Freeradius-Users Digest, Vol 105, Issue 101

dilanka nayanajith dillnayana at gmail.com
Thu Jan 30 10:36:56 CET 2014


Hi ,

can you please tel me to which file do i want to add this cods ,,


On Thu, Jan 30, 2014 at 2:00 PM, dilanka nayanajith <dillnayana at gmail.com>wrote:

> > Hi every one i am facing some problems,
> >
> > i configured radius server
> > i configured a client
> > and finally i have configured a user as well
> >
> > how do i block or deny access for users to log certain clients
> >
> > as and example --
> >
> > User1 can log to the SWA but he should not be able to log to SWB
> >
> > please help me on this , i read so many articuls but cant fiend a way to
> do it
>
>
> authorize {
>         if ((User-Name == 'User1') && ("%{client:shortname}" == 'SWA')) {
>                 update control {
>                         Auth-Type := 'Accept'
>                 }
>         }
> }
>
>
> can you please tell me to which file that i want to include these cods
>
>
>
> > dilanka nayanajith
> > Thank you
>
>
> On Wed, Jan 29, 2014 at 3:21 PM, <
> freeradius-users-request at lists.freeradius.org> wrote:
>
>> Send Freeradius-Users mailing list submissions to
>>         freeradius-users at lists.freeradius.org
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>>         http://lists.freeradius.org/mailman/listinfo/freeradius-users
>> or, via email, send a message with subject or body 'help' to
>>         freeradius-users-request at lists.freeradius.org
>>
>> You can reach the person managing the list at
>>         freeradius-users-owner at lists.freeradius.org
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of Freeradius-Users digest..."
>>
>>
>> Today's Topics:
>>
>>    1. Re: cui-inner.post-auth and cui.post-auth (Alan Buxey)
>>    2. Does FreeRADIUS 2.1.12's ECDH support include
>>       ECDH-RSA-AES128-SHA? (Edward Morris)
>>    3. Re: Help Accounting packet forwarding (battossai)
>>    4. How to set User access for certain clients (dilanka nayanajith)
>>    5. Re: Help Accounting packet forwarding (Arran Cudbard-Bell)
>>    6. Re: How to set User access for certain clients
>>       (Arran Cudbard-Bell)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Tue, 28 Jan 2014 22:26:40 +0000
>> From: Alan Buxey <A.L.M.Buxey at lboro.ac.uk>
>> To: FreeRadius users mailing list
>>         <freeradius-users at lists.freeradius.org>,
>> stefan.paetow at diamond.ac.uk
>> Subject: Re: cui-inner.post-auth and cui.post-auth
>> Message-ID: <4279f9f1-e87d-4fe1-ad4a-1425371e10bd at email.android.com>
>> Content-Type: text/plain; charset="utf-8"
>>
>> I'm sure I submitted a patch for this. .. Maybe it only went into 2.x?
>>
>> alan
>> --
>> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <
>> http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140128/4a7acf23/attachment-0001.html
>> >
>>
>> ------------------------------
>>
>> Message: 2
>> Date: Tue, 28 Jan 2014 20:23:38 -0800 (PST)
>> From: Edward Morris <emorris25 at yahoo.com>
>> To: "freeradius-users at lists.freeradius.org"
>>         <freeradius-users at lists.freeradius.org>
>> Subject: Does FreeRADIUS 2.1.12's ECDH support include
>>         ECDH-RSA-AES128-SHA?
>> Message-ID:
>>         <1390969418.47367.YahooMailNeo at web140404.mail.bf1.yahoo.com>
>> Content-Type: text/plain; charset=iso-8859-1
>>
>> Using FreeRADIUS 2.1.12 (from debian package) and OpenSSL 1.0.1f, I've
>> been able to successfully configure EAP-TLS with a number of ECDHE
>> (ephemeral) cipher suites.
>>
>> However, my attempts to utilize ECDH (non-ephemeral) cipher suites fail
>> with and error of "SSL3_GET_CLIENT_HELLO:no shared cipher."? I've seen that
>> same error occur both when I was attempting to employ a cipher suite not
>> supported by FreeRADIUS (versions prior to 2.1.12 did not support any ECDHE
