Ubuntu Networking :: 802.1x Port Based Authentication With EAP And Radius
Apr 5, 2010
I was asked to setup 802.1x Port Based Authentication for users connecting to a Managed Cisco Switch. From what I was told, it should work like this:
- User plugs workstation into switch.
- Workstation asks user for radius credentials.
- Workstation is then able to authenticate to the Radius server.
- After workstation is authenticated, the switchport then becomes unrestricted and allows the workstation to communicate on the network.
View 1 Replies
ADVERTISEMENT
Jun 25, 2010
this is all I need simple VPN with authentication to external Radius server. Here is what I have done to try and get this goal accomplished. 1st try using PPTPD and Radius plugin No matter what I have tried (long explanation here [URL].. I can't get PPTPD to talk to my Radius server, even though I can authenticate using the same server and radius server using pam radius. PPTPD just won't, and so far the POTOP mail list has been quiet since my post to them and no replies/ideas in my other post, see forum link above.
2nd try using OpenVPN and their pam auth plugin. I give up on this one! I have the server working great BUT! As soon as I enable the plugin /usr/lib/openvpn/openvpn-auth-pam.so in the config I get this when trying to start the VPN server. kernel: [3725586.167177] openvpn[28364]: segfault at 0 ip 00007fd6e5e38fb4 sp 00007fff434f18f0 error 4 in openvpn-auth-pam.so[7fd6e5e38000+3000] Google turns up nothing on Segfaults on the openvpn-auth-pam.so Ug at my wits end, anybody have any other suggestions? I'm at a total loss ATM.
View 1 Replies
View Related
Sep 25, 2009
i want to authenticate user (client) via switch to the radius server(CentOS)Can anyone tell me the authentication/authorization configuration that should be made in the switch (huawei) and the radius server(centos).Esp. the main files under /etc/raddb/ in the Server& the configuration to be made under the radius server template "test"( as of my case)...
View 1 Replies
View Related
Sep 25, 2009
I have opened/added the ports 1812 and 1813 (both tcp & udp) for radius server in the firewall.
when i use the command : telnet localhost 1812 , the connection says "refused", i get the following messages code...
View 2 Replies
View Related
Jan 26, 2011
I have intalled RADIUS server on one machine which has fedora 10. I have installed freeradius-server-2.1.10 on it(server machine IP 10.150.110.42).
I have one more machine with redhat linux on which i have installed pam_radius-1.3.17(client machine IP 10.150.113.4).
I have done the follwoing configuration at both sides
SERVER SIDE.
users file
"vijay" Auth-Type := Local, Cleartext-Password == "123qwe", NAS-IP-Address == "10.150.113.4"
Reply-Message = "Hello, %u"
[Code]....
Above mentioned is my configuration. when i try to connect client with SSH it is not sending a request for authenticating user to RADIUS server. what else configuration i have to do, or if there are any mistakes in my configuration
View 2 Replies
View Related
Mar 22, 2016
How to configure Web authentication against RADIUS server on Debian Jessie, because the package libapache2-mod-auth-radius is not available on debian mirrors.
I would like to know what happened to this package and what is the newest way to configure radius auth. Some people have told me to compile this package, but is there not an easier way to do that?
View 1 Replies
View Related
Jan 10, 2010
I want to configure SSH key-based authentication and SSH password Authentication in same machine for different user .
View 1 Replies
View Related
Sep 30, 2010
I have 3 gateways in my office. I want to redirect all web traffic (port 80 and 443) through one gateway and ssh connections through other one. All machines have single network interface. For this what I did is created an ip alias et0:1 and assigned ip to it. Then wrote an ip route rule to route packets from eth0:1's ip to other gateway. All other traffic will go through default gateway. But here I am not sure how I can make web browser to use eth0:1's ip. It's using eth0 's ip. I wrote a ip table rule to change source ip of http packets to et0:1's ip. But rule is on POSTROUTING chain. So I think it's happening after routing.
