Hi there, my name is Philipp Trenz, I'm student at the University of Applied Science Harz and work there at the datacenter. I'm charged with updating the EDUROAM wifi auth infrastructure and searching for experiences with the RadSec implementation in FreeRadius3 in cooperation with the radius-servers of the German DFN or in general. I heared of different voices. At https://wiki.geant.org/display/H2eduroam/freeradius3-flr it says FR3 can replace third party software like RadSecProxy, but I also heared that the implementation does not work that fine. At the moment it's going to be FreeRADIUS 3.0.4 on a RHEL7.2, but also could go up to the latest stable release, if this would fix issues. I'd be very glad to hear some of your experiences! Best regards, Philipp Trenz
Hi, --On 15. August 2016 um 11:22:37 +0200 Philipp Trenz <mail@philipptrenz.de> wrote:
my name is Philipp Trenz, I'm student at the University of Applied Science Harz and work there at the datacenter. I'm charged with updating the EDUROAM wifi auth infrastructure and searching for experiences with the RadSec implementation in FreeRadius3 in cooperation with the radius-servers of the German DFN or in general. I heared of different voices. At https://wiki.geant.org/display/H2eduroam/freeradius3-flr it says FR3 can replace third party software like RadSecProxy, but I also heared that the implementation does not work that fine.
At the moment it's going to be FreeRADIUS 3.0.4 on a RHEL7.2, but also could go up to the latest stable release, if this would fix issues.
I'd be very glad to hear some of your experiences!
we were told by DFN that we must use RadSecProxy, and it works just fine. -- .:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:. .:.Regionales Rechenzentrum (RRZK).:. .:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.
On 15 Aug 2016, at 11:28, Sebastian Hagedorn <Hagedorn@uni-koeln.de> wrote:
Hi,
--On 15. August 2016 um 11:22:37 +0200 Philipp Trenz <mail@philipptrenz.de> wrote:
my name is Philipp Trenz, I'm student at the University of Applied Science Harz and work there at the datacenter. I'm charged with updating the EDUROAM wifi auth infrastructure and searching for experiences with the RadSec implementation in FreeRadius3 in cooperation with the radius-servers of the German DFN or in general. I heared of different voices. At https://wiki.geant.org/display/H2eduroam/freeradius3-flr it says FR3 can replace third party software like RadSecProxy, but I also heared that the implementation does not work that fine.
At the moment it's going to be FreeRADIUS 3.0.4 on a RHEL7.2, but also could go up to the latest stable release, if this would fix issues.
I'd be very glad to hear some of your experiences!
we were told by DFN that we must use RadSecProxy, and it works just fine.
If there are issues we haven’t be made aware of them. It would be useful if any users have run into issues with RADSEC on recent versions of FreeRADIUS, to file bug reports… -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
Hi Arran, thanks for the quick reply. I see my task as a piece of research and I'll try to test the RadSec implementation even if it should be common sense in Germany to use the RadSecProxy, if my supervisor provides me with this. If I'll encounter any bugs I'll report them. Greetings! Am 2016-08-15 11:38, schrieb Arran Cudbard-Bell:
On 15 Aug 2016, at 11:28, Sebastian Hagedorn <Hagedorn@uni-koeln.de> wrote:
Hi,
--On 15. August 2016 um 11:22:37 +0200 Philipp Trenz <mail@philipptrenz.de> wrote:
my name is Philipp Trenz, I'm student at the University of Applied Science Harz and work there at the datacenter. I'm charged with updating the EDUROAM wifi auth infrastructure and searching for experiences with the RadSec implementation in FreeRadius3 in cooperation with the radius-servers of the German DFN or in general. I heared of different voices. At https://wiki.geant.org/display/H2eduroam/freeradius3-flr it says FR3 can replace third party software like RadSecProxy, but I also heared that the implementation does not work that fine.
At the moment it's going to be FreeRADIUS 3.0.4 on a RHEL7.2, but also could go up to the latest stable release, if this would fix issues.
I'd be very glad to hear some of your experiences! we were told by DFN that we must use RadSecProxy, and it works just fine.