>> cipher suites) and when I had a screwy configuration (e.g., attempts to use
>> DSA cipher suites without first giving the server a DSA key).? So I'm
>> unclear on where the problem might lie.
>>
>>
>> I've confirmed that the client/supplicant I'm testing with supports the
>> ECDH cipher suite (tcpdump and wireshark shows the Client Hello message
>> includes the cipher), and querying debian's OpenSSL ("openssl ciphers -v
>> aECDH") confirmed it supports the cipher
>>
>> The only documentation I could find on this topic was the line
>> 'ecdh_curve = "prime256v1"' in eap.conf.??
>>
>>
>> Any pointers or confirmation as to whether or not FreeRADIUS (any
>> version) supports plain ECDH cipher suites would be greatly appreciated.
>>
>> Thanks
>> Ed
>>
>>
>>
>> ------------------------------
>>
>> Message: 3
>> Date: Wed, 29 Jan 2014 11:36:14 +0700
>> From: battossai <battossai at gmail.com>
>> To: FreeRadius users mailing list
>>         <freeradius-users at lists.freeradius.org>
>> Subject: Re: Help Accounting packet forwarding
>> Message-ID:
>>         <
>> CAKfMn+RwnD_mS6w_0dRrpAumJ5mNB8sx-_XV-Z04R4fUhbNbSg at mail.gmail.com>
>> Content-Type: text/plain; charset="iso-8859-1"
>>
>> Hi all,
>>
>>
>> Still could not get "Class" Attribute in my accounting data.
>> Should be defining it from "acct_users" right ? Or shoul NAS asked that
>> "Class" Attrribute ?
>>
>>
>> *rad_recv: Accounting-Request packet from host 103.247.123.158 port 40101,
>> id=170, length=253*
>>
>> *Service-Type = Framed-User*
>>
>> *Framed-Protocol = PPP*
>>
>> *NAS-Port = 420725*
>>
>> *NAS-Port-Type = Ethernet*
>>
>> *User-Name = "franky at yustanto.com <franky at yustanto.com>"*
>>
>> *Calling-Station-Id = "D4:CA:6D:D8:92:78"*
>>
>> *Called-Station-Id = "PPPoE.Service.Vlan100"*
>>
>> *NAS-Port-Id = "vlan100"*
>>
>> *MS-CHAP-Domain = "yustanto.com <http://yustanto.com>"*
>>
>> *Acct-Session-Id = "81b00e94"*
>>
>> *Framed-IP-Address = 103.247.123.47*
>>
>> *Acct-Authentic = RADIUS*
>>
>> *Event-Timestamp = "Jan 29 2014 11:24:05 WIT"*
>>
>> *Acct-Session-Time = 1800*
>>
>> *Acct-Input-Octets = 710*
>>
>> *Acct-Input-Gigawords = 0*
>>
>> *Acct-Input-Packets = 21*
>>
>> *Acct-Output-Octets = 722*
>>
>> *Acct-Output-Gigawords = 0*
>>
>> *Acct-Output-Packets = 21*
>>
>> *Acct-Status-Type = Interim-Update*
>>
>> *NAS-Identifier = "DR2.SMG"*
>>
>> *Acct-Delay-Time = 0*
>>
>> *Mikrotik-Realm = "yustanto.com <http://yustanto.com>"*
>>
>> *NAS-IP-Address = 103.247.123.158*
>>
>>
>>
>> *+- entering group preacct {...}*
>>
>> Have been google it, and still can find out, please help give a clue.
>> I'm desperate ...
>>
>> Thanks
>>
>>
>>
>>
>> On Sun, Jan 26, 2014 at 8:05 PM, Alan Buxey <A.L.M.Buxey at lboro.ac.uk>
>> wrote:
>>
>> > Hi
>> >
>> > I'd suggest that you start by reading the available documentation... and
>> > maybe buy a book. You'll know that it is working by looking at the debug
>> > output of freeradius .. and hopefully the debug/logs/interface of your
>> NAS.
>> > Then if there are still issues you ask questions relevant to the issue.
>> >
>> > Alan
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <
>> http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140129/9cf58b87/attachment-0001.html
>> >
>>
>> ------------------------------
>>
>> Message: 4
>> Date: Wed, 29 Jan 2014 10:26:27 +0530
>> From: dilanka nayanajith <dillnayana at gmail.com>
>> To: freeradius-users at lists.freeradius.org
>> Subject: How to set User access for certain clients
>> Message-ID:
>>         <CAKZeJzLm_EmbxDF_CuTo3PFSH2=SUb2=U0ZTshOYvHDyoA=
>> Dxg at mail.gmail.com>
>> Content-Type: text/plain; charset="iso-8859-1"
>>
>> Hi every one i am facing some problems,
>>
>> i configured radius server
>> i configured a client
>> and finally i have configured a user as well
>>
>> how do i block or deny access for users to log certain clients
