Server :: Allow Wireless Clients Access To Network Based On Their MAC Address?
Jan 11, 2011
Using CentOS 5.5, FreeRADIUS 2.1.7.
Objective is simply to be able to allow wireless clients access to my network based on their MAC address (I have about 10 WAPs around the country which I need to be able to manage user access centrally). Not interested in LDAP or dishing out keys/certificates etc.
I have been trying to follow the guide here. Sounds like it's exactly what I need but I'm not sure about a few things.
1) For each of the conf files am I supposed to be replacing everything currently existing in the respective file with what is suggested?
2) "raddb/modules/file" does not exist, so I assume I should use "raddb/modules/files"?
3) If I uncomment the line:
Code:
#rewrite_calling_station_id
under the "raddb/sites-available/default authorize{}" section, the radiusd startup gives me the following error:
/etc/raddb/sites-enabled/default[69]: Failed to find module "rewrite_calling_station_id".
If anyone familiar with FreeRADIUS 2 could answer these queries I might be on the right path
Im trying to setup dhcpd to put certain systems witch have mac address starting with 08:00:* in a certain ip class. How can this be done?So any system with mac address starting with 08:00 to get an ip from this range 192.168.12.2-192.168.12.99.
I would like to install Linux based AntiVirus Server with Windows Clients. As per the existing setup, all Windows machines are using "demo" or "evaluation" copy of antivirus & all antivirus softwares are not same on all windows computers.
Someone is using Trend-Micro ,other is using Avast. Due to above listed problem,i want to implement Linux Based Free AntiVirus Server,which will be connected directly on the internet. The Linux AntiVirus server will updated it's database from Internet automatically.
Inside the Linux Server,all Windows PC's are connected in a same Local Area Connection. All windows XP computers will fetch the updated data from the Anti Virus Server. Also,i am searching MAIL RESPONDER OR POP UP Windows,when any virus found on any client machine. My company needs Cost Effective solution & Linux is the best solution for this.
I am trying to configure my Linux router to restrict Internet access for one computer on my LAN. It needs to be restrictive based on the time of day and the days of the week. I am using the MAC address of the computer to single out the one computer that needs to be blocked. However, this is my first attempt at making any rules with iptables, and I am not sure if I am doing this right. If some one can take a look at this I would greatly appreciate it. This is what I have done so far.
Here is my thinking. Create a new target. Check the MAC address, if it is NOT the offending computer return to the default chain. If it is the offending computer check that we are between the allowed hours and dates and ACCEPT. If we are not within the time/date range then drop the packet.
Code:
Here I am trying to route all packets regardless of the computer on the LAN into the blocked_access chain for checking.
Code:
Is it a good idea to route all traffic through the blocked_access chain? I do run other servers that are accessible from the Internet, so I am not sure how this setup will affect that. I also use shorewall on the router to setup iptables for me. How would I integrate this with shorewall?
I am using squid to block access when he is using the web browser. However, he is still able to play games(World of Warcraft) and the like.
I am using Debian sid, iptable(1.4.6), shorewall(4.4.6), kernel 2.6.32-trunk-686.
I have installed Fedora 10 on my A860 Dell Vostrol Laptop with AR242X Atheros Wireless card. Wireless card worked out of the box and i could detect wireless network and connect to it. But i have a problem that, my wireless connection is not able to get IP address from the DHCP server. Please help me out what can i do to get this working. I am using WEP security and authentication is open system.
I have windows 7 beta installed on the same machine and on that wireless network works fine so i am sure that there is no problem with the wirless network. I am using DIR-300 router from D-LINK. I tried to see packet log on wireshark and there i see that there is no reply to the DHCP discover message. Actually i don't see any RX packets at all. Which is not normal as there is traffic on the network.
On my server I've a OpenVPN gateway and a DNS bind9 serveur At the moment, OpenVPN send opendns address to the clients and it works fine. I would like to use my DNS server for my clients to work with any DNS address. Here is OpenVPN config :
I'm having really weird and frustrating DNS issues with my clients unable to properly resolve the server's ip address. They can resolve each other's, and outside systems, but not the server - at least, not correctly, and not all the time.
