Radsec Clients

[Xavier Maysonnave]

Hi All,

1 - Now it is running.
The server column should be empty.
If I put the string 'default' in the server column it doesn't work.
If the column is empty it's working.
The nasname column is the public ip addres of my nas
While the secret column takes the 'radsec' secret key.

2 - When client are described in the clients radsec sub-section proto = tls
was specified for localhost so I added it to my test client. I also added
on both clients the require_message_authenticator = yes attribute.
I'm quite new with radius and Freeradius. I'm wondering if it's a good
practice to specifies thoses attributes and is there a way when client are
read from the 'nas' table to specify them.

Thanks.

--
PGP: CAE5 CE4A EFE9 134F D991 5465 081C B6FB 2EAC 6CC9
<https://goo.gl/lPjb40>
--

Light

Xavier
​ / Pudhuveedu​

2017-05-03 14:21 GMT+05:30 Xavier Maysonnave <x.maysonnave at gmail.com>:

> Hi All,
> the radsec server as described with this snippet :
>
> listen {
>
> ipaddr = *
> port = 2083
>
> #
> #  TCP and TLS sockets can accept Access-Request and
> #  Accounting-Request on the same socket.
> #
> # auth  = only Access-Request
> # acct  = only Accounting-Request
> # auth+acct = both
> #
> type = auth+acct
>
> # For now, only TCP transport is allowed.
> proto = tcp
>
> # Send packets to the default virtual server
> virtual_server = default
>
> # clients = radsec
>
> shows that the virtual_server is the default one and I see in debug mode
> that the content of the nas table is read when started. However yet it
> doesn't work as my freeradius client complain with the following:
>
> Error: Ignoring request to auth+acct proto tcp address * port 2083 (TLS)
> bound to server default from unknown client
>
> I also need to set the proto = tls and require_message_authenticator =
> yes for each client.
>
> Thanks
>
> --
> PGP: CAE5 CE4A EFE9 134F D991 5465 081C B6FB 2EAC 6CC9
> <https://goo.gl/lPjb40>
> --
>
> Light
>
> Xavier
> ​ / Pudhuveedu​
>
> 2017-05-03 13:08 GMT+05:30 Alan Buxey <alan.buxey at gmail.com>:
>
>> Just populate the naslist table as you would for normal clients and ensure
>> they are pointed to the correct virtual server and you've enabled reading
>> of clients from the database in the SQL module
>>
>> alan
>>
>> On 2 May 2017 12:28 pm, "Xavier Maysonnave" <x.maysonnave at gmail.com>
>> wrote:
>>
>> Hi,
>> Thanks for the answer.
>> You are right I don't want to put the tls sub-section in a sql table.
>> I was referring to the clients radsec {...} sub-section defined in the
>> file
>> sites-available/tls.
>> I'm looking at how to store those clients in a SQL table and didn't find
>> out the correct solution yet.
>> Thanks
>>
>> --
>> PGP: CAE5 CE4A EFE9 134F D991 5465 081C B6FB 2EAC 6CC9
>> <https://goo.gl/lPjb40>
>> --
>>
>> Light
>>
>> Xavier
>> ​ / Pudhuveedu​
>>
>> 2017-05-01 17:35 GMT+05:30 Alan DeKok <aland at deployingradius.com>:
>>
>> > On Apr 30, 2017, at 11:33 PM, Xavier Maysonnave <x.maysonnave at gmail.com
>> >
>> > wrote:
>> > >
>> > > is there a way to store the radsec clients in an sql table rather than
>> > > using the tls configuration file ?
>> >
>> >    No.
>> >
>> >   Clients can be listed in SQL.  But the "tls" sub-section can't be put
>> > into SQL.
>> >
>> >   Alan DeKok.
>> >
>> >
>> >
>> > -
>> > List info/subscribe/unsubscribe? See http://www.freeradius.org/
>> > list/users.html
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/
>> list/users.html
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list
>> /users.html
>>
>
>