> Hi every one i am facing some problems,
>
> i configured radius server
> i configured a client
> and finally i have configured a user as well
>
> how do i block or deny access for users to log certain clients
>
> as and example --
>
> User1 can log to the SWA but he should not be able to log to SWB
>
> please help me on this , i read so many articuls but cant fiend a way to do it


authorize {
        if ((User-Name == 'User1') && ("%{client:shortname}" == 'SWA')) {
                update control {
                        Auth-Type := 'Accept'
                }
        }
}


can you please tell me to which file that i want to include these cods



> dilanka nayanajith
> Thank you


On Wed, Jan 29, 2014 at 3:21 PM, <freeradius-users-request@lists.freeradius.org> wrote:
Send Freeradius-Users mailing list submissions to
        freeradius-users@lists.freeradius.org

To subscribe or unsubscribe via the World Wide Web, visit
        http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
        freeradius-users-request@lists.freeradius.org

You can reach the person managing the list at
        freeradius-users-owner@lists.freeradius.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."


Today's Topics:

   1. Re: cui-inner.post-auth and cui.post-auth (Alan Buxey)
   2. Does FreeRADIUS 2.1.12's ECDH support include
      ECDH-RSA-AES128-SHA? (Edward Morris)
   3. Re: Help Accounting packet forwarding (battossai)
   4. How to set User access for certain clients (dilanka nayanajith)
   5. Re: Help Accounting packet forwarding (Arran Cudbard-Bell)
   6. Re: How to set User access for certain clients
      (Arran Cudbard-Bell)


----------------------------------------------------------------------

Message: 1
Date: Tue, 28 Jan 2014 22:26:40 +0000
From: Alan Buxey <A.L.M.Buxey@lboro.ac.uk>
To: FreeRadius users mailing list
        <freeradius-users@lists.freeradius.org>,        stefan.paetow@diamond.ac.uk
Subject: Re: cui-inner.post-auth and cui.post-auth
Message-ID: <4279f9f1-e87d-4fe1-ad4a-1425371e10bd@email.android.com>
Content-Type: text/plain; charset="utf-8"

I'm sure I submitted a patch for this. .. Maybe it only went into 2.x?

alan
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140128/4a7acf23/attachment-0001.html>

------------------------------

Message: 2
Date: Tue, 28 Jan 2014 20:23:38 -0800 (PST)
From: Edward Morris <emorris25@yahoo.com>
To: "freeradius-users@lists.freeradius.org"
        <freeradius-users@lists.freeradius.org>
Subject: Does FreeRADIUS 2.1.12's ECDH support include
        ECDH-RSA-AES128-SHA?
Message-ID:
        <1390969418.47367.YahooMailNeo@web140404.mail.bf1.yahoo.com>
Content-Type: text/plain; charset=iso-8859-1

Using FreeRADIUS 2.1.12 (from debian package) and OpenSSL 1.0.1f, I've been able to successfully configure EAP-TLS with a number of ECDHE (ephemeral) cipher suites.

However, my attempts to utilize ECDH (non-ephemeral) cipher suites fail with and error of "SSL3_GET_CLIENT_HELLO:no shared cipher."? I've seen that same error occur both when I was attempting to employ a cipher suite not supported by FreeRADIUS (versions prior to 2.1.12 did not support any ECDHE cipher suites) and when I had a screwy configuration (e.g., attempts to use DSA cipher suites without first giving the server a DSA key).? So I'm unclear on where the problem might lie.


I've confirmed that the client/supplicant I'm testing with supports the ECDH cipher suite (tcpdump and wireshark shows the Client Hello message includes the cipher), and querying debian's OpenSSL ("openssl ciphers -v aECDH") confirmed it supports the cipher

The only documentation I could find on this topic was the line 'ecdh_curve = "prime256v1"' in eap.conf.??


Any pointers or confirmation as to whether or not FreeRADIUS (any version) supports plain ECDH cipher suites would be greatly appreciated.

Thanks
Ed



------------------------------

Message: 3
Date: Wed, 29 Jan 2014 11:36:14 +0700
From: battossai <battossai@gmail.com>
To: FreeRadius users mailing list
        <freeradius-users@lists.freeradius.org>
Subject: Re: Help Accounting packet forwarding
Message-ID:
        <CAKfMn+RwnD_mS6w_0dRrpAumJ5mNB8sx-_XV-Z04R4fUhbNbSg@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Hi all,


Still could not get "Class" Attribute in my accounting data.
Should be defining it from "acct_users" right ? Or shoul NAS asked that
"Class" Attrribute ?