View 4 Replies
View Related
May 24, 2009
I have problem with port based routing for local traffic. I can't use trick with iptables -t mangle, ip route table 1, ip rule fwmark table 1 because it works only with forwarded packets. I can't even use patch-o-matic because it's obsolete. And xtables-addons doesn't contain support for "-j ROUTE" yet.
View 2 Replies
View Related
Nov 18, 2010
I want to connect to the same machine that that I have OpenSSH server on which uses keys and I have disabled password-based logins (for ssh). Apparently, this also affects SFTP which makes sense. How do I setup SFTP to use key-based authentication?
View 5 Replies
View Related
Jul 25, 2010
Install and configure Samba as a primary domain controller with LDAP on Linux.i setup it step by step following article without error until step 10.i want to join windows client when press user name and password for domain then display message:The following error occurred attempting to join the domain BIGTIME:
The network path was not found.
View 3 Replies
View Related
Feb 18, 2010
I want to do a simple port redirect, i.e. whatever comes trough whatever interface on port AAAA will get redirected to port BBBBI thought that iptables -t nat -I PREROUTING --source 0/0 --destination 0/0 -p tcp --dport AAAA -j REDIRECT --to-ports BBBBhowever it doesn't work, e.g. nc -v -w2 -z localhost AAAA gives:
nc: connect to localhost port AAAA (tcp) failed: Connection refused
while
nc -v -w2 -z localhost BBBB
[code]....
View 10 Replies
View Related
Jun 10, 2009
i installed freeradius 2.1.3 on fedora 10 and want to use it with ieee802.1x using peap. when i run command to start radius service in debug mode the following output come
[Code]....
View 4 Replies
View Related
Jan 29, 2011
I'm a NOOB setting up Postfix but managed quite well by following the Ubuntu Server guide. I have managed to set it up using SSL but testing a mail client like thunderbird I can also connect to port 25 using no authentication. Connecting using SSL on port 465 by editing "master.cf" file works but 25 i still open.
1. How do I prevent clients to connect to port 25 without authentication?
2. I guess I have to have port 25 open in order to receive mail from the outside world?
View 2 Replies
View Related
Mar 22, 2010
Having trouble visualising how IP-Based Virtual Host (with SSL) would work. Here is my vhosts.conf file:
Code:
#Define Name Virtal Host
NameVirtualHost 10.10.0.54:80
#Used to replace the main server host. The log file will reside in /var/log/httpd/error_log
[Code]....
How will it work? I will need to forward port 443 to the 10.10.0.55 interface right? Without doing that, there is no way this is going to work... is there? And that means that I can't run more than 1 ip-based SSL virtual host on one machine because I can't forward 443 to two different interfaces.
Also, do I use internal ip address or external ip address in the <VirtualHost > tag? I only have one static public ip.
View 5 Replies
View Related
Aug 7, 2010
When I use the following command:
ssh user@ssh_server -L 5500:localhost:5500 -p 22
everything works fine. I can log in, and local port forwarding is done. Otherwise when I use the command:
ssh user@ssh_server -R 5500:localhost:5500 -p 22
I get an error "remote port forwarding failed for listen port 5500". However when I try remote port forwarding in WinXP by use of putty there is no problem...
View 2 Replies
View Related
Jul 14, 2011
I want to set my ip as static and port forward it through a specific port can anyone help me with this im using ubuntu 10 with 64 bit OS
View 1 Replies
View Related
Apr 4, 2011
I'm trying to use iptables in order to forward all the incoming packets for port 5555 to port 5556 on the same server (192.168.2.101).