I have one Ubuntu server set up that does both DHCP and DNS serving to the Windows systems. The server has DNS forwarding turned on to forward to OpenDNS's servers (I've tried using my ISP's dns servers but the problem remains). The server is *not* set up as a firewall; I am actually using a DLink router for that, and the Dlink is *not* set up to serve up DHCP nor DNS.
What I am getting is that my clients - and there are nothing but Windows clients - will not resolve the name of the server. For example, if I do: ping linuxserver
I get back a false IP address of 192.168.0.64 (and I've seen once a 192.168.2.49).
If, however, I put a dot in there: ping linuxserver.
I get back the *correct* IP address of 192.168.0.2, and thereafter, ping'ng linuxserver without the dot will work. Until the dns cache expires, either naturally or with ipconfig /flushdns on the windows clients.
The client *are* getting valid dhcp leases and can resolve everything happy-happy, they just will not get the proper address of the server 100% of the time.
I need to block mac address in my network then i foolowed as below acl's but am getting output as follows I tried as in /etc/squid/squid.conf acl block arp aa:aa:yy:yy:xx:xx http_access deny block but it give me error as like: - (This is the output of # squid -k parse) aclParseAclLine: Invalid ACL type 'arp' FATAL: Bungled squid.conf line 1234: acl block arp aa:aa:yy:yy:xx:xx squid Cache (Version 2.5.STABLE6): Terminated abnormally.
i have successfully setup PPTPD on my server and I can open a VPN tunnel but my clients can only ping the server's IP, they don't have access to the internet through the VPN.
i have searched different forums and understand that I have to create a route on the server to route packets between the VPN interface and my internet gateway, but I didn't manage to get this work.
here is what my setup looks like:
Code: root@r31495:~# ifconfig eth0 Link encap:Ethernet HWaddr 00:1c:c0:c7:13:35 inet addr:94.23.197.XX Bcast:94.23.197.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
I'm curious but recently I was troubleshooting some iptables rules to allow nfs clients access to my nfs server. What was strange was that I setup a tcpdump session on my nfs server so that I can see which ports were being requested. I ran several tcpdump sessions with the following filters in place.
tcpdump -vv src ip_of_client and dst _ip_of_client tcpdump -vv src hostname_of_client and dst hostname_of_client
However, the only packet I ever saw come over the wire to me was the client host asking for a arp resolution. Anyhow, I finally just ran 'rcpinfo -p' and added those ports to my iptables rules and it worked great. However, I would like to understand how nfs works in case I need to troubleshoot it in the future. I do understand that nfs uses portmappers, would this explain the behavior?
I can't seem to get the X server to allow access from clients on other hosts. (I know, not exactly a network problem, but. I made the change in /usr/share/gdm/defaults.conf to be : DisallowTCP=false
and this worked on another CentOS system, but it hasn't fixed it on this one. What other things could prevent other clients from connecting to the X server? From the local host, I get :
Warning: Tried to connect to session manager, Authentication Rejected, reason : None of the authentication protocols specified are supported and host-based authentication failed although the client DOES actually create the window and work! So, maybe this message is a clue.
From the remote host, I get : Error: Can't open display: 10.10.1.20:0.0 Which is not terribly informative. Is there a log somewhere which details why a connect request was denied? The files in /var/log/gdm are not very informative.
I have a linux box (fedora) with two ethernet cards eth1 and eth2. On eth1 I successfully configured a PPPOE internet connection. Such that from the server I can browse the internet. On eth2 I wired it to a wireless router essentially to provide the wireless cloud. On eth2 I also configured dhcp, such that the Linux box is both PPPOE and DHCP server.However my clients on the LAN cannot access the Internet.
On passing the routing command I get Destination Gateway Iface 196.44.x.y 0.0.0.0 ppp0 192.168.1.0 0.0.0.0 eth2 (my subnet) 0.0.0.0 0.0.0.0 ppp0.
The router (functioning as a wireless access point mainly) has a fixed IP address of 192.168.1.2 and eth2 has IP address 192.168.1.1. The dhcp file running on Linux has been set with option router (Gateway) 192.168.1.1. I cannot figure out how to correctly set the routing table such that my clients on wireless can access the internet cloud. I googled and googled but no solid solution. Any suggestions?
