<!--/*SC*/DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"/*EC*/-->
<html><head><title></title><style type="text/css"><!-- body{padding:1ex;margin:0;font-family:sans-serif;font-size:small}a[href]{color:-moz-hyperlinktext!important;text-decoration:-moz-anchor-decoration}blockquote{margin:0;border-left:2px solid #144fae;padding-left:1em}blockquote blockquote{border-color:#006312}blockquote blockquote blockquote{border-color:#540000} --></style></head><body><div style="font-family: Arial; font-size: medium;" dir="ltr"><div>
        Thank you, I have done that already. The IP and the shared secret is inside the EAP config of the router just like you say. I have ping contact from the PC to the router. The configuration "client router { secret = testing123; ipaddr = 192.168.0.1; }" should work so that I would be able to send "radtest sigbj testing-0 192.168.0.1 0 testing123" to the router to have the router call the radiusd at 192.168.0.199. Using 127.0.0.1 there is full acceptance both with radtetst -t eap-md5, chap, mschap, pap. It IS working, and WELL too. -- The mysql part I have not tried out, but it is not so important at this stage.</div>
<div>
         </div>
<div>
        To me the radius is so well configured and constructed that it should be this simple, at least taken in consideration the docu I have read. The problem seems to be that call from the computer to the NAS-client (the router) does not come through, or the NAS will not send requests to the radius server. Again, it might be a network problem, a missing part from my side, or something else. Strange is it, because the router works with WAP-PSK</div>
<div>
        --</div>
<div>
        Si St</div>
<div>
        <a href="mailto:sigbj-st@operamail.com">sigbj-st@operamail.com</a></div>
<div class="defangedMessage">
        <div id="me18768">
                <div>
                         </div>
                <div>
                         </div>
                <div>
                        On Sun, Jul 15, 2012, at 11:21 PM, Andrew Andonopoulos wrote:</div>
                <blockquote class="me18768QuoteMessage" type="cite">
                        <style type="text/css"><!--  --></style>
                        <div dir="ltr">
                                Hi,
                                <div>
                                         </div>
                                <div>
                                        you can use the following to include all the IPs inside the clients file:</div>
                                <div>
                                         </div>
                                <div>
                                        <pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
<span class="me18768Apple-style-span" style="color: rgb(17, 0, 0); font-family: verdana,arial,sans-serif; font-size: 12px; line-height: 18px;">client 0.0.0.0/0 {
       secret          = mysecret
       shortname       = myNAS
}</span></pre>
                                        <pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
</pre>
                                        <pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
</pre>
                                        <pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
<span class="me18768Apple-style-span" style="color: rgb(17, 0, 0); font-family: verdana,arial,sans-serif; font-size: 12px; line-height: 18px;">From the router's side you need to write a command to add your radius shared key and ip. For example if it's allied telesis</span></pre>
                                        <pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
</pre>
                                        <pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
<span class="me18768Apple-style-span" style="color: rgb(17, 0, 0); font-family: verdana,arial,sans-serif; font-size: 12px; line-height: 18px;">radius-server key <key>
radius-server host <ip></span></pre>
                                        <pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
</pre>
                                        <pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
<span class="me18768Apple-style-span" style="color: rgb(17, 0, 0); font-family: verdana,arial,sans-serif; font-size: 12px; line-height: 18px;">for cisco is something similar.</span></pre>
                                        <pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
</pre>
                                        <br />
                                        <pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
<span class="me18768Apple-style-span" style="color: rgb(17, 0, 0); font-family: verdana,arial,sans-serif; font-size: 12px; line-height: 18px;">If you are using Mysql then you need to add it to the nas table but before that you need to edit the sql.conf file and uncomment the radclients = yes</span></pre>
                                        <pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
</pre>
                                        <pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
</pre>
                                        <pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
<span class="me18768Apple-style-span" style="color: rgb(17, 0, 0); font-family: verdana,arial,sans-serif; font-size: 12px; line-height: 18px;">for example my Mysql nas table is like that:</span></pre>
                                        <pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
</pre>
                                        <pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
<span class="me18768Apple-style-span" style="color: rgb(17, 0, 0); font-family: verdana,arial,sans-serif; font-size: 12px; line-height: 18px;">+----+----------+--------------+-------+-------+--------+-----------+---------------+--------+
| id | nasname  | shortname    | type  | ports | secret | community | description   | server |
+----+----------+--------------+-------+-------+--------+-----------+---------------+--------+
|  1 |    <IP>  | Core         | other |  NULL |  <key> | NULL      | Radius Client | NULL   |
|  2 |    <IP>  | ZoneDirector | other |  NULL | <key>  | NULL      | Radius Client | NULL   |
+----+----------+--------------+-------+-------+--------+-----------+---------------+--------+
</span></pre>
                                        <div>
                                                 </div>
                                        <div>
                                                 </div>
                                        <div>
                                                <span class="me18768Apple-style-span" style="color: rgb(17, 0, 0); font-family: verdana,arial,sans-serif; font-size: 12px; line-height: 18px;">because i am using the core and the zone director as a NAS.</span></div>
                                        <pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
 </pre>
                                        <pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
</pre>
                                        <pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
<span class="me18768Apple-style-span" style="color: rgb(17, 0, 0); font-family: verdana,arial,sans-serif; font-size: 12px; line-height: 18px;">Good luck</span></pre>