I wrote the following commands:
iptables -A PREROUTING -t nat -i any -p tcp --dport 5555 -j DNAT --to 192.168.2.101:5556
iptables -A FORWARD -p tcp -m state --state NEW -d 192.168.2.101 --dport 5556 -j ACCEPT
View 3 Replies
View Related
Feb 20, 2010
I'm using a Debian servers, as router/firwall.. I've two ethernet interfaces into the server, one for wan and one for lan. The i use SNAT so my LAN clients can access the internet throgh the debian router. That is working... Now i want to be able to access servers on the LAN site from the WAN site, and i wanna use port address translation (PAT). I have a FTP server running on a lan server, so i'm trying to portward port 21.
iptables -t nat -A PREROUTING -p tcp -i eth1 -d (WANIP) --dport 21 -j DNAT --to 192.168.1.2:21
When people try to access my FTP from the WAN site, they are redirected to the local FTP server, and they are promted for crendentials, but when the credentials are typed, and the local ftp server should answer the wan request, the connections dies.
The wan clients are being promted for credentials, so they are redirected to the local lan server, but after that the connections dies, so i think there is some kind of nat problem, when the local lan server is trying to respond to the wan request..
Here i my iptables script:
#flush table
iptables -F
#input regler
[code]....
View 6 Replies
View Related
Feb 12, 2009
I make an application on GNU/Linux which listening on a MULTICAST stream, so I open my unconnected socket, bind it on a MULTICAST address and a port, join the multicast group with the "setsockopt (IP_ADD_MEMBERSHIP)", then I receive datagram on my socket.
Now I've two different instances of the same application that run with their own MULTICAST address and port. And what I found strange is that, after a misconfiguration, I switch the ports, for example:
Emitting on 225.0.0.1/23451 and 225.0.0.2/23452
Receiving on 225.0.0.1/23452 and 225.0.0.2/23451
And my receiving part doesn't care about the MULTICAST address, it looks like the socket is listening on the port number only! I mean that the receiver [225.0.0.1/23452] take its datagrams from emitter [225.0.0.2/23452] and vice-versa!
View 2 Replies
View Related
Apr 25, 2009
How can i redirect data received on a port to another port located in a different machine? Can i do this using IPTABLES ?
View 4 Replies
View Related
Mar 25, 2010
I have a mail server on which I would like to block port 25 on my eth0 for everyone except our external spam filter. the problem is that I want our users to be able to connect via port 10025 which is forwarded to port 25, which then is blocked...
View 2 Replies
View Related
Oct 24, 2010
I had to add them to my firewall script when I installed openvpn on my dd-wrt router:
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I INPUT -i tun0 -j REJECT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
what should I add/change to set up port forwarding of port 1000 to ip 192.168.1.200. also how to get the answer sent by 192.168.1.200 follow the same route used by the data received through port forwarding.
View 1 Replies
View Related
Aug 30, 2010
i have an embbeded hardware that uses bootp for booting from a Network Managemnt Host (NMH)on the same ethernet. The embedded hardware has both kind of ports i.e ethernet as well as E1/T1. I would like ask, what do i require to establish a communication-link between the embedded hardware and the NMH throuh E1/T1 ports of embedded hardware, so as to make it boot through from E1/T1. Further, NMH possesses only ethernet port. Just to refine my questions i'd like to know what additions do i need to do on my NMH , like may be i have to put an E1/T1 port or is it possible that the E1/T1 port can be directly connected to an ethernet port on the other host.
pardon me if i am not making absolute sense here as my knowledge is limited on Layer 1 and layer 2.
View 3 Replies
View Related
Aug 23, 2010
how to access networking port and run scripts on that port so as to gain access of remote machine.is that possible through command prompt or through software.
i kno ip address of my frnd who is chattin with me .okay.i want to run an application on his computer .i came to kno tht we can run script o through port
View 2 Replies
View Related
Aug 14, 2009
I installed ZTE MF 626 modem in my F10 with kernel 2.6.27.12-170, i run usb_modeswitch and so far things happened normally. Watching through /var/log/messages it says that F10 detects two port device for this modem: ttyUSB1 and ttyUSB2, and in the sequence it disable port ttyUSB1 BUT Network Manager still set this port.I mean, when i connect via wvdial appointing to ttyUSB2 i get connection, but Network Manager fails to do it appointing to ttyUSB1. How to change device port in Network Manager?