When I attempt to connect to a wireless network, the network manager asks me for the network's password, then says 'setting network address' for 20 or so seconds, then asks me for some random Hex or ASCII key in the same type of window I put the password in (Secrets for Noel -- KDE Daemon). Since a key is already typed into the window, I press OK, which then causes the network manager to go back to 'setting network address', then the window pops up again and keeps repeating itself.
I'm running Opensuse 11.4 with KDE, and my driver is ath9k. I don't know much about linux so please don't tell me to 'recompile this' or 'change this setting' without explaining how to do it. Please help, I've been unable to connect to wireless in OpenSUSE for 2 weeks now.
Actually i have to make one share folder on linux in such way that user should only read the documents from shared folder and they should not take prints of that folder.could any one telme what server i should use.?samba or nfs?how can i stop client users to stop taking prints from that shared folder.
Upgraded two machines to 11.3 in the past 2 weeks. NFS is broken on both, in different ways. The problem I'll mention here is that the nfs server is running, but clients can't connect.
The server is running: tinderbox:~ # /etc/init.d/nfsserver status Checking for kernel based NFS server: idmapd running mounted running statd running nfsd running
It has a valid export list: tinderbox:~ # showmount -e Export list for tinderbox: /usr/local/share/common 192.168.1.0/24
The export exists: tinderbox:~ # ls -lR /usr/local/share/ /usr/local/share/: total 4 drwxrwxrwx 2 root root 4096 Jan 2 12:10 common
/usr/local/share/common: total 0 -rw-r--r-- 1 root root 0 Jan 2 12:10 test.txt
But attempts to mount the export are unsuccessful, both from the local machine: tinderbox:~ # mount.nfs 192.169.1.200:/usr/local/share/common /mnt -v mount.nfs: timeout set for Sun Jan 2 12:14:19 2011 mount.nfs: trying text-based options 'addr=192.169.1.200,vers=4,clientaddr=192.168.1.200' mount.nfs: mount(2): Connection timed out mount.nfs: Connection timed out
...and from an OpenSUSE 11.0 machine. moira:~ # mount.nfs 192.169.1.200:/usr/local/share/common /mnt/tmp/ -v mount.nfs: timeout set for Sun Jan 2 11:52:17 2011 mount.nfs: text-based options: 'addr=192.169.1.200' mount.nfs: Unable to connect to 192.169.1.200:111, errno 110 (Connection timed out) mount.nfs: mount to NFS server 'rpcbind' failed: timed out, giving up
I've had NFS running on my local network for over a decade, and never had problems like this before.
us robotics router, trying to access 192.168.2.1, worked on windows xp, just switched to lucidi have tried using both firefox and chrome, neither will access my router
In my work I want to build up a Linux based network, where windows and linux clients are going to share a Thecus network drive.Each client will have specific permissions for accessing the samba shares. I have installed Ubuntu SRV 10.4 with gui and webmin.
I have configured squid proxy on centos 5.5 and some of my squid.conf file has following lines
Code:
http_access allow ncsa_users office
There are 3 users called "user034, user035 and user050" in the /etc/squid/squid_passwd file need to restricted access to internet except sites www.abc.com form anywhere in the lan. Once they logged in any ip, rule should apply.(that means no ip related acl, only user name related) How can I configure this in squid.
I have the problems with transfer speed between samba and Windows XP clients.
Samba server configuration: Quad Core 6600 CPU. 4 Gb RAM OpenSUSE 11.2 with kernel "2.6.31.12-0.1-desktop" Samba - samba-3.5.1-1.1.i586 Test: 4 GB File copying. One file.
Transfer speed from Samba Server to Windows 7 and XP clients: (Windows clients copy file from Server share -> to local drive) From Server to Windows 7 client 1: 85-90 Mb/sec From Server to Windows 7 client 2: 90-100 Mb/sec From Server to XP1 client 3 75-100 Mb/sec
Transfer speed from Windows 7 and XP clients TO Samba Server: (client copy file from local drive -> to server Share) From Server to Windows 7 client 1: 12-20 Mb/sec From Server to Windows 7 client 2: 30-35 Mb/sec From Server to Windows XP client 1 20-27 Mb/sec
(Copying file from Windows local drive to Windows remote share) From Window 7 client 1 TO Windows XP client 1 40-50 Mb/sec From Window 7 client 2 TO Windows XP client 1 50-60 Mb/sec
Copying file from Windows 7 client 2 share -> TO Windows XP client 1 show me 100-120 Mb/sec speed permanent. Copying file from Linux hosts to NFS server is stable 50-90 Mb/sec bidirectional.
