key from freeRadius to NAS
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Tue May 29 09:42:06 CEST 2007
ashola ashola wrote:
> Hi,
>
> How can we transmit a key from FreeRadius to the NAS (Access Point) ?
>
>
> Ashola
>
> Get the Yahoo! toolbar and be alerted to new email
> <http://us.rd.yahoo.com/evt=48225/*http://new.toolbar.yahoo.com/toolbar/features/mail/index.php>wherever
> you're surfing.
>
>
> ------------------------------------------------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
By the magic of ssh / snmp / web interface.
i.e you can't.
Store all your nases in an SQL database and load them into FreeRADIUS
using Rlm_SQL.
You can populate the secrets using this SQL query (if using MySQL)
UPDATE `nas` SET nas.secret =
substr(md5(concat(RAND(),nas.nasname)),1,31) WHERE master.secret = ""
See here for default schema
http://wiki.freeradius.org/MySQL_DDL_script
Then write a script to pull the secret out of SQL and write it to the
NAS using SNMP.
||
Write a script to open ssh shell sessions to your APs and write the
secret to them using ssh.
||
I've got some very basic PHP classes which I wrote and use , though
you'll need the ssh2 extension compiled in. And you'll have to modify
some of the SQL queries.
||
If anyone has any scripts in other languages they would like to donate...
||
If you really have nothing better to do you can do them all by hand :)
We have ~ 500 switches and my scripts seem to do them fine, though they
don't work with ssh v1 only v2 , so I have to do the hundred or so
HP2524s by hand *ick*.
Damn you HP for not supporting SNMP setting of shared secrets :(
--
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900
More information about the Freeradius-Devel
mailing list