juniper authentication with freeradius
ashish verma
ashish.scit at gmail.com
Fri Aug 17 07:06:35 CEST 2007
hi,
it is working now.thanks for your help
i was missing the following entry
user<http://www.juniper.net/techpubs/software/junos/junos84/swconfig84-system-basics/id-11121928.html#id-11121928>remote
{full-name
"All remote users";uid *uid-value*;class *class-name*;thanks again.
On 8/16/07, freeradius-users-request at lists.freeradius.org
<freeradius-users-request at lists.freeradius.org>
wrote:
>
> Send Freeradius-Users mailing list submissions to
> freeradius-users at lists.freeradius.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.freeradius.org/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
> freeradius-users-request at lists.freeradius.org
>
> You can reach the person managing the list at
> freeradius-users-owner at lists.freeradius.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
>
> 1. juniper authentication with freeradius (ashish verma)
> 2. Re: juniper authentication with freeradius (Bj?rn Mork)
> 3. Re: Big Problem with peap-mschapv2+freeradius 1.1.7 (Alan DeKok)
> 4. freeradius stops immediately (Ruben.Savia at alcatel-lucent.com.ar)
> 5. Re: freeradius stops immediately (Alan DeKok)
> 6. Enterasys Mac-auth Dynamic-VLAN (Fabrizio Stoppani)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 16 Aug 2007 16:00:07 +0530
> From: "ashish verma" < ashish.scit at gmail.com>
> Subject: juniper authentication with freeradius
> To: freeradius-users at lists.freeradius.org
> Message-ID:
> <11b554120708160330o1e78ad48o112b4cd2d11b6dc8 at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> hi,
>
> oh.. i didnt have dictionary.juniper file under /etc/freeradius.
> so i added those lines in "dictionary" file under /etc/freeradius.
> and this is my juniper side configuration.
>
> authentication-order [ radius password ];
> radius-server {
> 192.168.1.49 {
> port 1812;
> accounting-port 1813;
> secret "$9$mTnCOBEyrvO1SeKM-d"; ## SECRET-DATA
> }
> }
>
> i tried doing it without specifying the ports as well..but didnt work.
>
> under "users" file i have this
>
> edward Auth-type := Local, User-Password = "edward"
> Juniper-Local-User-Name = "fritz12"
>
> clients.conf contains
>
> client 192.168.1.10/24 {
> secret = secret
> shortname = junoscope.server.name
> type = Juniper:nas
> }
>
>
> On 8/16/07, freeradius-users-request at lists.freeradius.org <
> freeradius-users-request at lists.freeradius.org > wrote:
> >
> > Send Freeradius-Users mailing list submissions to
> > freeradius-users at lists.freeradius.org
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> > http://lists.freeradius.org/mailman/listinfo/freeradius-users
> > or, via email, send a message with subject or body 'help' to
> > freeradius-users-request at lists.freeradius.org
> >
> > You can reach the person managing the list at
> > freeradius-users-owner at lists.freeradius.org
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of Freeradius-Users digest..."
> >
> >
> > Today's Topics:
> >
> > 1. Re: juniper authentication with freeradius (Bj?rn Mork)
> >
> >
> > ----------------------------------------------------------------------
> >
> > Message: 1
> > Date: Thu, 16 Aug 2007 11:20:09 +0200
> > From: Bj?rn Mork <bjorn at mork.no>
> > Subject: Re: juniper authentication with freeradius
> > To: FreeRadius users mailing list
> > < freeradius-users at lists.freeradius.org>
> > Message-ID: <87wsvv3kfq.fsf at obelix.mork.no>
> > Content-Type: text/plain; charset=iso-8859-1
> >
> > "ashish verma" < ashish.scit at gmail.com> writes:
> >
> > > I am trying to do juniper m7i router authentication with freeradius.
> > > Can someone provide me some documentation?
> > >
> > > I have configured juniper but i suppose i missing something on radius
> > side.
> >
> > You don't say how you configured neither the JUNOS box nor FreeRADIUS.
> > My guess is that you're lacking something on the router:
> >
> >
> http://www.juniper.net/techpubs/software/junos/junos84/swconfig84-system-basics/id-10674699.html
> >
> >
> > > added following in dictionary file.
> >
> > why? They have been in the default dictionary.juniper for ages.
> >
> >
> >
> > Bj?rn
> >
> >
> >
> > ------------------------------
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> >
> > End of Freeradius-Users Digest, Vol 28, Issue 55
> > ************************************************
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070816/6923e495/attachment-0001.html
>
> ------------------------------
>
> Message: 2
> Date: Thu, 16 Aug 2007 12:57:29 +0200
> From: Bj?rn Mork < bjorn at mork.no>
> Subject: Re: juniper authentication with freeradius
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org >
> Message-ID: <87643f3fxi.fsf at obelix.mork.no>
> Content-Type: text/plain; charset=iso-8859-1
>
> "ashish verma" < ashish.scit at gmail.com> writes:
>
> > oh.. i didnt have dictionary.juniper file under /etc/freeradius.
> > so i added those lines in "dictionary" file under /etc/freeradius.
> > and this is my juniper side configuration.
> >
> > authentication-order [ radius password ];
> > radius-server {
> > 192.168.1.49 {
> > port 1812;
> > accounting-port 1813;
> > secret "$9$mTnCOBEyrvO1SeKM-d"; ## SECRET-DATA
> > }
> > }
>
> You might need to specify the source address here. I.e.