This part of my smb.conf file Code: # version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the # samba-doc package is installed. # Date: 2009-10-27 [global] log level = 1 debug level = 0 max log size = 50 .....
I have very slow write speed when copying file from Windows clients to Samba Share. Samba speed is slower than Windows native clients connections ?
My 32-bit Ubuntu 9.10 [Karmic Koala] LTSP server has two NICs, one with Dynamic IP set by a DSL modem and the other with static IP of 192.168.0.254. I also have 4 thin Clients that boot from this server without any problems and another computer with Ubuntu 9.04 running some PHP programs with dynamic IP given by the same DSL modem. When I send requests to these PHP programs from thin clients, they all give the LTSP server's dynamic IP as their IP so I cannot trace who has sent this request to response back.
I actually know this is logical. Because the requests are sent by a program that's actually running on the LTSP server rather than the thin client. But my question is How can I run a program on a thin client with it's own IP? I also should mention that the dhcp3-server service running on the LTSP server has no conflicts with the DSL dhcp on the network and I know that the 4 thin clients get the IPs ranging from 192.168.1.101 through 192.168.1.104 from the dhcp3-server service. Because I can ping them while they're on. but /sbin/ifconfig on them shows info about the LTSP server.
I'm attempting to run a DHCP server on my home network to enable PXE booting for ethernet clients, but I'm having quite a few issues getting it all up and running. I'm not entirely sure what is wrong, but I keep encountering errors in syslog as follows:
Code:
Feb 27 02:26:46 servnerr-1 dhcpd: Wrote 0 leases to leases file. Feb 27 02:26:46 servnerr-1 dhcpd: Feb 27 02:26:46 servnerr-1 dhcpd: No subnet declaration for eth0 (192.168.1.3).
[code]....
Networking is not exactly my strong suit, but I would like to get this up and running if at all possible.
I believe I have the wireless card installed properly and wicd sees the router. When I try to connect I get an error "can not obtain IP address" Output from iwcongif and lspci is.
dillan@dillan-desktop:~$ iwconfig lo no wireless extensions. eth0 no wireless extensions.
I'm using Ubuntu 9.10 and I recently changed certain settings of my router. After that ubuntu isnt able to obtain IP address from this wifi network. I've tried to connect with win 7 and OS X and both of the OSes are able to connect to the same wifi network. I tried to connect ubuntu to another wifi network at school and it connected successfully.
Debian 2.6.32-5-amd64 KDE I have to make one of my computers wireless. i need some product recommendations for a wireless access point & a wireless network card.
I just installed openSUSE dual-boot with windows. Wireless works fine on windows. Only ethernet works on openSUSE. At first, it couldn't even find my wireless network. With my friend's help we experimented and tried everything to find the driver for my broadcam4312 driver.
Later, my friend some update from the official openSUSE peeps... Then, the wireless could my network. I entered in my password and then hoped for the best but then it got stuck on the Obtaining IP Adress part. I know I got the rite password.
I'm using Ubuntu 9.10 and for a while I had no problems connecting to the internet through the wireless network. But recently, my wireless connection started disconnecting regularly. Following an advice I found online, I installed linux-backports-modules-karmic, but after a reboot the wireless device stopped working altogether - it had lost its driver. Since then I managed to associate the device with Broadcom's STA driver, which I had been using before. But now, the wireless device cannot connect to the internet anymore. The network manager's output to /var/log/syslog indicates that the device cannot obtain an IP address. When I run code...
I'm having making network/internet connection with my laptop. I have:Toshiba 1415 S173laptop NetGear WG511T pcmcia card using madwifiNetGear WPNT511 pcmcia card using windows driver via ndiswrapperSlackware 12.2In both cases the card is recognized, and I can get a list of access points with iwlist.I can set the card to connect to the desired access point. I can use dhclient to get an ip address from the remote dhcp server. This works, the card is assigned a valid ip address on the desired network.Once I do this, however, I cannot access any network resources, no Internet, and no other devices on the network can see, ping, or access my laptop. It does this with with both cards, using madwifi or the windows driver via ndiswrapper.
