Freeradius-Users Digest, Vol 105, Issue 101

dilanka nayanajith dillnayana at gmail.com
Thu Jan 30 09:30:05 CET 2014


> Hi every one i am facing some problems,
>
> i configured radius server
> i configured a client
> and finally i have configured a user as well
>
> how do i block or deny access for users to log certain clients
>
> as and example --
>
> User1 can log to the SWA but he should not be able to log to SWB
>
> please help me on this , i read so many articuls but cant fiend a way to
do it


authorize {
        if ((User-Name == 'User1') && ("%{client:shortname}" == 'SWA')) {
                update control {
                        Auth-Type := 'Accept'
                }
        }
}


can you please tell me to which file that i want to include these cods



> dilanka nayanajith
> Thank you


On Wed, Jan 29, 2014 at 3:21 PM, <
freeradius-users-request at lists.freeradius.org> wrote:

> Send Freeradius-Users mailing list submissions to
>         freeradius-users at lists.freeradius.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://lists.freeradius.org/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
>         freeradius-users-request at lists.freeradius.org
>
> You can reach the person managing the list at
>         freeradius-users-owner at lists.freeradius.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
>
>    1. Re: cui-inner.post-auth and cui.post-auth (Alan Buxey)
>    2. Does FreeRADIUS 2.1.12's ECDH support include
>       ECDH-RSA-AES128-SHA? (Edward Morris)
>    3. Re: Help Accounting packet forwarding (battossai)
>    4. How to set User access for certain clients (dilanka nayanajith)
>    5. Re: Help Accounting packet forwarding (Arran Cudbard-Bell)
>    6. Re: How to set User access for certain clients
>       (Arran Cudbard-Bell)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 28 Jan 2014 22:26:40 +0000
> From: Alan Buxey <A.L.M.Buxey at lboro.ac.uk>
> To: FreeRadius users mailing list
>         <freeradius-users at lists.freeradius.org>,
> stefan.paetow at diamond.ac.uk
> Subject: Re: cui-inner.post-auth and cui.post-auth
> Message-ID: <4279f9f1-e87d-4fe1-ad4a-1425371e10bd at email.android.com>
> Content-Type: text/plain; charset="utf-8"
>
> I'm sure I submitted a patch for this. .. Maybe it only went into 2.x?
>
> alan
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140128/4a7acf23/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Tue, 28 Jan 2014 20:23:38 -0800 (PST)
> From: Edward Morris <emorris25 at yahoo.com>
> To: "freeradius-users at lists.freeradius.org"
>         <freeradius-users at lists.freeradius.org>
> Subject: Does FreeRADIUS 2.1.12's ECDH support include
>         ECDH-RSA-AES128-SHA?
> Message-ID:
>         <1390969418.47367.YahooMailNeo at web140404.mail.bf1.yahoo.com>
> Content-Type: text/plain; charset=iso-8859-1
>
> Using FreeRADIUS 2.1.12 (from debian package) and OpenSSL 1.0.1f, I've
> been able to successfully configure EAP-TLS with a number of ECDHE
> (ephemeral) cipher suites.
>
> However, my attempts to utilize ECDH (non-ephemeral) cipher suites fail
> with and error of "SSL3_GET_CLIENT_HELLO:no shared cipher."? I've seen that
> same error occur both when I was attempting to employ a cipher suite not
> supported by FreeRADIUS (versions prior to 2.1.12 did not support any ECDHE
> cipher suites) and when I had a screwy configuration (e.g., attempts to use
> DSA cipher suites without first giving the server a DSA key).? So I'm
> unclear on where the problem might lie.
>
>
> I've confirmed that the client/supplicant I'm testing with supports the
> ECDH cipher suite (tcpdump and wireshark shows the Client Hello message
> includes the cipher), and querying debian's OpenSSL ("openssl ciphers -v
> aECDH") confirmed it supports the cipher
>
> The only documentation I could find on this topic was the line 'ecdh_curve
> = "prime256v1"' in eap.conf.??
>
>
> Any pointers or confirmation as to whether or not FreeRADIUS (any version)
> supports plain ECDH cipher suites would be greatly appreciated.
>
> Thanks
> Ed
>
>
>
> ------------------------------
>
> Message: 3
> Date: Wed, 29 Jan 2014 11:36:14 +0700
> From: battossai <battossai at gmail.com>
> To: FreeRadius users mailing list
>         <freeradius-users at lists.freeradius.org>
> Subject: Re: Help Accounting packet forwarding
> Message-ID:
>         <
> CAKfMn+RwnD_mS6w_0dRrpAumJ5mNB8sx-_XV-Z04R4fUhbNbSg at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi all,
>
>
> Still could not get "Class" Attribute in my accounting data.
> Should be defining it from "acct_users" right ? Or shoul NAS asked that
> "Class" Attrribute ?
>
>
> *rad_recv: Accounting-Request packet from host 103.247.123.158 port 40101,
> id=170, length=253*
>
> *Service-Type = Framed-User*
>
> *Framed-Protocol = PPP*
>
> *NAS-Port = 420725*
>
> *NAS-Port-Type = Ethernet*
>
> *User-Name = "franky at yustanto.com <franky at yustanto.com>"*
>
> *Calling-Station-Id = "D4:CA:6D:D8:92:78"*
>
> *Called-Station-Id = "PPPoE.Service.Vlan100"*
>
> *NAS-Port-Id = "vlan100"*
>