View 1 Replies
View Related
May 20, 2011
I just wanted to share something with you all. If this belongs somewhere else let me know.I got the idea from this thread.I wanted the show mouse effect to not rotate around my mouse (just a preference)and have the emitters directly under my cursor. So by editing two files it gave me the desired effect to an extent.
1. Just in case back up your compiz settings.
2. Open a terminal and type - sudo nautilus . It'll ask for your admin password.
3. The file manager should now be open, go to /usr/share/compiz/showmouse.xml copy the file and rename the copy to showmouse.xml.bak.
4. Open showmouse.xml with the text editor.
5. Scroll down to the bottom and look for the "radius" section. Go to the <min>10</min> entry and change it to 2. Save.
6. Go to /usr/lib/compiz/libshowmouse.so copy the file and rename the copy to libshowmouse.so.bak.
7. Open the file with Ghex and search for the string radius on the right side of the search box.
8. It'll look like a jumble of words, but look after the word radius and find <min>10</min> change to 2. Save.
9.Compiz should now disable itself.
10. Reboot and re-enable Compiz and try out the show mouse plugin, it should now allow you to use a smaller radius.
View 1 Replies
View Related
Apr 24, 2010
I am working on a set up, and I like to be able to toggle compiz on and off, or toggle dualscreen on and off. The thing is, I also have conky on my desktop as well as a terminal window embedded in my desktop (that requires compiz). So, when I turn comiz off, or resize my desktop, I want to be able to reposition conky/embedded-terminal and the terminals position is relative to my conky position and the size of my virtual desktop.
I can do this all fine, except that to reposition the terminal I need to kill it then reopen it. But if I kill gnome-terminal it kills ALL gnome-terminals instead of just my embedded one. How can I specifically close my embedded one and leave any others untouched? Lets say that the title of my embedded terminal is "trans777"Also, the trans777 titled gnome-terminal will be killed when compiz is not running.
View 1 Replies
View Related
Dec 27, 2010
I need to set up a Radius server for use in an ISP which will be wireless internet only.
I had thought to use Centos maybe and install and somehow configure Freeradius.
I have little experience with Linux, but am a Windows Admin, and use Linux a little.
My questions would be: Is there a best distro that i should use?? I have used Ubuntu the most, but not sure if it is best to use for this project.
Freeradius website has documentation but it doesnt tell me much about how to get it all up and running, What we want is Authentication and Accounting and from what i can see Freeradius is a good option? Is there anything better that i can use? We will be eventually having approximately 5000 clients.
View 3 Replies
View Related
Sep 30, 2010
I have installed FreeRadius to a Debian Linux server.
I have configured an account called Support to run the Radius as I didnt want Root to be the user to run this.
I want Radius to start up automatically after the system is rebooted but I don�t know how to do this. I am new to Linux so please bare with me. If the system is rebooted, is it possible for the Support account to be logged in automatically? Is there a script I can create to automatically login the Support account? This may not be secure but it has been requested. Also the main question is after a reboot can the Radius be configured to automatically start without the need for someone to login? So if the system is rebooted and then goes back to login prompt, can the Radius then be running?
I have had a good search about scripts but with my limited knowledge it isnt too easy.
So far Ive read it says to create a script in /etc/init.d which Ive done and named start-my-radius.sh I think Ive made It execuatable by chmod 777, if thats right?
The script looks like this:
But I dont know if thats even right? The radiusd is located in the /usr/local/sbin/ and the radacct and radius.log is located in / usr/local/var/log/radius
Some stuff I have read says it needs to link into /etc/rc.d but there isnt a rc.d directory, I have other rc directories which are rc1.d rc6.d.
After reading it also said something about using rc.radiusd which will automatically start Radius after a reboot, but again I cannot understand exactly what I need to do.
Let me know if I am on the right track? Will the start-my-radius.sh script work after the system is rebooted without someone actually login and how do I get it to work?
View 1 Replies
View Related
