Freeradius-Users Digest, Vol 49, Issue 87
Marco De Magistris
marco.de.magistris at ericsson.com
Wed May 20 10:58:43 CEST 2009
Hi Alan,
> 1. Radius Client sends packets towards Radius Proxy (from 192.168.1.2
> to 192.168.1.3)
> 2. Radius proxy listen on 192.168.1.3 for authentication packet and
> forwarding them towards two different network (192.168.14.4 and
> 192.168.24.4)
192.168.14.4 and 192.168.24.4 are 2 different Radius Servers.
192.168.14.4: Radius Server for IPS 1.
192.168.24.4: Radius Server for IPS 2.
I need send the packets towards ISP1 using VLAN1 and towards ISP2 using VLAN2.
Configured FreeRadius with UDPFROMTO enable.
In radius.c source file we notice the following rows :
#ifdef WITH_UDPFROMTO
/*
* Only IPv4 is supported for udpfromto.
*
* And if they don't specify a source IP address, don't
* use udpfromto.
*/
if ((dst_ipaddr->af == AF_INET) ||
(src_ipaddr->af != AF_UNSPEC)) {
return sendfromto(sockfd, data, data_len, flags,
(struct sockaddr *)&src, sizeof_src,
(struct sockaddr *)&dst, sizeof_dst);
}
#else
src_ipaddr = src_ipaddr; /* -Wunused */
#endif
Can you help me?
Thanks
Marco
-----Original Message-----
From: freeradius-users-bounces+marco.de.magistris=ericsson.com at lists.freeradius.org [mailto:freeradius-users-bounces+marco.de.magistris=ericsson.com at lists.freeradius.org] On Behalf Of freeradius-users-request at lists.freeradius.org
Sent: mercoledì 20 maggio 2009 10.02
To: freeradius-users at lists.freeradius.org
Subject: Freeradius-Users Digest, Vol 49, Issue 87
Send Freeradius-Users mailing list submissions to
freeradius-users at lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
freeradius-users-request at lists.freeradius.org
You can reach the person managing the list at
freeradius-users-owner at lists.freeradius.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Re: help me: proxing towards 2 different networks (Alan DeKok)
2. Re: Freeradius 2.1.1 and SQLite database (Peter Lambrechtsen)
3. Re: current RHEL/CentOS pre-built packages (Was: freeRADIUS)
(John Dennis)
4. Re: question about windows users (Bartosz Chodzinski)
5. Re: question about windows users (Alan DeKok)
6. Re: question about windows users (Bartosz Chodzinski)
7. Re: question about windows users (A.L.M.Buxey at lboro.ac.uk)
----------------------------------------------------------------------
Message: 1
Date: Tue, 19 May 2009 20:16:35 +0200
From: Alan DeKok <aland at deployingradius.com>
Subject: Re: help me: proxing towards 2 different networks
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <4A12F783.5080508 at deployingradius.com>
Content-Type: text/plain; charset=ISO-8859-1
Marco De Magistris wrote:
> 1. Radius Client sends packets towards Radius Proxy (from 192.168.1.2
> to 192.168.1.3)
> 2. Radius proxy listen on 192.168.1.3 for authentication packet and
> forwarding them towards two different network (192.168.14.4 and
> 192.168.24.4)
>
> Can I configure this scenario using FreeRadius?
No. RADIUS doesn't work like that.
Why do you want to do this?
Alan DeKok.
------------------------------
Message: 2
Date: Wed, 20 May 2009 06:42:29 +1200
From: Peter Lambrechtsen <plambrechtsen at gmail.com>
Subject: Re: Freeradius 2.1.1 and SQLite database
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <BBCD777E-E215-416D-B199-07C9C87D22BD at gmail.com>
Content-Type: text/plain; charset=us-ascii; format=flowed; delsp=yes
On 20/05/2009, at 12:00 AM, Alan DeKok <aland at deployingradius.com>
wrote:
> Peter Lambrechtsen wrote:
>> Has anyone done any work with FreeRadius 2.1.1 or higher and SQLite
>> as
>> the backend db.
>
> Nope.