                                        <pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
<span class="me18768Apple-style-span" style="color: rgb(17, 0, 0); font-family: verdana,arial,sans-serif; font-size: 12px; line-height: 18px;">Andrew</span></pre>
                                        <pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
</pre>
                                        <br />
                                        <div>
                                                > From: sigbj-st@operamail.com<br />
                                                > To: freeradius-users@lists.freeradius.org<br />
                                                > Subject: a router as NAS<br />
                                                > Date: Sun, 15 Jul 2012 18:49:18 +0200<br />
                                                ><br />
                                                > (I think I messed up the previous posting by returning on a previous by<br />
                                                > Winter answered post. This message is found in the end of that post. I<br />
                                                > am sorry. Hope this one comes in with the new subject.)<br />
                                                > Can I connect to radius via a router that has a guestzone? It simply<br />
                                                > means that the router has an extra guestzone interface that also<br />
                                                > contains choice for PSK or EAP<br />
                                                ><br />
                                                > From the following information I wonder why the radiusd is not<br />
                                                > responding.Remember I am trying to log in with the radius from the PC<br />
                                                > where the radius is installed. Radius is on 192.168.0.198 and I am<br />
                                                > attempting login or request from 192.168.0.198. This may also be a<br />
                                                > mistake. Maybe there will be a conflict betw 192.168.0.1 = router and<br />
                                                > 192.168.0.198 localhost. I simply dont know.<br />
                                                ><br />
                                                > The router is a DLINK 655<br />
                                                > The OS is SuSE Linux Enterprise Desktop 10, ServPack 3<br />
                                                > The radius is the freeradiu-sserver-2.1.12<br />
                                                ><br />
                                                > Here are the fields from this zone in the router:<br />
                                                > **ROUTER PART**<br />
                                                > "Use this section to configure the guest zone settings of your router.<br />
                                                > The guest zone provide a separate network zone for guest to access<br />
                                                > Internet":<br />
                                                ><br />
                                                > --GUEST ZONE SELECTION--<br />
                                                > Enable Guest Zone : (Yes)<br />
                                                > Wireless Band : 2.4GHz Band<br />
                                                > Wireless Network Name : EAP_sled (Also called the SSID)<br />
                                                > Enable Routing Between Zones : (No)<br />
                                                > Security Mode : WPA-Enterprise<br />
                                                ><br />
                                                > --WPA--<br />
                                                > WPA Mode : Auto (WPA or WPA2)<br />
                                                > Cipher Type : TKIP and AES<br />
                                                > Group Key Update Interval : 3600 (seconds)<br />
                                                ><br />
                                                > --EAP (802.1x)--<br />
                                                ><br />
                                                > "When WPA enterprise is enabled, the router uses EAP (802.1x) to<br />
                                                > authenticate clients via a remote RADIUS server."<br />
                                                ><br />
                                                > Authentication Timeout : 60 (minutes)<br />
                                                > RADIUS server IP Address : 192.168.0.198<br />
                                                > RADIUS server Port : 1812<br />
                                                > RADIUS server Shared Secret : testing123<br />
                                                > MAC Address Authentication : No<br />
                                                > **CLIENT.CONF**<br />
                                                > Then I change the client.conf from localhost 127.0.0.1 to the IP of the<br />
                                                > router 192.168.0.1<br />
                                                > #client localhost {<br />
                                                > # Allowed values are:<br />
                                                > # dotted quad (1.2.3.4)<br />
                                                > # hostname (radius.example.com)<br />
                                                > # ipaddr = 127.0.0.1<br />
                                                > # Test with router:<br />
                                                > client router {<br />
                                                > # Allowed values are:<br />
                                                > # dotted quad (1.2.3.4)<br />
                                                > # hostname (radius.example.com)<br />
                                                > ipaddr = 192.168.0.1<br />
                                                > #<br />
                                                > and I keep rest of it as it was.<br />
                                                ><br />
                                                > **/ETC/HOSTS/**<br />
                                                > I put in a line in /etc/hosts/ (I am not sure if it is right or<br />
                                                > necessary:<br />
                                                > # IP-Address Full-Qualified-Hostname Short-Hostname<br />
                                                > 192.168.0.1 router dlink<br />
                                                ><br />
                                                > **YAST CONFIG FOR THE USERCLIENT**<br />
                                                > I change the setup in system (YaST)from PKS key to EAP:<br />
