Duplicate IPs for Radius Clients with different secrets

Paul Bartell paul.bartell at gmail.com
Tue Dec 16 08:13:06 CET 2008


Okay. What you need to do is set ips in the client configuraiton file
for each of the APs that is going to be authenticating by using their
external ip address, which is where the connection will appear to come
from to freeradius. do a freeradius -X and it should be quite
explanatory, when you try to connect through an AP to it.

On Mon, Dec 15, 2008 at 6:56 PM, Eric Geier <me at egeier.com> wrote:
>> >Hi, I'm wondering if someone can point me in the right direction. I
>> want to
>> >list radius clients with the same IPs (and different shared secrets).
>> This
>> >would let me use freeradius among multiple offices, where each could
>> use the
>> >same IP addresses for the radius clients.
>>
>> And how is routing going to work there? How is radius server suposed to
>> send the response back to the correct client? This can work only if
>> carry radius server from office to office so it works a little bit
>> here,
>> little bit there. If you connect those clients onto a network they will
>> all stop working (or, at best, first one you put on the network will
>> work but others won't).
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>
> I'm not exactly sure. How does a RADIUS server work over the Internet? I'm
> not connecting the radius clients onto the same LAN. If a radius request
> comes in from the internet, would the server send responses to the Internet
> IP that it received it from (which I think would work for my case) or would
> it send to the radius client IP?
>
> Here's what I'm trying to do:
> Host a radius server on the Internet...for PEAP 802.1X (WPA-enterprise).
> Each AP at the different offices would be set with the Internet IP address
> of where the radius server is running, along with a shared secret. There
> would likely be APs set to the same IP address, that's why I'm asking about
> all this.
>
>> > Hi, I'm wondering if someone can point me in the right direction. I
>> want to
>> > list radius clients with the same IPs (and different shared secrets).
>> This
>> > would let me use freeradius among multiple offices, where each could
>> use the
>> > same IP addresses for the radius clients. I need something very
>> dynamic;
>> > manually creating virtual servers in the config file won't work well.
>>
>>   RADIUS doesn't work that way.
>>
>>   Shared secrets are per client IP.  Each client IP is used to look up
>> the shared secret.  You can't have multiple shared secrets for one IP.
>>
>> > Right now I'm using v1.188.2.4.2.14
>>
>>   That's not the server version number.
>>
>>   Use "radiusd -v" to get the version information.
>>
>>   Alan DeKOk.
>
> I know it traditionally doesn't, just checking to see what people think and
> if I might find a way to do what I want to do.
>
> What got me thinking something like this could work is when using a
> different server, I thought I could modify the SQL select statement that's
> used to find the shared secret. For example, the default is "select
> SharedSecret from NASES where ClientIPAddress='$c'" I thought I could just
> add the following to the end "and where Domain=(function that takes the
> domain from the username...after the @)  I found that server can't register
> the username attribute during the select statement...so it all didn't work.
>
> Opps. I'm using v1.1.7 because at the moment I'm using FreeRadius.net on
> Windows
>
> Thanks for your help guys - Eric
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>



-- 
Random quote of the week/month/whenever i get to updating it:
"Opportunity knocked. My doorman threw him out." - Adrienne Gusoff

"At school you don't get parole, good behavior only brings a longer
sentence." - The History Boys



More information about the Freeradius-Users mailing list