>
>> Would love to have it working with sqlite as that is the smallest DB
>> footprint of all the supported databases for Free Radius.
>
> Write the code... submit it back.
Will do
>
>
>> Has anyone done work with the sqlite db and give me some pointers on
>> the database setup for sqlite, looks like I need to create a file
>> called "sqlite_radius_client_database" but not sure what the
>> structure
>> should be... And google isn't helping much either.
>
> Apple uses it for their OS X Server system. The clients go into
> SQLite, so that their administration system doesn't have to deal with
> MySQL, PostgreSQL, or flat-text files.
>
> The schema is just the normal NAS schema, as with the other SQL
> drivers.
>
> To have it use the "radcheck", "radreply", etc. tables, you'll have
> to
> define the schemas, create the DB, and define the queries. It
> *should*
> work, so long as you use the hard-coded DB file name.
Ok I will have a go and submit my results back to the users/devel
lists depending upon how I get along.
The final destination is a single wifi router such as asus 500p which
has a usb port that can take stick for local storage to host db with
captive portal and wpa for either PEAP or tls logon ssids with web
admin backend. All with openwrt.
Will let you know how I get along with the freeradius component.
>
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
------------------------------
Message: 3
Date: Tue, 19 May 2009 19:33:58 -0400
From: John Dennis <jdennis at redhat.com>
Subject: Re: current RHEL/CentOS pre-built packages (Was: freeRADIUS)
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <4A1341E6.4070500 at redhat.com>
Content-Type: text/plain; charset=us-ascii
Fajar A. Nugraha wrote:
> On Sun, May 17, 2009 at 11:33 PM, John Dennis <jdennis at redhat.com> wrote:
>> We expect to provide an official update to RHEL with a 2.x
>> version of FreeRADIUS in the next update cycle which would be RHEL 5.5,
>
> So how do you plan to provide seamless upgrade for RHEL 5 users?
> Is freeradius 1.1.3 config compatible with 2.x? Or do we have to do a
> clean install?
Please note what Alan said about upgrades across major versions
requiring manual configuration.
Also, the package will have a different name, rather than freeradius it
will be named freeradius2, however (and this is critical) it will
conflict at the file level, in other words the both freeradius and
freeradius2 cannot be simultaneously installed.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
------------------------------
Message: 4
Date: Wed, 20 May 2009 08:56:25 +0200
From: Bartosz Chodzinski <bartosz.c at gmail.com>
Subject: Re: question about windows users
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID:
<1f06c2db0905192356k68b35d5ck73c9163d8c8ec5d9 at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
>Don't strip the username. Why do you proxy this anyway? Create it as a
local realm:
I am using basic configuration without changes in config cause:
>so..somewhere along the line you are playing with the User-Name
attribute...something
>which you cannot do with EAP - if you take a standard 2.1.6 install and
make the basic changes
>to your eap.conf and clients.conf it will work.
"make the basic changes to your eap.conf and client.conf it will work"
it wont.
are all of you had so many troubles with radius or only me has so bad luck
I tried to make my first config a year ago, only have succes with eap=md5,
after month figting with peap I gave up,
now I have some communicates on screen, but answers "basic changes" are
really not helpful.
my realm example.com was:
realm example.com {
auth_pool = my_auth_failover
}
when I changed in proxy.conf it to
realm example.com {
}
radius wont start
#freeradius -X
...
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
realm example.com {
}
realm LOCAL {
}
realm NULL {
}
/etc/freeradius/proxy.conf[498]: home_server "localhost" does not exist
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20090520/73d1f20b/attachment.html>
------------------------------
Message: 5
Date: Wed, 20 May 2009 09:30:23 +0200
From: Alan DeKok <aland at deployingradius.com>
Subject: Re: question about windows users
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <4A13B18F.1030300 at deployingradius.com>
Content-Type: text/plain; charset=ISO-8859-1
Bartosz Chodzinski wrote:
> "make the basic changes to your eap.conf and client.conf it will work"
> it wont.
You can believe that, which means that everyone else is lying. They
just download the software, follow the guides, and it "just works".
But... because it doesn't work for you, they must be lying.
Or, maybe you didn't follow the guides.
