FreeRadius and Circuit-ID
Dear, All We are playing around with a scenario for subscriber attachment based on circuit-id and remote-id and ignoring PAP/CHAP. Idea is that you do not need to authenticate a user, just grant him access based on the fixed port in the access node. We struggle in the right configuration, so we are wondering if someone play with that and if someone can help us? Thanks in advance, <http://www.roamingnetworks.com/> <https://www.facebook.com/roamingnetworks/> <https://www.linkedin.com/company/roaming-networks/> <https://www.instagram.com/roaming_networks/> Filip Nikolić LEAD ENGINEER FOR TRANSPORT NETWORK DEVELOPMENT NOC Back Office <tel:+381648907383> +381648907383 <mailto:filip.m.nikolic@roamingnetworks.rs> filip.m.nikolic@roamingnetworks.rs <https://goo.gl/maps/g9UJK4ZZtfKtWzct8> OBLAKOVSKA 51, 11000 BELGRADE, SERBIA <http://www.roamingnetworks.com/> www.roamingnetworks.com Odricanje od odgovornosti: Ova elektronska poruka i njeni prilozi namenjeni su osobama na koje je adresirana i može biti poverljive prirode. Ako ova elektronska poruka nije upućena Vama, molimo Vas da nas odmah o tome obavestite a predmetnu elektronsku poruku i sve njene eventualne priloge izbrišete sa svog računara. Ovu elektronsku poruku nemojte kopirati niti njen sadržaj otkrivati trećim licima. Kršenje pravila o poverljivosti informacija zakonski je kažnjivo. Disclaimer: This email and any attachments to it are intended solely for the use of the individual to whom it is addressed and its content may be confidential. If you are not the intended recipient of this email, please contact us immediately. You must neither take any action based upon its contents, nor copy or show it to anyone. Any violation of confidentiality is punishable by law.
On Nov 10, 2022, at 4:28 PM, <filip.m.nikolic@roamingnetworks.rs> <filip.m.nikolic@roamingnetworks.rs> wrote:
We are playing around with a scenario for subscriber attachment based on circuit-id and remote-id and ignoring PAP/CHAP.
That's fine.
Idea is that you do not need to authenticate a user, just grant him access based on the fixed port in the access node.
We struggle in the right configuration, so we are wondering if someone play with that and if someone can help us?
Read the debug log to see what attributes are in the packet, and what their values are. Then, in a virtual server do: authorize { ... if (... attribute matches value ..) { update control { Auth-Type := Accept } } ... } If you want a more detailed answer, you will need to ask a more detailed question. Alan DeKok.
Hi, Alen Thanks for initial answer I will check. And I will try to provide more information here so you can help me. I am testing possibilities of BNG. On access side of BNG I am trying to setup PPPoE client. Client has next attributes: Username, password, Circuit ID and Remote ID. Authentication goes through Radius server. In my setup I have to version of radius. One with Daloradius (Sql-web base Radius) and regular freeradius. I want to establish PPPoE session and to try authentication according to the Circuit ID attribute filed not according to the username and password. User and pass should stand in a flow, but main authentication should be performed according to the Circuit ID. Example: I have user: test1 and password: test1 Circuit ID is: gige 6/27/0:100.1 Remote ID is: BNG These two attributes I received on Radius: (0) ADSL-Agent-Circuit-Id = 0x6769676520362f32372f303a3130302e31 (0) ADSL-Agent-Remote-Id = 0x424e47 In order to establish authentication according to the ADSL-Agent-Circuit-Id Attribute how should I setup: 1. Regluar freeradius setup without mysql base? Is the config from below appropriate? 2. Freeradius setup with Daloradius on top? Thanks in advance, if some more information is needed I will try to provide 😊 BR, Filip -----Original Message----- From: Freeradius-Users <freeradius-users-bounces+filip.m.nikolic=roamingnetworks.rs@lists.freeradius.org <mailto:freeradius-users-bounces+filip.m.nikolic=roamingnetworks.rs@lists.freeradius.org> > On Behalf Of Alan DeKok Sent: Thursday, November 10, 2022 5:47 PM To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org> > Subject: Re: FreeRadius and Circuit-ID On Nov 10, 2022, at 4:28 PM, <filip.m.nikolic@roamingnetworks.rs <mailto:filip.m.nikolic@roamingnetworks.rs> > <filip.m.nikolic@roamingnetworks.rs <mailto:filip.m.nikolic@roamingnetworks.rs> > wrote:
We are playing around with a scenario for subscriber attachment based
on circuit-id and remote-id and ignoring PAP/CHAP.
That's fine.
Idea is that you do not need to authenticate a user, just grant him
access based on the fixed port in the access node.
We struggle in the right configuration, so we are wondering if someone
play with that and if someone can help us?
Read the debug log to see what attributes are in the packet, and what their values are. Then, in a virtual server do: authorize { ... if (... attribute matches value ..) { update control { Auth-Type := Accept } } ... } If you want a more detailed answer, you will need to ask a more detailed question. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Nov 14, 2022, at 4:19 AM, filip.m.nikolic@roamingnetworks.rs wrote:
In order to establish authentication according to the ADSL-Agent-Circuit-Id Attribute how should I setup:
1. Regluar freeradius setup without mysql base?
The server has tons of documentation on how to set it up. See the wiki, and the comments in the configuration files. I'm not going to cut & paste documentation here. You need to go read it yourself.
Is the config from below appropriate?
So... you asked a question && got an answer. Instead of trying to understand the answer, you just question whether the answer is correct. It's up to you to decide if the answer is correct. I would suggest reading the documentation and understanding it.
2. Freeradius setup with Daloradius on top?
See the daloradius documentation for how to use daloradius. Alan DeKok.
participants (2)
-
Alan DeKok -
filip.m.nikolic@roamingnetworks.rs