key from freeRadius to NAS
ashola ashola
ashola2007 at yahoo.com
Tue May 29 11:09:16 CEST 2007
I am not speaking about secret key between Radius and NAS. I am speaking about key material derived at the end of EAP Method. how to send it to the NAS ?
Anyway, Thanks for the answer.
Ashola
Arran Cudbard-Bell <A.Cudbard-Bell at sussex.ac.uk> wrote: ashola ashola wrote:
> Hi,
>
> How can we transmit a key from FreeRadius to the NAS (Access Point) ?
>
>
> Ashola
>
> Get the Yahoo! toolbar and be alerted to new email
> wherever
> you're surfing.
>
>
> ------------------------------------------------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
By the magic of ssh / snmp / web interface.
i.e you can't.
Store all your nases in an SQL database and load them into FreeRADIUS
using Rlm_SQL.
You can populate the secrets using this SQL query (if using MySQL)
UPDATE `nas` SET nas.secret =
substr(md5(concat(RAND(),nas.nasname)),1,31) WHERE master.secret = ""
See here for default schema
http://wiki.freeradius.org/MySQL_DDL_script
Then write a script to pull the secret out of SQL and write it to the
NAS using SNMP.
||
Write a script to open ssh shell sessions to your APs and write the
secret to them using ssh.
||
I've got some very basic PHP classes which I wrote and use , though
you'll need the ssh2 extension compiled in. And you'll have to modify
some of the SQL queries.
||
If anyone has any scripts in other languages they would like to donate...
||
If you really have nothing better to do you can do them all by hand :)
We have ~ 500 switches and my scripts seem to do them fine, though they
don't work with ssh v1 only v2 , so I have to do the hundred or so
HP2524s by hand *ick*.
Damn you HP for not supporting SNMP setting of shared secrets :(
--
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
---------------------------------
Building a website is a piece of cake.
Yahoo! Small Business gives you all the tools to get online.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20070529/29b7d327/attachment.html>
More information about the Freeradius-Devel
mailing list