> are all of you had so many troubles with radius or only me has so bad luck
Many people have problems. Those problems are almost always caused by
doing *too much*, without understanding what they're doing.
> my realm example.com was:
And here we have a problem. The EAP guides do NOT say to add realms.
Why are you doing this?
Follow the guides. Do nothing MORE than what the guides say.
If you do NOT follow the guides, then do NOT complain that they don't
work.
> when I changed in proxy.conf it to
>
> realm example.com {
> }
>
> radius wont start
...
> realm example.com {
> }
So it IS loading the "example.com" realm.
> realm LOCAL {
> }
> realm NULL {
> }
> /etc/freeradius/proxy.conf[498]: home_server "localhost" does not exist
Is it really that difficult to read the debugging output?
1) It loads the realm "example.com" just fine. No problems.
2) Line 498 of /etc/freeradius/proxy.conf refers to a home server
that doesn't exist. This error has *NOTHING* to do with the
realm example.com
The issue here is that you are NOT following the guides, and you are
NOT reading the debugging output.
Alan DeKok.
------------------------------
Message: 6
Date: Wed, 20 May 2009 09:56:06 +0200
From: Bartosz Chodzinski <bartosz.c at gmail.com>
Subject: Re: question about windows users
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID:
<1f06c2db0905200056x288f8179m330a4269a780ca87 at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
could you give me good freeradius guide for dummies - I think I need it :)
On Wed, May 20, 2009 at 9:30 AM, Alan DeKok <aland at deployingradius.com>wrote:
> Bartosz Chodzinski wrote:
> > "make the basic changes to your eap.conf and client.conf it will work"
> > it wont.
>
> You can believe that, which means that everyone else is lying. They
> just download the software, follow the guides, and it "just works".
> But... because it doesn't work for you, they must be lying.
>
> Or, maybe you didn't follow the guides.
>
> > are all of you had so many troubles with radius or only me has so bad
> luck
>
> Many people have problems. Those problems are almost always caused by
> doing *too much*, without understanding what they're doing.
>
> > my realm example.com was:
>
> And here we have a problem. The EAP guides do NOT say to add realms.
> Why are you doing this?
>
> Follow the guides. Do nothing MORE than what the guides say.
>
> If you do NOT follow the guides, then do NOT complain that they don't
> work.
>
> > when I changed in proxy.conf it to
> >
> > realm example.com {
> > }
> >
> > radius wont start
> ...
> > realm example.com {
> > }
>
> So it IS loading the "example.com" realm.
>
> > realm LOCAL {
> > }
> > realm NULL {
> > }
> > /etc/freeradius/proxy.conf[498]: home_server "localhost" does not exist
>
> Is it really that difficult to read the debugging output?
>
> 1) It loads the realm "example.com" just fine. No problems.
>
> 2) Line 498 of /etc/freeradius/proxy.conf refers to a home server
> that doesn't exist. This error has *NOTHING* to do with the
> realm example.com
>
> The issue here is that you are NOT following the guides, and you are
> NOT reading the debugging output.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20090520/bc11cc8f/attachment.html>
------------------------------
Message: 7
Date: Wed, 20 May 2009 09:02:10 +0100
From: A.L.M.Buxey at lboro.ac.uk
Subject: Re: question about windows users
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <20090520080210.GA5550 at lboro.ac.uk>
Content-Type: text/plain; charset=us-ascii
Hi,
> realm example.com {
> }
> realm LOCAL {
> }
> realm NULL {
> }
> /etc/freeradius/proxy.conf[498]: home_server "localhost" does not exist
thats very interesting - because in the default proxy.conf there IS an
entry for home_server localhost.
so, I'll repeat once again, do not just randomly edit and remove config entries.
just change or add the few lines that you need and 'it will work'
I'm not lying - i've been using this software since the very early days
when it didnt 'just work' - going through the 1.0.x and 1.1.x where it started
to work and now with the joys of 2.1.x where its pretty amazingly almost ready
for production use with little or no changes!
alan
------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest, Vol 49, Issue 87
************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090520/a06dd4b8/attachment.html>
More information about the Freeradius-Users
mailing list