>>
>> as and example --
>>
>> User1 can log to the SWA but he should not be able to log to SWB
>>
>> please help me on this , i read so many articuls but cant fiend a way to
>> do
>> it
>>
>>
>>
>> --
>> dilanka nayanajith
>> Thank you
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <
>> http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140129/ae930c56/attachment-0001.html
>> >
>>
>> ------------------------------
>>
>> Message: 5
>> Date: Wed, 29 Jan 2014 09:48:56 +0000
>> From: Arran Cudbard-Bell <a.cudbardb at freeradius.org>
>> To: FreeRadius users mailing list
>>         <freeradius-users at lists.freeradius.org>
>> Subject: Re: Help Accounting packet forwarding
>> Message-ID: <A7E84521-82D1-44F5-A6EC-8793948F645A at freeradius.org>
>> Content-Type: text/plain; charset="iso-8859-1"
>>
>>
>> On 29 Jan 2014, at 04:36, battossai <battossai at gmail.com> wrote:
>>
>> > Hi all,
>> >
>> >
>> > Still could not get "Class" Attribute in my accounting data.
>> > Should be defining it from "acct_users" right ?
>>
>>
>> No. You define it in the Access-Accept.
>>
>> Post-Auth {
>>         update reply {
>>                 Class := 0x00112244
>>         }
>> }
>>
>> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
>> FreeRADIUS Development Team
>>
>> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
>>
>> -------------- next part --------------
>> A non-text attachment was scrubbed...
>> Name: signature.asc
>> Type: application/pgp-signature
>> Size: 881 bytes
>> Desc: Message signed with OpenPGP using GPGMail
>> URL: <
>> http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140129/a6516b84/attachment-0001.pgp
>> >
>>
>> ------------------------------
>>
>> Message: 6
>> Date: Wed, 29 Jan 2014 09:50:56 +0000
>> From: Arran Cudbard-Bell <a.cudbardb at freeradius.org>
>> To: FreeRadius users mailing list
>>         <freeradius-users at lists.freeradius.org>
>> Subject: Re: How to set User access for certain clients
>> Message-ID: <2D884869-8A4F-499C-9922-C28AD8D7EACD at freeradius.org>
>> Content-Type: text/plain; charset="iso-8859-1"
>>
>>
>> On 29 Jan 2014, at 04:56, dilanka nayanajith <dillnayana at gmail.com>
>> wrote:
>>
>> > Hi every one i am facing some problems,
>> >
>> > i configured radius server
>> > i configured a client
>> > and finally i have configured a user as well
>> >
>> > how do i block or deny access for users to log certain clients
>> >
>> > as and example --
>> >
>> > User1 can log to the SWA but he should not be able to log to SWB
>> >
>> > please help me on this , i read so many articuls but cant fiend a way
>> to do it
>>
>>
>> authorize {
>>         if ((User-Name == 'User1') && ("%{client:shortname}" == 'SWA')) {
>>                 update control {
>>                         Auth-Type := 'Accept'
>>                 }
>>         }
>> }
>> >
>> >
>> >
>> > --
>> > dilanka nayanajith
>> > Thank you
>> > -
>> > List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
>> FreeRADIUS Development Team
>>
>> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
>>
>> -------------- next part --------------
>> A non-text attachment was scrubbed...
>> Name: signature.asc
>> Type: application/pgp-signature
>> Size: 881 bytes
>> Desc: Message signed with OpenPGP using GPGMail
>> URL: <
>> http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140129/9510f1e5/attachment.pgp
>> >
>>
>> ------------------------------
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>> End of Freeradius-Users Digest, Vol 105, Issue 101
>> **************************************************
>>
>
>
>
> --
> dilanka nayanajith
> Thank you
>



-- 
dilanka nayanajith
Thank you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140130/17d1bb86/attachment-0001.html>


More information about the Freeradius-Users mailing list