provide DAC and NAC to one host
MichaelLeung
gbcbooksmj at gmail.com
Mon Mar 21 09:33:31 CET 2016
hi list
here is an example of one of my client.conf and the virtual-server
------------------------nas-----------------------
client devices {
ipaddr = 192.168.1.1
proto = *
secret = testing123
require_message_authenticator = no
nas-type = other
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
virtual_server = devicemanager
}
----------------------------virtual server----------------------
server devicemanager {
authorize {
Use_Auth_Ladp
filter_username
disabled
devicemanager_check
ldap
pap
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
digest
Auth-Type LDAP {
ldap
}
eap
}
preacct {
preprocess
acct_unique
suffix
files
}
accounting {
detail
unix
exec
attr_filter.accounting_response
}
session {
}
post-auth {
exec
remove_reply_message_if_eap
Post-Auth-Type REJECT {
attr_filter.access_reject
eap
remove_reply_message_if_eap
}
}
pre-proxy {
}
post-proxy {
eap
}
}
----------------------------------end-----------------------
Host 192.168.1.1 is a switch,
as i have configed radius device access for host 192.168.1.1,
what am i suppose to do if i am want to enable switch port dot1x
(network access control)on this swtich with the same radius server,
More information about the Freeradius-Users
mailing list