a router as NAS

Si St sigbj-st at operamail.com
Wed Jul 18 21:43:49 CEST 2012


DeKOK, Buxey and andy79!
Please, see if my understanding below is better.

Taking a glimps at the page
http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/Sw8021x.html#wp1033659
it seemes obvious to me that I have misunderstood a few things:
I thought I needed something EXTRA that should run a NAS request to the
radius-server, and thought the router should do the job.
But the NAS is there already in the freeradiusserver downloadfile
installed together with the server. Looking at what the radtest is
spitting out it is there with its NAS IP and port "Sending
Access-Request".
The radiud -X answers this request:"rad_recv: Access-Request......[pap]
User authenticated successfully
++[pap] returns ok...........

Were there no NAS already, the radiusd would not have answered. Simple
as that. From this it is of course obvious to me that it is impossible
that the router can run a NAS, and I can understand Buxeys resignation
about my "very special router". The router can only direct or rather
route the userclient message to the NAS-radius machinery. That is what
the router's EAP-switch is for, letting me configure an IP and a port in
that box where to send it, have it treated by the
NAS/radclient/radserver and receive an OK or something to let me through
to the f.ex. internet. Isn't this correct?

For the radtest to work I found that I had to apply the IPs or their
authorized names or shortnames registered in the /etc/hosts. Otherwise:
"radclient: Failed to find IP address for host sled-10sp3m: No such file
or directory"
At the same time the client.conf must correlate with the /etc/hosts

What is wrong is my subject heading: "router as NAS", which of course
confuses.

If this is correct everything is simplified to just find out how to
network this.
Am I closer now?
-- 
  Si St
  sigbj-st at operamail.com


On Mon, Jul 16, 2012, at 12:34 PM, Alan DeKok wrote:
> Si St wrote:
> > Q:Buxey:
> > Hi,
> > what makes you think you can send RADIUS requests to this router and for
> > it
> > to then send those requests to your server? 
> > A:Because the router documentation said it: 
> > "-WPA-Enterprise
> > 
> >     This option works with a RADIUS Server to authenticate wireless
> >     clients. Wireless clients should have established the necessary
> >     credentials before attempting to authenticate to the Server through
> >     this Gateway. Furthermore, it may be necessary to configure the
> >     RADIUS Server to allow this Gateway to authenticate users."
> 
>   That text does NOT say the router accepts RADIUS requests.
> 
> > I really cant help for that the docu is unprecise, has lacks etc.
> 
>   It assumes that you are familiar with RADIUS and wireless
> configuration.  If you're not, the text is hard to understand.
> 
> > The
> > "credentials " and understand as certs, the "configure" is very sparse
> > if PORTS have to be taken in consideration. - But we are really getting
> > somewhere taking PORTS into my knowledge. But I do not how to configure
> > this and where. If the router has the 1812 configured I would assume
> > that radius would return through the same port. I will try to read
> > through the files in raddb to find something about it. Could
> > /etc/service give a clue? 
> 
>   No.
> 
>   Read more about RADIUS and wireless configuration.  Start with
>   Wikipedia.
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

-- 
http://www.fastmail.fm - Choose from over 50 domains or use your own



More information about the Freeradius-Users mailing list