the newbie on radiustesting strikes again
Si St
sigbj-st at operamail.com
Sun Apr 20 00:22:36 CEST 2008
> ----- Original Message -----
> From: "Ivan Kalik" <tnt at kalik.net>
> To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
> Subject: Re: the newbie on radiustesting strikes again
> Date: Sat, 19 Apr 2008 17:34:36 +0100
>
>
> >> You need to sort out some basic things:
> >>
> >> - your user sits at the laptop and connects to - what? What service is
> >> router controlling?
> > A: to internett via the router for example
> > What service is router controlling?
> > A:The traffic through the DSL-modem (You mean to say: "Which
> > service is the router controlling" or "Which service is
> > routercontrolling" i.e. controlling the router?)
>
> OK. But how are they going to connect to the router? You are mentioning
> PEAP, so I assume that router does support EAP (WPA-Enterprise)? For
> wireless clients. Will there be wired clients? Can their access be
> controlled?
The Router supports EAP/WPA-Enterprise(has a box for this choice;)
Automatic (WPA or WPA2), TKIP and AES
There will probably for all practical purposes be only wireless clients:3 laptops and one workstation,but I have configured 2 IP addresses for each laptop, one for their wireless card the other address for the wired/cabled card in case they will be needed.
The access of the clients are controlled allowing only the specific MAC addresses of each machine to connect to the router.(Routers Netfilter) The machines have also fixed IPs reserved.
>
> >> - your router is most likely the only (radius) client on your network.
> >> User machines should be removed from clients.conf.
> > A:Remove all user machines
> > Thus only one machine, the router, is to be defined as client
> > client 192.168.0.1 {
> > secret = testing123
> > shortname = asus-TL
> > nastype = other
> > # DLINK 635 Router
> > }
>
> That should be fine now.
>
> >>
> >> - don't use Auth-Type and User-Password. Read instructions in users
> >> file. Documentation you got these entries from is years out of date.
> > A: FreeRADIUS Version 1.0.4. - And this is a tricky part. If no
> > Auth-Type and User-Password, should I apply Fall-Through instead
> > to have a DEFAULT running?
>
> OK, disregard what I said. You are using version that is years out of
> date, so those entries are likely to be correct. Just check that you can
> disable DHCP on the router and hand IPs via radius.
DHCP-server can be deactivated on the router but I had some problems making a deactivation work for the WinOSs. If the 4 machines have IPs 192.168.0.193-199 I could set DHCP reservations range on the router to the same and thus stop the server,is this safe, or does it disturb the radius DHCP ability?
>
> If you upgrade to current version certificates will be created for you.
> Even if you don't want to upgrade you can download 2.0.3 and use it to
> generate certificates that you can use in 1.0.4.
I have right now downloaded the 2.0.3 and had a look at it. I could later try to generate certificates, as you say. Could also later try to upgrade. Hope SuSE 10.0 has the necessary environment for it.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 9 at http://www.opera.com
Powered by Outblaze
More information about the Freeradius-Users
mailing list