freeradius-users@lists.freeradius.org</a>><br>Message-ID: <002801c7e01b$6e142020$c806080a@Bitty><br>Content-Type: text/plain; charset="iso-8859-1"<br><br>Hello to everyone !<br>I have a problem with Enterasys switch SecureStack A2. It work with
802.1X and MAC-authentication but the dynamic vlan assignment works only the first one.<br>I want use it with the MAC authentication (as with Cisco,HP,...) but the Enterasys switch don't accept the tunnel attributes that the Radius server send it.
<br>It seems that these are accepted only with 802.1X autentication.<br>I use Freeradius with Mysql so I would want to know if there is a way to say to Freeradius to use the Calling-Station-Id as password for EAP module and use DEFAULT user for every authentication.
<br>Thanks a lot for your support.<br><br>Fabrizio Stoppani<br>-------------- next part --------------<br>An HTML attachment was scrubbed...<br>URL: <a href="https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070816/f40aa145/attachment.html" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070816/f40aa145/attachment.html</a><br><br>------------------------------<br><br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://www.freeradius.org/list/users.html</a><br><br><br>End of Freeradius-Users Digest, Vol 28, Issue 56<br>************************************************<br></blockquote></div><br>