user<http://www.juniper.net/techpubs/software/junos/junos84/swconfig84-system-basics/id-11121928.html#id-11121928>remote
"All remote users";uid *uid-value*;class *class-name*;thanks again.
Send Freeradius-Users mailing list submissions to
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
You can reach the person managing the list at
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
1. juniper authentication with freeradius (ashish verma)
2. Re: juniper authentication with freeradius (Bj?rn Mork)
3. Re: Big Problem with peap-mschapv2+freeradius 1.1.7 (Alan DeKok)
5. Re: freeradius stops immediately (Alan DeKok)
6. Enterasys Mac-auth Dynamic-VLAN (Fabrizio Stoppani)
----------------------------------------------------------------------
Message: 1
Date: Thu, 16 Aug 2007 16:00:07 +0530
Subject: juniper authentication with freeradius
Content-Type: text/plain; charset="iso-8859-1"
hi,
oh.. i didnt have dictionary.juniper file under /etc/freeradius.
so i added those lines in "dictionary" file under /etc/freeradius.
and this is my juniper side configuration.
authentication-order [ radius password ];
radius-server {
192.168.1.49 {
port 1812;
accounting-port 1813;
secret "$9$mTnCOBEyrvO1SeKM-d"; ## SECRET-DATA
}
}
i tried doing it without specifying the ports as well..but didnt work.
under "users" file i have this
edward Auth-type := Local, User-Password = "edward"
Juniper-Local-User-Name = "fritz12"
clients.conf contains
client 192.168.1.10/24 {
secret = secret
shortname = junoscope.server.name
type = Juniper:nas
}
Send Freeradius-Users mailing list submissions to
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
You can reach the person managing the list at
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
1. Re: juniper authentication with freeradius (Bj?rn Mork)
----------------------------------------------------------------------
Message: 1
Date: Thu, 16 Aug 2007 11:20:09 +0200
Subject: Re: juniper authentication with freeradius
To: FreeRadius users mailing list
Content-Type: text/plain; charset=iso-8859-1
Post by ashish vermaI am trying to do juniper m7i router authentication with freeradius.
Can someone provide me some documentation?
I have configured juniper but i suppose i missing something on radius
side.
You don't say how you configured neither the JUNOS box nor FreeRADIUS.
http://www.juniper.net/techpubs/software/junos/junos84/swconfig84-system-basics/id-10674699.html
Post by ashish vermaadded following in dictionary file.
why? They have been in the default dictionary.juniper for ages.
Bj?rn
------------------------------
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest, Vol 28, Issue 55
************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070816/6923e495/attachment-0001.html
------------------------------
Message: 2
Date: Thu, 16 Aug 2007 12:57:29 +0200
Subject: Re: juniper authentication with freeradius
To: FreeRadius users mailing list
Content-Type: text/plain; charset=iso-8859-1
oh.. i didnt have dictionary.juniper file under /etc/freeradius.
so i added those lines in "dictionary" file under /etc/freeradius.
and this is my juniper side configuration.
authentication-order [ radius password ];
radius-server {
192.168.1.49 {
port 1812;
accounting-port 1813;
secret "$9$mTnCOBEyrvO1SeKM-d"; ## SECRET-DATA
}
}
You might need to specify the source address here. I.e.
radius-server {
192.168.1.49 {
port 1812;
accounting-port 1813;
secret "$9$mTnCOBEyrvO1SeKM-d"; ## SECRET-DATA
source-address 192.168.1.10 ;
}
}
i tried doing it without specifying the ports as well..but didnt work.
under "users" file i have this
edward Auth-type := Local, User-Password = "edward"
Juniper-Local-User-Name = "fritz12"
Did you define the local user "fritz12" on the router?
clients.conf contains
client 192.168.1.10/24 {
secret = secret
shortname = junoscope.server.name
type = Juniper:nas
}
That's a somewhat strange entry. I would have expected either
'client 192.168.1.0/24' or 'client 192.168.1.1'
Do you get anything in the radius logs, indicating that the connection
is OK?
Bj?rn
------------------------------
Message: 3
Date: Thu, 16 Aug 2007 09:45:27 -0400
Subject: Re: Big Problem with peap-mschapv2+freeradius 1.1.7
Content-Type: text/plain; charset=ISO-8859-1
I have a big problem with my radius setup. I want to authenticate
my users with peap+mschapv2. The radius backend is an ldap server.
Does the LDAP server contain a clear-text or NT hashed password for
the user?
I have this setup working with Freeradius 1.0.1 on Redhat 4 ES.
But after upgrading to 1.1.7 this setup does not work anymore.
I configured my radius/eap/client config file the same way like the old
file was.
Are you sure? The configurations are similar, but not identical.
rlm_ldap: performing search in dc=rsel,dc=com, with filter (uid=cfra)
rlm_ldap: checking if remote access for cfra is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cfra authorized to use remote access
BUT there was no "known good" password for the user found in LDAP.
That's why authentication is failing.
Alan DeKok.
------------------------------
Message: 4
Date: Thu, 16 Aug 2007 11:34:44 -0300
Subject: freeradius stops immediately
Content-Type: text/plain; charset="iso-8859-1"
Hello all.
I am trying to run freeradius-1.1.5 but it stops immediately after
executing the command ./radiusd -X
The computer?s answer is "Finalizado" because I have chossen spanish as my
Solaris language
There is no log file.
# ./radiusd -X
Finalizado
# uname -a
SunOS xterminal 5.7 Generic_106541-04 sun4u SUNW,Ultra-30 Solaris
Any help please?
Thank you
Ruben Savia
Professional Services Specialist
Gcia. Operaciones y Servicios
Av. Vieytes 1710. (C1275AGT) Ciudad Aut?noma de Buenos Aires
Te : 4349-1111 int 1001
Fax: 4349-1129
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070816/757826fe/attachment-0001.html
------------------------------
Message: 5
Date: Thu, 16 Aug 2007 10:54:19 -0400
Subject: Re: freeradius stops immediately
To: FreeRadius users mailing list
Content-Type: text/plain; charset=ISO-8859-1
I am trying to run freeradius-1.1.5 but it stops immediately
after executing the command ./radiusd -X
Use 1.1.7.
Alan DeKok.
------------------------------
Message: 6
Date: Thu, 16 Aug 2007 17:38:01 +0200
Subject: Enterasys Mac-auth Dynamic-VLAN
Content-Type: text/plain; charset="iso-8859-1"
Hello to everyone !
I have a problem with Enterasys switch SecureStack A2. It work with 802.1Xand MAC-authentication but the dynamic vlan assignment works only the first
one.
I want use it with the MAC authentication (as with Cisco,HP,...) but the
Enterasys switch don't accept the tunnel attributes that the Radius server
send it.
It seems that these are accepted only with 802.1X autentication.
I use Freeradius with Mysql so I would want to know if there is a way to
say to Freeradius to use the Calling-Station-Id as password for EAP module
and use DEFAULT user for every authentication.
Thanks a lot for your support.
Fabrizio Stoppani
-------------- next part --------------
An HTML attachment was scrubbed...
https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070816/f40aa145/attachment.html
------------------------------
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest, Vol 28, Issue 56
************************************************