<div dir="ltr"><div>> Hi every one i am facing some problems,<br>
><br>
> i configured radius server<br>
> i configured a client<br>
> and finally i have configured a user as well<br>
><br>
> how do i block or deny access for users to log certain clients<br>
><br>
> as and example --<br>
><br>
> User1 can log to the SWA but he should not be able to log to SWB<br>
><br>
> please help me on this , i read so many articuls but cant fiend a way to do it<br>
<br>
<br>
authorize {<br>
if ((User-Name == 'User1') && ("%{client:shortname}" == 'SWA')) {<br>
update control {<br>
Auth-Type := 'Accept'<br>
}<br>
}<br>
}<br>
<br><br></div>can you please tell me to which file that i want to include these cods <br><div>
<br>
<br>
<br>
> dilanka nayanajith<br>
> Thank you</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Jan 29, 2014 at 3:21 PM, <span dir="ltr"><<a href="mailto:freeradius-users-request@lists.freeradius.org" target="_blank">freeradius-users-request@lists.freeradius.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Send Freeradius-Users mailing list submissions to<br>
<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="http://lists.freeradius.org/mailman/listinfo/freeradius-users" target="_blank">http://lists.freeradius.org/mailman/listinfo/freeradius-users</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:freeradius-users-request@lists.freeradius.org">freeradius-users-request@lists.freeradius.org</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:freeradius-users-owner@lists.freeradius.org">freeradius-users-owner@lists.freeradius.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of Freeradius-Users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: cui-inner.post-auth and cui.post-auth (Alan Buxey)<br>
2. Does FreeRADIUS 2.1.12's ECDH support include<br>
ECDH-RSA-AES128-SHA? (Edward Morris)<br>
3. Re: Help Accounting packet forwarding (battossai)<br>
4. How to set User access for certain clients (dilanka nayanajith)<br>
5. Re: Help Accounting packet forwarding (Arran Cudbard-Bell)<br>
6. Re: How to set User access for certain clients<br>
(Arran Cudbard-Bell)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Tue, 28 Jan 2014 22:26:40 +0000<br>
From: Alan Buxey <<a href="mailto:A.L.M.Buxey@lboro.ac.uk">A.L.M.Buxey@lboro.ac.uk</a>><br>
To: FreeRadius users mailing list<br>
<<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>>, <a href="mailto:stefan.paetow@diamond.ac.uk">stefan.paetow@diamond.ac.uk</a><br>
Subject: Re: cui-inner.post-auth and cui.post-auth<br>
Message-ID: <<a href="mailto:4279f9f1-e87d-4fe1-ad4a-1425371e10bd@email.android.com">4279f9f1-e87d-4fe1-ad4a-1425371e10bd@email.android.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
I'm sure I submitted a patch for this. .. Maybe it only went into 2.x?<br>
<br>
alan<br>
--<br>
Sent from my Android device with K-9 Mail. Please excuse my brevity.<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140128/4a7acf23/attachment-0001.html" target="_blank">http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140128/4a7acf23/attachment-0001.html</a>><br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Tue, 28 Jan 2014 20:23:38 -0800 (PST)<br>
From: Edward Morris <<a href="mailto:emorris25@yahoo.com">emorris25@yahoo.com</a>><br>
To: "<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>"<br>
<<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
Subject: Does FreeRADIUS 2.1.12's ECDH support include<br>
ECDH-RSA-AES128-SHA?<br>
Message-ID:<br>
<<a href="mailto:1390969418.47367.YahooMailNeo@web140404.mail.bf1.yahoo.com">1390969418.47367.YahooMailNeo@web140404.mail.bf1.yahoo.com</a>><br>
Content-Type: text/plain; charset=iso-8859-1<br>
<br>
Using FreeRADIUS 2.1.12 (from debian package) and OpenSSL 1.0.1f, I've been able to successfully configure EAP-TLS with a number of ECDHE (ephemeral) cipher suites.<br>
<br>
However, my attempts to utilize ECDH (non-ephemeral) cipher suites fail with and error of "SSL3_GET_CLIENT_HELLO:no shared cipher."? I've seen that same error occur both when I was attempting to employ a cipher suite not supported by FreeRADIUS (versions prior to 2.1.12 did not support any ECDHE cipher suites) and when I had a screwy configuration (e.g., attempts to use DSA cipher suites without first giving the server a DSA key).? So I'm unclear on where the problem might lie.<br>
<br>
<br>