>
> radius-server {
> 192.168.1.49 {
> port 1812;
> accounting-port 1813;
> secret "$9$mTnCOBEyrvO1SeKM-d"; ## SECRET-DATA
> source-address 192.168.1.10 ;
> }
> }
>
>
> > i tried doing it without specifying the ports as well..but didnt work.
> >
> > under "users" file i have this
> >
> > edward Auth-type := Local, User-Password = "edward"
> > Juniper-Local-User-Name = "fritz12"
>
> Did you define the local user "fritz12" on the router?
>
> > clients.conf contains
> >
> > client 192.168.1.10/24 {
> > secret = secret
> > shortname = junoscope.server.name
> > type = Juniper:nas
> > }
>
> That's a somewhat strange entry. I would have expected either
> 'client 192.168.1.0/24' or 'client 192.168.1.1'
>
> Do you get anything in the radius logs, indicating that the connection
> is OK?
>
>
>
>
> Bj?rn
>
>
>
> ------------------------------
>
> Message: 3
> Date: Thu, 16 Aug 2007 09:45:27 -0400
> From: Alan DeKok <aland at deployingradius.com >
> Subject: Re: Big Problem with peap-mschapv2+freeradius 1.1.7
> To: Christian.Frank at rsel.renesas.com, FreeRadius users mailing list
> < freeradius-users at lists.freeradius.org>
> Message-ID: <46C454F7.4050201 at deployingradius.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Christian Frank wrote:
> > I have a big problem with my radius setup. I want to authenticate
> > my users with peap+mschapv2. The radius backend is an ldap server.
>
> Does the LDAP server contain a clear-text or NT hashed password for
> the user?
>
> > I have this setup working with Freeradius 1.0.1 on Redhat 4 ES.
> >
> > But after upgrading to 1.1.7 this setup does not work anymore.
> > I configured my radius/eap/client config file the same way like the old
> file was.
>
> Are you sure? The configurations are similar, but not identical.
>
> > rlm_ldap: performing search in dc=rsel,dc=com, with filter (uid=cfra)
> > rlm_ldap: checking if remote access for cfra is allowed by uid
> > rlm_ldap: looking for check items in directory...
> > rlm_ldap: looking for reply items in directory...
> > rlm_ldap: user cfra authorized to use remote access
>
> BUT there was no "known good" password for the user found in LDAP.
> That's why authentication is failing.
>
> Alan DeKok.
>
>
> ------------------------------
>
> Message: 4
> Date: Thu, 16 Aug 2007 11:34:44 -0300
> From: Ruben.Savia at alcatel-lucent.com.ar
> Subject: freeradius stops immediately
> To: freeradius-users at lists.freeradius.org
> Message-ID:
> <OF2B008EA4.0271720D-ON03257339.00500CB4-03257339.00501754 at alcatel.com.ar
> >
>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hello all.
>
> I am trying to run freeradius-1.1.5 but it stops immediately after
>
> executing the command ./radiusd -X
>
> The computer?s answer is "Finalizado" because I have chossen spanish as my
> Solaris language
>
> There is no log file.
>
> # ./radiusd -X
> Finalizado
>
> # uname -a
> SunOS xterminal 5.7 Generic_106541-04 sun4u SUNW,Ultra-30 Solaris
>
> Any help please?
>
> Thank you
>
> Ruben Savia
> Professional Services Specialist
> Gcia. Operaciones y Servicios
> ruben.savia at alcatel-lucent.com.ar
>
> Av. Vieytes 1710. (C1275AGT) Ciudad Aut?noma de Buenos Aires
> Te : 4349-1111 int 1001
> Fax: 4349-1129
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070816/757826fe/attachment-0001.html
>
>
> ------------------------------
>
> Message: 5
> Date: Thu, 16 Aug 2007 10:54:19 -0400
> From: Alan DeKok <aland at deployingradius.com>
> Subject: Re: freeradius stops immediately
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Message-ID: < 46C4651B.30409 at deployingradius.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Ruben.Savia at alcatel-lucent.com.ar wrote:
> > I am trying to run freeradius-1.1.5 but it stops immediately
> > after executing the command ./radiusd -X
>
> Use 1.1.7.
>
> Alan DeKok.
>
>
> ------------------------------
>
> Message: 6
> Date: Thu, 16 Aug 2007 17:38:01 +0200
> From: "Fabrizio Stoppani" <vagabond3 at virgilio.it>
> Subject: Enterasys Mac-auth Dynamic-VLAN
> To: < freeradius-users at lists.freeradius.org>
> Message-ID: <002801c7e01b$6e142020$c806080a at Bitty>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hello to everyone !
> I have a problem with Enterasys switch SecureStack A2. It work with 802.1Xand MAC-authentication but the dynamic vlan assignment works only the first
> one.
> I want use it with the MAC authentication (as with Cisco,HP,...) but the
> Enterasys switch don't accept the tunnel attributes that the Radius server
> send it.
> It seems that these are accepted only with 802.1X autentication.
> I use Freeradius with Mysql so I would want to know if there is a way to
> say to Freeradius to use the Calling-Station-Id as password for EAP module
> and use DEFAULT user for every authentication.
> Thanks a lot for your support.
>
> Fabrizio Stoppani
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070816/f40aa145/attachment.html
>
> ------------------------------
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> End of Freeradius-Users Digest, Vol 28, Issue 56
> ************************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070817/4651bd97/attachment.html>
More information about the Freeradius-Users
mailing list