> *MS-CHAP-Domain = "yustanto.com <http://yustanto.com>"*
>
> *Acct-Session-Id = "81b00e94"*
>
> *Framed-IP-Address = 103.247.123.47*
>
> *Acct-Authentic = RADIUS*
>
> *Event-Timestamp = "Jan 29 2014 11:24:05 WIT"*
>
> *Acct-Session-Time = 1800*
>
> *Acct-Input-Octets = 710*
>
> *Acct-Input-Gigawords = 0*
>
> *Acct-Input-Packets = 21*
>
> *Acct-Output-Octets = 722*
>
> *Acct-Output-Gigawords = 0*
>
> *Acct-Output-Packets = 21*
>
> *Acct-Status-Type = Interim-Update*
>
> *NAS-Identifier = "DR2.SMG"*
>
> *Acct-Delay-Time = 0*
>
> *Mikrotik-Realm = "yustanto.com <http://yustanto.com>"*
>
> *NAS-IP-Address = 103.247.123.158*
>
>
>
> *+- entering group preacct {...}*
>
> Have been google it, and still can find out, please help give a clue.
> I'm desperate ...
>
> Thanks
>
>
>
>
> On Sun, Jan 26, 2014 at 8:05 PM, Alan Buxey <A.L.M.Buxey at lboro.ac.uk>
> wrote:
>
> > Hi
> >
> > I'd suggest that you start by reading the available documentation... and
> > maybe buy a book. You'll know that it is working by looking at the debug
> > output of freeradius .. and hopefully the debug/logs/interface of your
> NAS.
> > Then if there are still issues you ask questions relevant to the issue.
> >
> > Alan
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140129/9cf58b87/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 4
> Date: Wed, 29 Jan 2014 10:26:27 +0530
> From: dilanka nayanajith <dillnayana at gmail.com>
> To: freeradius-users at lists.freeradius.org
> Subject: How to set User access for certain clients
> Message-ID:
>         <CAKZeJzLm_EmbxDF_CuTo3PFSH2=SUb2=U0ZTshOYvHDyoA=
> Dxg at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi every one i am facing some problems,
>
> i configured radius server
> i configured a client
> and finally i have configured a user as well
>
> how do i block or deny access for users to log certain clients
>
> as and example --
>
> User1 can log to the SWA but he should not be able to log to SWB
>
> please help me on this , i read so many articuls but cant fiend a way to do
> it
>
>
>
> --
> dilanka nayanajith
> Thank you
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140129/ae930c56/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 5
> Date: Wed, 29 Jan 2014 09:48:56 +0000
> From: Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> To: FreeRadius users mailing list
>         <freeradius-users at lists.freeradius.org>
> Subject: Re: Help Accounting packet forwarding
> Message-ID: <A7E84521-82D1-44F5-A6EC-8793948F645A at freeradius.org>
> Content-Type: text/plain; charset="iso-8859-1"
>
>
> On 29 Jan 2014, at 04:36, battossai <battossai at gmail.com> wrote:
>
> > Hi all,
> >
> >
> > Still could not get "Class" Attribute in my accounting data.
> > Should be defining it from "acct_users" right ?
>
>
> No. You define it in the Access-Accept.
>
> Post-Auth {
>         update reply {
>                 Class := 0x00112244
>         }
> }
>
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS Development Team
>
> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 881 bytes
> Desc: Message signed with OpenPGP using GPGMail
> URL: <
> http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140129/a6516b84/attachment-0001.pgp
> >
>
> ------------------------------
>
> Message: 6
> Date: Wed, 29 Jan 2014 09:50:56 +0000
> From: Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> To: FreeRadius users mailing list
>         <freeradius-users at lists.freeradius.org>
> Subject: Re: How to set User access for certain clients
> Message-ID: <2D884869-8A4F-499C-9922-C28AD8D7EACD at freeradius.org>
> Content-Type: text/plain; charset="iso-8859-1"
>
>
> On 29 Jan 2014, at 04:56, dilanka nayanajith <dillnayana at gmail.com> wrote:
>
> > Hi every one i am facing some problems,
> >
> > i configured radius server
> > i configured a client
> > and finally i have configured a user as well
> >
> > how do i block or deny access for users to log certain clients
> >
> > as and example --
> >
> > User1 can log to the SWA but he should not be able to log to SWB
> >
> > please help me on this , i read so many articuls but cant fiend a way to
> do it
>
>
> authorize {
>         if ((User-Name == 'User1') && ("%{client:shortname}" == 'SWA')) {
>                 update control {
>                         Auth-Type := 'Accept'
>                 }
>         }
> }
> >
> >
> >
> > --
> > dilanka nayanajith
> > Thank you
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS Development Team
>
> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 881 bytes
> Desc: Message signed with OpenPGP using GPGMail
> URL: <
> http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140129/9510f1e5/attachment.pgp
> >
>
> ------------------------------
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> End of Freeradius-Users Digest, Vol 105, Issue 101
> **************************************************
>



-- 
dilanka nayanajith
Thank you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140130/75da1e92/attachment-0001.html>


More information about the Freeradius-Users mailing list