I've confirmed that the client/supplicant I'm testing with supports the ECDH cipher suite (tcpdump and wireshark shows the Client Hello message includes the cipher), and querying debian's OpenSSL ("openssl ciphers -v aECDH") confirmed it supports the cipher<br>
<br>
The only documentation I could find on this topic was the line 'ecdh_curve = "prime256v1"' in eap.conf.??<br>
<br>
<br>
Any pointers or confirmation as to whether or not FreeRADIUS (any version) supports plain ECDH cipher suites would be greatly appreciated.<br>
<br>
Thanks<br>
Ed<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Wed, 29 Jan 2014 11:36:14 +0700<br>
From: battossai <<a href="mailto:battossai@gmail.com">battossai@gmail.com</a>><br>
To: FreeRadius users mailing list<br>
<<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
Subject: Re: Help Accounting packet forwarding<br>
Message-ID:<br>
<<a href="mailto:CAKfMn%2BRwnD_mS6w_0dRrpAumJ5mNB8sx-_XV-Z04R4fUhbNbSg@mail.gmail.com">CAKfMn+RwnD_mS6w_0dRrpAumJ5mNB8sx-_XV-Z04R4fUhbNbSg@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="iso-8859-1"<br>
<br>
Hi all,<br>
<br>
<br>
Still could not get "Class" Attribute in my accounting data.<br>
Should be defining it from "acct_users" right ? Or shoul NAS asked that<br>
"Class" Attrribute ?<br>
<br>
<br>
*rad_recv: Accounting-Request packet from host 103.247.123.158 port 40101,<br>
id=170, length=253*<br>
<br>
*Service-Type = Framed-User*<br>
<br>
*Framed-Protocol = PPP*<br>
<br>
*NAS-Port = 420725*<br>
<br>
*NAS-Port-Type = Ethernet*<br>
<br>
*User-Name = "<a href="mailto:franky@yustanto.com">franky@yustanto.com</a> <<a href="mailto:franky@yustanto.com">franky@yustanto.com</a>>"*<br>
<br>
*Calling-Station-Id = "D4:CA:6D:D8:92:78"*<br>
<br>
*Called-Station-Id = "PPPoE.Service.Vlan100"*<br>
<br>
*NAS-Port-Id = "vlan100"*<br>
<br>
*MS-CHAP-Domain = "<a href="http://yustanto.com" target="_blank">yustanto.com</a> <<a href="http://yustanto.com" target="_blank">http://yustanto.com</a>>"*<br>
<br>
*Acct-Session-Id = "81b00e94"*<br>
<br>
*Framed-IP-Address = 103.247.123.47*<br>
<br>
*Acct-Authentic = RADIUS*<br>
<br>
*Event-Timestamp = "Jan 29 2014 11:24:05 WIT"*<br>
<br>
*Acct-Session-Time = 1800*<br>
<br>
*Acct-Input-Octets = 710*<br>
<br>
*Acct-Input-Gigawords = 0*<br>
<br>
*Acct-Input-Packets = 21*<br>
<br>
*Acct-Output-Octets = 722*<br>
<br>
*Acct-Output-Gigawords = 0*<br>
<br>
*Acct-Output-Packets = 21*<br>
<br>
*Acct-Status-Type = Interim-Update*<br>
<br>
*NAS-Identifier = "DR2.SMG"*<br>
<br>
*Acct-Delay-Time = 0*<br>
<br>
*Mikrotik-Realm = "<a href="http://yustanto.com" target="_blank">yustanto.com</a> <<a href="http://yustanto.com" target="_blank">http://yustanto.com</a>>"*<br>
<br>
*NAS-IP-Address = 103.247.123.158*<br>
<br>
<br>
<br>
*+- entering group preacct {...}*<br>
<br>
Have been google it, and still can find out, please help give a clue.<br>
I'm desperate ...<br>
<br>
Thanks<br>
<br>
<br>
<br>
<br>
On Sun, Jan 26, 2014 at 8:05 PM, Alan Buxey <<a href="mailto:A.L.M.Buxey@lboro.ac.uk">A.L.M.Buxey@lboro.ac.uk</a>> wrote:<br>
<br>
> Hi<br>
><br>
> I'd suggest that you start by reading the available documentation... and<br>
> maybe buy a book. You'll know that it is working by looking at the debug<br>
> output of freeradius .. and hopefully the debug/logs/interface of your NAS.<br>
> Then if there are still issues you ask questions relevant to the issue.<br>
><br>
> Alan<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140129/9cf58b87/attachment-0001.html" target="_blank">http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140129/9cf58b87/attachment-0001.html</a>><br>
<br>
------------------------------<br>
<br>
Message: 4<br>
Date: Wed, 29 Jan 2014 10:26:27 +0530<br>
From: dilanka nayanajith <<a href="mailto:dillnayana@gmail.com">dillnayana@gmail.com</a>><br>
To: <a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br>
Subject: How to set User access for certain clients<br>
Message-ID:<br>
<CAKZeJzLm_EmbxDF_CuTo3PFSH2=SUb2=U0ZTshOYvHDyoA=<a href="mailto:Dxg@mail.gmail.com">Dxg@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="iso-8859-1"<br>
<br>
Hi every one i am facing some problems,<br>
<br>
i configured radius server<br>
i configured a client<br>
and finally i have configured a user as well<br>
<br>
how do i block or deny access for users to log certain clients<br>
<br>
as and example --<br>
<br>