*rad_recv: Accounting-Request packet from host 103.247.123.158 port 40101,
id=170, length=253*

*Service-Type = Framed-User*

*Framed-Protocol = PPP*

*NAS-Port = 420725*

*NAS-Port-Type = Ethernet*

*User-Name = "franky@yustanto.com <franky@yustanto.com>"*

*Calling-Station-Id = "D4:CA:6D:D8:92:78"*

*Called-Station-Id = "PPPoE.Service.Vlan100"*

*NAS-Port-Id = "vlan100"*

*MS-CHAP-Domain = "yustanto.com <http://yustanto.com>"*

*Acct-Session-Id = "81b00e94"*

*Framed-IP-Address = 103.247.123.47*

*Acct-Authentic = RADIUS*

*Event-Timestamp = "Jan 29 2014 11:24:05 WIT"*

*Acct-Session-Time = 1800*

*Acct-Input-Octets = 710*

*Acct-Input-Gigawords = 0*

*Acct-Input-Packets = 21*

*Acct-Output-Octets = 722*

*Acct-Output-Gigawords = 0*

*Acct-Output-Packets = 21*

*Acct-Status-Type = Interim-Update*

*NAS-Identifier = "DR2.SMG"*

*Acct-Delay-Time = 0*

*Mikrotik-Realm = "yustanto.com <http://yustanto.com>"*

*NAS-IP-Address = 103.247.123.158*



*+- entering group preacct {...}*

Have been google it, and still can find out, please help give a clue.
I'm desperate ...

Thanks




On Sun, Jan 26, 2014 at 8:05 PM, Alan Buxey <A.L.M.Buxey@lboro.ac.uk> wrote:

> Hi
>
> I'd suggest that you start by reading the available documentation... and
> maybe buy a book. You'll know that it is working by looking at the debug
> output of freeradius .. and hopefully the debug/logs/interface of your NAS.
> Then if there are still issues you ask questions relevant to the issue.
>
> Alan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140129/9cf58b87/attachment-0001.html>

------------------------------

Message: 4
Date: Wed, 29 Jan 2014 10:26:27 +0530
From: dilanka nayanajith <dillnayana@gmail.com>
To: freeradius-users@lists.freeradius.org
Subject: How to set User access for certain clients
Message-ID:
        <CAKZeJzLm_EmbxDF_CuTo3PFSH2=SUb2=U0ZTshOYvHDyoA=Dxg@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Hi every one i am facing some problems,

i configured radius server
i configured a client
and finally i have configured a user as well

how do i block or deny access for users to log certain clients

as and example --

User1 can log to the SWA but he should not be able to log to SWB

please help me on this , i read so many articuls but cant fiend a way to do
it



--
dilanka nayanajith
Thank you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140129/ae930c56/attachment-0001.html>

------------------------------

Message: 5
Date: Wed, 29 Jan 2014 09:48:56 +0000
From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
To: FreeRadius users mailing list
        <freeradius-users@lists.freeradius.org>
Subject: Re: Help Accounting packet forwarding
Message-ID: <A7E84521-82D1-44F5-A6EC-8793948F645A@freeradius.org>
Content-Type: text/plain; charset="iso-8859-1"


On 29 Jan 2014, at 04:36, battossai <battossai@gmail.com> wrote:

> Hi all,
>
>
> Still could not get "Class" Attribute in my accounting data.
> Should be defining it from "acct_users" right ?


No. You define it in the Access-Accept.

Post-Auth {
        update reply {
                Class := 0x00112244
        }
}

Arran Cudbard-Bell <a.cudbardb@freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140129/a6516b84/attachment-0001.pgp>

------------------------------

Message: 6
Date: Wed, 29 Jan 2014 09:50:56 +0000
From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
To: FreeRadius users mailing list
        <freeradius-users@lists.freeradius.org>
Subject: Re: How to set User access for certain clients
Message-ID: <2D884869-8A4F-499C-9922-C28AD8D7EACD@freeradius.org>
Content-Type: text/plain; charset="iso-8859-1"


On 29 Jan 2014, at 04:56, dilanka nayanajith <dillnayana@gmail.com> wrote:

> Hi every one i am facing some problems,
>
> i configured radius server
> i configured a client
> and finally i have configured a user as well
>
> how do i block or deny access for users to log certain clients
>
> as and example --
>
> User1 can log to the SWA but he should not be able to log to SWB
>
> please help me on this , i read so many articuls but cant fiend a way to do it


authorize {
        if ((User-Name == 'User1') && ("%{client:shortname}" == 'SWA')) {
                update control {
                        Auth-Type := 'Accept'
                }
        }
}
>
>
>
> --
> dilanka nayanajith
> Thank you
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Arran Cudbard-Bell <a.cudbardb@freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140129/9510f1e5/attachment.pgp>

------------------------------

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

End of Freeradius-Users Digest, Vol 105, Issue 101
**************************************************



--
dilanka nayanajith
Thank you