If there are issues we haven't be made aware of them. It would be useful if any users have run into issues with RADSEC on recent versions of FreeRADIUS, to file bug reports... -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
can anyone tell how to authenticate user by vlan as wo authenticate by password and username.. i want that if username password or vlan is sane then allow user else deny user i am thousands of users and many vlans need help thanku Sent from my Samsung Galaxy smartphone. -------- Original message -------- From: Philipp Trenz <mail@philipptrenz.de> Date: 15/08/2016 3:11 pm (GMT+05:00) To: Arran Cudbard-Bell <a.cudbardb@freeradius.org> Cc: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Subject: Re: FR3 RadSec for Eduroam (esp. Germany & DFN servers) Hi Arran, thanks for the quick reply. I see my task as a piece of research and I'll try to test the RadSec implementation even if it should be common sense in Germany to use the RadSecProxy, if my supervisor provides me with this. If I'll encounter any bugs I'll report them. Greetings! Am 2016-08-15 11:38, schrieb Arran Cudbard-Bell:
On 15 Aug 2016, at 11:28, Sebastian Hagedorn <Hagedorn@uni-koeln.de> wrote:
Hi,
--On 15. August 2016 um 11:22:37 +0200 Philipp Trenz <mail@philipptrenz.de> wrote:
my name is Philipp Trenz, I'm student at the University of Applied Science Harz and work there at the datacenter. I'm charged with updating the EDUROAM wifi auth infrastructure and searching for experiences with the RadSec implementation in FreeRadius3 in cooperation with the radius-servers of the German DFN or in general. I heared of different voices. At https://wiki.geant.org/display/H2eduroam/freeradius3-flr it says FR3 can replace third party software like RadSecProxy, but I also heared that the implementation does not work that fine.
At the moment it's going to be FreeRADIUS 3.0.4 on a RHEL7.2, but also could go up to the latest stable release, if this would fix issues.
I'd be very glad to hear some of your experiences! we were told by DFN that we must use RadSecProxy, and it works just fine.
If there are issues we haven't be made aware of them. It would be useful if any users have run into issues with RADSEC on recent versions of FreeRADIUS, to file bug reports... -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
can anyone tell how to authenticate user by vlan as wo authenticate by password and username.. i want that if username password or vlan is sane then allow user else deny user i am thousands of users and many vlans need help
?? define your problem better. what do you mean 'if vlan is sane' ? in some other servers access reply? your question sounds like policy. its up to you to check RADIUS attributes and then decide, based on those attributes, what to do - authentication - accept or reject - and replies to the NAS (set a user to be on a particular VLAN, with particular bandwidth or time/data allowance etc) alan
thanks for your reply sir . and exactly you are rite i should give user a vlan but how can i guve him vlan help please Sent from my Samsung Galaxy smartphone. -------- Original message -------- From: A.L.M.Buxey@lboro.ac.uk Date: 15/08/2016 3:57 pm (GMT+05:00) To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Subject: Re: FR3 RadSec for Eduroam (esp. Germany & DFN servers) Hi,
can anyone tell how to authenticate user by vlan as wo authenticate by password and username.. i want that if username password or vlan is sane then allow user else deny user i am thousands of users and many vlans need help
?? define your problem better. what do you mean 'if vlan is sane' ? in some other servers access reply? your question sounds like policy. its up to you to check RADIUS attributes and then decide, based on those attributes, what to do - authentication - accept or reject - and replies to the NAS (set a user to be on a particular VLAN, with particular bandwidth or time/data allowance etc) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
thanks for your reply sir . and exactly you are rite i should give user a vlan but how can i guve him vlan help please
first, dont hikack another thread, create your own so its readable and skippable by others second, read the docs that come with your NAS - they'll tell you the attributes required, then read the RADIUS docs and they'll tell you how to do it (be that dumb/simple users file entry, scaling through to dynamic values pulled from SQL/LDAP....) alan
sir there is alot of files and i really dont know any thing about radius so i got confuse would you please give me step by step tutorial with coding i will be very thankfull to you .. ________________________________ From: Freeradius-Users <freeradius-users-bounces+zubairayub=hotmail.com@lists.freeradius.org> on behalf of A.L.M.Buxey@lboro.ac.uk <A.L.M.Buxey@lboro.ac.uk> Sent: Monday, August 15, 2016 11:58:31 AM To: FreeRadius users mailing list Subject: Re: FR3 RadSec for Eduroam (esp. Germany & DFN servers) Hi,
thanks for your reply sir . and exactly you are rite i should give user a vlan but how can i guve him vlan help please
first, dont hikack another thread, create your own so its readable and skippable by others second, read the docs that come with your NAS - they'll tell you the attributes required, then read the RADIUS docs and they'll tell you how to do it (be that dumb/simple users file entry, scaling through to dynamic values pulled from SQL/LDAP....) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
sir there is alot of files and i really dont know any thing about radius so i got confuse would you please give me step by step tutorial with coding i will be very thankfull to you ..