User1 can log to the SWA but he should not be able to log to SWB<br>
<br>
please help me on this , i read so many articuls but cant fiend a way to do<br>
it<br>
<br>
<br>
<br>
--<br>
dilanka nayanajith<br>
Thank you<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140129/ae930c56/attachment-0001.html" target="_blank">http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140129/ae930c56/attachment-0001.html</a>><br>
<br>
------------------------------<br>
<br>
Message: 5<br>
Date: Wed, 29 Jan 2014 09:48:56 +0000<br>
From: Arran Cudbard-Bell <<a href="mailto:a.cudbardb@freeradius.org">a.cudbardb@freeradius.org</a>><br>
To: FreeRadius users mailing list<br>
<<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
Subject: Re: Help Accounting packet forwarding<br>
Message-ID: <<a href="mailto:A7E84521-82D1-44F5-A6EC-8793948F645A@freeradius.org">A7E84521-82D1-44F5-A6EC-8793948F645A@freeradius.org</a>><br>
Content-Type: text/plain; charset="iso-8859-1"<br>
<br>
<br>
On 29 Jan 2014, at 04:36, battossai <<a href="mailto:battossai@gmail.com">battossai@gmail.com</a>> wrote:<br>
<br>
> Hi all,<br>
><br>
><br>
> Still could not get "Class" Attribute in my accounting data.<br>
> Should be defining it from "acct_users" right ?<br>
<br>
<br>
No. You define it in the Access-Accept.<br>
<br>
Post-Auth {<br>
update reply {<br>
Class := 0x00112244<br>
}<br>
}<br>
<br>
Arran Cudbard-Bell <<a href="mailto:a.cudbardb@freeradius.org">a.cudbardb@freeradius.org</a>><br>
FreeRADIUS Development Team<br>
<br>
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2<br>
<br>
-------------- next part --------------<br>
A non-text attachment was scrubbed...<br>
Name: signature.asc<br>
Type: application/pgp-signature<br>
Size: 881 bytes<br>
Desc: Message signed with OpenPGP using GPGMail<br>
URL: <<a href="http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140129/a6516b84/attachment-0001.pgp" target="_blank">http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140129/a6516b84/attachment-0001.pgp</a>><br>
<br>
------------------------------<br>
<br>
Message: 6<br>
Date: Wed, 29 Jan 2014 09:50:56 +0000<br>
From: Arran Cudbard-Bell <<a href="mailto:a.cudbardb@freeradius.org">a.cudbardb@freeradius.org</a>><br>
To: FreeRadius users mailing list<br>
<<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
Subject: Re: How to set User access for certain clients<br>
Message-ID: <<a href="mailto:2D884869-8A4F-499C-9922-C28AD8D7EACD@freeradius.org">2D884869-8A4F-499C-9922-C28AD8D7EACD@freeradius.org</a>><br>
Content-Type: text/plain; charset="iso-8859-1"<br>
<br>
<br>
On 29 Jan 2014, at 04:56, dilanka nayanajith <<a href="mailto:dillnayana@gmail.com">dillnayana@gmail.com</a>> wrote:<br>
<br>
> Hi every one i am facing some problems,<br>
><br>
> i configured radius server<br>
> i configured a client<br>
> and finally i have configured a user as well<br>
><br>
> how do i block or deny access for users to log certain clients<br>
><br>
> as and example --<br>
><br>
> User1 can log to the SWA but he should not be able to log to SWB<br>
><br>
> please help me on this , i read so many articuls but cant fiend a way to do it<br>
<br>
<br>
authorize {<br>
if ((User-Name == 'User1') && ("%{client:shortname}" == 'SWA')) {<br>
update control {<br>
Auth-Type := 'Accept'<br>
}<br>
}<br>
}<br>
><br>
><br>
><br>
> --<br>
> dilanka nayanajith<br>
> Thank you<br>
> -<br>
> List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
<br>
Arran Cudbard-Bell <<a href="mailto:a.cudbardb@freeradius.org">a.cudbardb@freeradius.org</a>><br>
FreeRADIUS Development Team<br>
<br>
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2<br>
<br>
-------------- next part --------------<br>
A non-text attachment was scrubbed...<br>
Name: signature.asc<br>
Type: application/pgp-signature<br>
Size: 881 bytes<br>
Desc: Message signed with OpenPGP using GPGMail<br>
URL: <<a href="http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140129/9510f1e5/attachment.pgp" target="_blank">http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140129/9510f1e5/attachment.pgp</a>><br>
<br>
------------------------------<br>
<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
<br>
End of Freeradius-Users Digest, Vol 105, Issue 101<br>
**************************************************<br>
</blockquote></div><br><br clear="all"><br>-- <br><div dir="ltr"><div>dilanka nayanajith <br></div>Thank you <br></div>
</div>