<div dir="ltr"><div><span id="result_box" class="" lang="en"><span class="">Hello,</span> <br><span class="">I</span> <span class="">can</span> <span class="">write to you</span> <span class="">because I found</span> <span class="">a wealth of</span> <span class="">important information about</span> <span class="">the list</span> <br>
<span class="">We use</span> <span class="">2</span> <span class="">freeradius</span> <span class="">servers</span> <span class="">for 2 different</span> <span class="">things</span> <br><span class="">-</span><span class="">control access to</span> <span class="">our switches</span> <br>
<span class="">and</span> <br><span class="">-</span><span class="">secure</span> <span class="">wifi</span> <br><br><span class="">Our</span> <span class="">access</span> <span class="">control</span> <span class="">switches</span><span>, we have a</span> <span class="">fleet of</span> <span class="">4000</span> <span class="">switches</span> <span class="">allocate</span> <span class="">a</span> <span class="">hundred</span> <span class="">entity</span><span>,</span> <span class="">each entity</span><span class="">'s</span> <span class="">IT department</span> <span class="">(DEP)</span> <span class="">headed by a</span> <span class="">central service</span><span class="">, we (</span><span>central</span><span>)</span> <span class="">wish to have</span> <span class="">access to all</span> <span class="">switches and</span> <span class="">limit access</span> <span class="">computer</span> <span class="">services solely to their</span> <span class="">switches.</span> <br>
<br><span class="">"users"</span> <span class="">are in</span> <span class="">ldap</span> <span class="">and assigned to</span> <span class="">groups</span> <span class="">unix</span> <span class="">DEP25</span><span>,</span> <span class="">DEP29</span><span>,</span> <span class="">DEP57</span> <span class="">...</span> <span class="">the</span> <span class="">central unit</span> <span class="">is</span> <span class="">in</span> <span class="">all</span> <span class="">groups</span><span>.</span> <br>
<br><span class="">in Users</span> :<span class=""></span> <span class="">we compare the</span> <span class="">shortname</span> <span class="">of the</span> <span class="">client file</span> <span class="">to</span> <span class="">unix</span> <span class="">group<br>
<br></span></span>DEFAULT Group == "%{Client-Shortname}", Huntgroup-Name == "3com", Login-IP-Host != "127.0.0.1"<br> Login-Service = 50,<br> Service-Type = 7,<br>
huawei-exec-privilege = 3,<br>
3Com-User-Access-Level = 3,<br> Reply-Message = "Bonjour, %{User-name}" <br><br><br></div>in client.conf<br><br>client <a href="http://192.168.25.0/22" target="_blank">192.168.25.0/22</a> {<br>
secret = XXXXXXXXXX<br> description = reseau-25-Besancon<br> shortname = DEP25<br>}<br><br>client <a href="http://192.168.29.0/22" target="_blank">192.168.29.0/22</a> {<br> secret = XXXXXXXXXX<br>
description = reseau-29-Brest<br> shortname =DEP29<br>}<br><br>client <a href="http://192.168.57.0/22" target="_blank">192.168.57.0/22</a> {<br> secret = XXXXXXXXXX<br> description = reseau-57-Metz<br>
shortname =DEP57<br>}<br><br> <div class="" id="spelling-correction" style><br><a></a></div> <div id="gt-res-content" class=""><div dir="ltr" style="zoom:1"><span id="result_box" class="" lang="en"><span class="">For</span> <span class="">DEP</span> <span class="">commissioned the first</span> <span class="">connection</span> <span class="">goes well<br>
<br></span></span><br><span id="result_box" class="" lang="en"><span class="">Thu Jan 30 23:48:28 2014 : Info: ++[eap] returns noop<br>
Thu Jan 30 23:48:28 2014 : Info: ++[unix] returns updated<br>Thu Jan 30 23:48:28 2014 : Info: [files] expand: %{Client-Shortname} -> DEP25<br>Thu Jan 30 23:48:28 2014 : Info: [files] users: Matched entry DEFAULT at line 208<br>
Thu Jan 30 23:48:28 2014 : Info: ++[files] returns ok<br><br></span></span><br><span id="result_box" class="" lang="en"><span class="">for the following</span> <span class="">connections<br><br></span></span><span id="result_box" class="" lang="en"><span class="">Thu Jan 30 23:48:28 2014 : Info: ++[eap] returns noop<br>
Thu Jan 30 23:48:28 2014 : Info: ++[unix] returns updated<br>
Thu Jan 30 23:48:28 2014 : Info: [files] users: Matched entry DEFAULT at line 208<br>Thu Jan 30 23:48:28 2014 : Info: ++[files] returns ok<br></span></span></div></div><br><div><br><span id="result_box" class="" lang="en"><span class="">so the</span> <span class="">comparison is not</span> <span class="">recalculated and</span> <span class="">if a</span> <span class="">user</span> <span class="">wants to</span> <span class="">authenticate to</span> <span class="">DEP25</span> <span class="">switches</span> <span class="">DEP57</span> <span class="">it is allowed</span> <span class="">then</span> <span class="">it should not</span> <br>
<br><span class="">I</span> <span class="">miss</span> <span class="">something for</span> <span class="">the</span> <span class="">dynamic</span> <span class="">substitution</span> <span class="">takes place at</span> <span class="">each</span> <span class="">connection or I</span> <span class="">can not be</span> <span class="">the problem</span> <span class="">taken</span> <span class="">in the right direction</span> <span class="">have</span><span>?</span> <br>
<br><span class="">More</span> <span class="">I try to</span> <span class="">configure a</span> <span class="">secure</span> <span class="">WPA /</span> <span class="">TTLS</span> <span class="">working</span> <span class="">with</span> <span class="">all</span> <span class="">key</span> <span class="">calculated</span> <span class="">installing</span> <span class="">Freeradius</span><span>.</span> <span class="">by</span> <span class="">cons</span> <span class="">with mine</span> <span class="">I have a</span> <span class="">CA_unknown</span> <span class="">error</span> <br>
<span class="">do you have a</span> <span class="">clue?</span> <br><br><span class="">Thanking you</span> <span class="">in advance for any</span> <span class="">information you provide</span> <span class="">me</span> <br>
<span class="">sincerely</span></span><br></div></div>