wiki.freeradius.org https://www.amazon.co.uk/FreeRADIUS-Beginners-Guide-Dirk-Walt/dp/1849514089 http://deployingradius.com/ we all have paid day jobs. the how you do it has been provided, the resources to read have been provided. anymore...and , well, I'm doing your job for you(!) alan
sorry sir for hijacking but i have write my own message too. can you please share your knowledge that how to do this by mysql and ldap.. i want to do same work as username and password user can connect only by its provided vlan not by any other vlan .. what is the best method for this? ________________________________ From: Freeradius-Users <freeradius-users-bounces+zubairayub=hotmail.com@lists.freeradius.org> on behalf of A.L.M.Buxey@lboro.ac.uk <A.L.M.Buxey@lboro.ac.uk> Sent: Monday, August 15, 2016 12:12:02 PM To: FreeRadius users mailing list Subject: Re: FR3 RadSec for Eduroam (esp. Germany & DFN servers) Hi,
sir there is alot of files and i really dont know any thing about radius so i got confuse would you please give me step by step tutorial with coding i will be very thankfull to you ..
wiki.freeradius.org https://www.amazon.co.uk/FreeRADIUS-Beginners-Guide-Dirk-Walt/dp/1849514089 http://deployingradius.com/ we all have paid day jobs. the how you do it has been provided, the resources to read have been provided. anymore...and , well, I'm doing your job for you(!) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sorry sir because of my English my question is that normally user connect with its username and password when those attribute are correct user get connected else auth deny.. now i want to do that when user try to connect with good username , pass and vlan user get coonect else if suer come from another vlan deny him.. you have get my question sir couuld you please tell me how to perform this action.. thanku ________________________________ From: Freeradius-Users <freeradius-users-bounces+zubairayub=hotmail.com@lists.freeradius.org> on behalf of Zubair Ayub <Zubairayub@hotmail.com> Sent: Monday, August 15, 2016 11:50:20 AM To: FreeRadius users mailing list Subject: Re: FR3 RadSec for Eduroam (esp. Germany & DFN servers) thanks for your reply sir . and exactly you are rite i should give user a vlan but how can i guve him vlan help please Sent from my Samsung Galaxy smartphone. -------- Original message -------- From: A.L.M.Buxey@lboro.ac.uk Date: 15/08/2016 3:57 pm (GMT+05:00) To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Subject: Re: FR3 RadSec for Eduroam (esp. Germany & DFN servers) Hi,
can anyone tell how to authenticate user by vlan as wo authenticate by password and username.. i want that if username password or vlan is sane then allow user else deny user i am thousands of users and many vlans need help
?? define your problem better. what do you mean 'if vlan is sane' ? in some other servers access reply? your question sounds like policy. its up to you to check RADIUS attributes and then decide, based on those attributes, what to do - authentication - accept or reject - and replies to the NAS (set a user to be on a particular VLAN, with particular bandwidth or time/data allowance etc) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
sorry sir because of my English
the English isnt a problem....write a new message to the list, dont hijack someone elses thread and question.
my question is that normally user connect with its username and password when those attribute are correct user get connected else auth deny..
now i want to do that when user try to connect with good username , pass and vlan user get coonect else if suer come from another vlan deny him..
if thats the policy you want, then just check. how you check will depend on what information is provided by the NAS( switch/AP/router etc) - if you know that, you can write a policy. if its a basic thing then users file will do...else do it via an SQL or LDAP check against the known list of user/vlan allowed. alan
Hi,
I heared of different voices. At https://wiki.geant.org/display/H2eduroam/freeradius3-flr it says FR3 can replace third party software like RadSecProxy, but I also heared that the implementation does not work that fine.
documentation is always historical.... that was probably based on early implementations.....
At the moment it's going to be FreeRADIUS 3.0.4 on a RHEL7.2, but also could go up to the latest stable release, if this would fix issues.
3.0.4 is old and creaky, containing many random bugs. I would recommend that you use the recent 3.1.x - thus getting yourself ready for the 3.2.x stable release and having all latest features but not bleeding edge 4.x stuff. if you must have 3.0.x then use 3.0.11 (or 3.0.12 when that slips out) - but be aware that it'll be legacy release when 3.2 arrives. what RADSEC features do you want? if you chat with your NRO in DFN they'll give you their advice....as there are other things they may expect or wnat you to do.... alan
participants (5)
-
A.L.M.Buxey@lboro.ac.uk -
Arran Cudbard-Bell -
Philipp Trenz -
Sebastian Hagedorn -
Zubair Ayub