Radsec Clients
Xavier Maysonnave
x.maysonnave at gmail.com
Wed May 3 10:51:44 CEST 2017
Hi All,
the radsec server as described with this snippet :
listen {
ipaddr = *
port = 2083
#
# TCP and TLS sockets can accept Access-Request and
# Accounting-Request on the same socket.
#
# auth = only Access-Request
# acct = only Accounting-Request
# auth+acct = both
#
type = auth+acct
# For now, only TCP transport is allowed.
proto = tcp
# Send packets to the default virtual server
virtual_server = default
# clients = radsec
shows that the virtual_server is the default one and I see in debug mode
that the content of the nas table is read when started. However yet it
doesn't work as my freeradius client complain with the following:
Error: Ignoring request to auth+acct proto tcp address * port 2083 (TLS)
bound to server default from unknown client
I also need to set the proto = tls and require_message_authenticator = yes
for each client.
Thanks
--
PGP: CAE5 CE4A EFE9 134F D991 5465 081C B6FB 2EAC 6CC9
<https://goo.gl/lPjb40>
--
Light
Xavier
/ Pudhuveedu
2017-05-03 13:08 GMT+05:30 Alan Buxey <alan.buxey at gmail.com>:
> Just populate the naslist table as you would for normal clients and ensure
> they are pointed to the correct virtual server and you've enabled reading
> of clients from the database in the SQL module
>
> alan
>
> On 2 May 2017 12:28 pm, "Xavier Maysonnave" <x.maysonnave at gmail.com>
> wrote:
>
> Hi,
> Thanks for the answer.
> You are right I don't want to put the tls sub-section in a sql table.
> I was referring to the clients radsec {...} sub-section defined in the file
> sites-available/tls.
> I'm looking at how to store those clients in a SQL table and didn't find
> out the correct solution yet.
> Thanks
>
> --
> PGP: CAE5 CE4A EFE9 134F D991 5465 081C B6FB 2EAC 6CC9
> <https://goo.gl/lPjb40>
> --
>
> Light
>
> Xavier
> / Pudhuveedu
>
> 2017-05-01 17:35 GMT+05:30 Alan DeKok <aland at deployingradius.com>:
>
> > On Apr 30, 2017, at 11:33 PM, Xavier Maysonnave <x.maysonnave at gmail.com>
> > wrote:
> > >
> > > is there a way to store the radsec clients in an sql table rather than
> > > using the tls configuration file ?
> >
> > No.
> >
> > Clients can be listed in SQL. But the "tls" sub-section can't be put
> > into SQL.
> >
> > Alan DeKok.
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/
> > list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>
More information about the Freeradius-Users
mailing list