                                                > --MODUS--<br />
                                                > Accesspoint: (Yes)<br />
                                                > Ad hoc: no<br />
                                                > Master: no<br />
                                                > --NETWORKNAME SSID--<br />
                                                > EAP_sled<br />
                                                > --AUTHENTICATION MODUS--<br />
                                                > Open: no<br />
                                                > Shared key: no<br />
                                                > WPA-EAP (Yes)<br />
                                                > WPA-PSK: no<br />
                                                > EAP Modus: TTLS<br />
                                                > Identity: sigbj (as in /usr/local/etc/raddb/users)<br />
                                                > Password: testing-0 (as in /usr/local/etc/raddb/users)<br />
                                                > Anonymous identity: (left open)<br />
                                                > Client-Sert: (closed)<br />
                                                > Client-Key: (closed)<br />
                                                > Client-Key_password: whatever<br />
                                                > Server-Sert: /usr/local/etc/raddb/certs/server.csr<br />
                                                ><br />
                                                > I have made no changes in eap.conf and radius.conf<br />
                                                ><br />
                                                > I try to start the radiusd -X with these changes (the previous test on<br />
                                                > localhost is successful: "Ready to process requests." And radtest test<br />
                                                > gives the right feedback:Sending Access-Accept of id 178 to 127.0.0.1<br />
                                                > port 1932,so this test part works)<br />
                                                ><br />
                                                > Some of the messages from the radiusd -X with the changed client.conf:<br />
                                                > ........<br />
                                                > radiusd: #### Loading Clients ####<br />
                                                > client router {<br />
                                                > ipaddr = 192.168.0.1<br />
                                                > require_message_authenticator = no<br />
                                                > secret = "testing123"<br />
                                                > nastype = "other"<br />
                                                > .............<br />
                                                > ... adding new socket proxy address * port 1047<br />
                                                > Listening on authentication address * port 1812<br />
                                                > Listening on accounting address * port 1813<br />
                                                > Listening on command file /usr/local/var/run/radiusd/radiusd.sock<br />
                                                > Listening on authentication address 127.0.0.1 port 18120 as server<br />
                                                > inner-tunnel<br />
                                                > Listening on proxy address * port 1814<br />
                                                > Ready to process requests.<br />
                                                ><br />
                                                > radtest gives this:<br />
                                                > Sending Access-Request of id 207 to 127.0.0.1 port 1812<br />
                                                > User-Name = "sigbj"<br />
                                                > User-Password = "testing-0"<br />
                                                > NAS-IP-Address = 192.168.0.198<br />
                                                > NAS-Port = 0<br />
                                                > Message-Authenticator = 0x00000000000000000000000000000000<br />
                                                > radclient: no response from server for ID 207 socket 3<br />
                                                ><br />
                                                > and radiusd consequently:<br />
                                                > Ignoring request to authentication address * port 1812 from unknown<br />
                                                > client 127.0.0.1 port 1048<br />
                                                ><br />
                                                > Trying to login with the Knetworkmanager (KDE) on to the network gives<br />
                                                > no reaction on the server, server is just waiting, the knetworkmanager<br />
                                                > may blink or just dryrun. I have a feeling that the server is listening<br />
                                                > on the 127.0.0.1 instead on 192.168.0.1, but do not know<br />
                                                ><br />
                                                > I am of course doing a typical newbie mistake somewhere, but I do not<br />
                                                > know what.<br />
                                                ><br />
                                                > IF YOU NEED THE WHOLE RADIUSD -X LOG AT THIS POINT, PLEASE TELL ME. I<br />
                                                > have given this explanations to begin with. The problems may also be<br />
                                                > that a router of this kind cannot be used on freeradius or that the<br />
                                                > router is 100% "Windows-messed-up".<br />
                                                ><br />
                                                > --<br />
                                                > Si St<br />
                                                > sigbj-st@operamail.com<br />
                                                ><br />
                                                > --<br />
                                                > http://www.fastmail.fm - The professional email service<br />
                                                ><br />
                                                > -<br />
                                                > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html</div>
                                </div>
                        </div>
                </blockquote>
        </div>
</div>
<div>
         </div>
</div><pre>
-- 
http://www.fastmail.fm - Accessible with your email software
                          or over the web
</pre>
</body></html>