Quantcast

dhcp+radius

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

dhcp+radius

Kevin Zhang-4

Hi,

 

How do I configure Radius server to work with DHCP server, so the client will authenticate with Radius first

before DHCP will assign it an IP?

 

Kevin SZ


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: dhcp+radius

tnt-5
There is nothing to configure. It works that way.

Ivan Kalik
Kalik Informatika ISP

Dana 25/3/2008, "Kevin Zhang" <[hidden email]> piše:

>Hi,
>
>
>
>How do I configure Radius server to work with DHCP server, so the client
>will authenticate with Radius first
>
>before DHCP will assign it an IP?
>
>
>
>Kevin SZ
>
>
>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: dhcp+radius

Kevin Zhang-4
Hi Ivan,

Thanks for your reply. But how do DHCP know NOT to give the IP to the client
When the authentication fail on RADIUS?

Kevin SZ

-----Original Message-----
From: freeradius-users-bounces+kzhang=[hidden email] [mailto:freeradius-users-bounces+kzhang=[hidden email]] On Behalf Of Ivan Kalik
Sent: Tuesday, March 25, 2008 4:51 PM
To: FreeRadius users mailing list
Subject: Re: dhcp+radius

There is nothing to configure. It works that way.

Ivan Kalik
Kalik Informatika ISP

Dana 25/3/2008, "Kevin Zhang" <[hidden email]> piše:

>Hi,
>
>
>
>How do I configure Radius server to work with DHCP server, so the client
>will authenticate with Radius first
>
>before DHCP will assign it an IP?
>
>
>
>Kevin SZ
>
>
>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: dhcp+radius

tnt-5
Because it will never be asked for one. PPP negotaiation will not reach
that stage.

Ivan Kalik
Kalik Informatika ISP


Dana 25/3/2008, "Kevin Zhang" <[hidden email]> piše:

>Hi Ivan,
>
>Thanks for your reply. But how do DHCP know NOT to give the IP to the client
>When the authentication fail on RADIUS?
>
>Kevin SZ
>
>-----Original Message-----
>From: freeradius-users-bounces+kzhang=[hidden email] [mailto:freeradius-users-bounces+kzhang=[hidden email]] On Behalf Of Ivan Kalik
>Sent: Tuesday, March 25, 2008 4:51 PM
>To: FreeRadius users mailing list
>Subject: Re: dhcp+radius
>
>There is nothing to configure. It works that way.
>
>Ivan Kalik
>Kalik Informatika ISP
>
>Dana 25/3/2008, "Kevin Zhang" <[hidden email]> piše:
>
>>Hi,
>>
>>
>>
>>How do I configure Radius server to work with DHCP server, so the client
>>will authenticate with Radius first
>>
>>before DHCP will assign it an IP?
>>
>>
>>
>>Kevin SZ
>>
>>
>>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: dhcp+radius

Sven 'Darkman' Michels
In reply to this post by Kevin Zhang-4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Kevin Zhang wrote:
> Hi Ivan,
>
> Thanks for your reply. But how do DHCP know NOT to give the IP to the client
> When the authentication fail on RADIUS?

When you configure your switch, you can tell him what to do when auth
fails. You can shutdown the port or put him into another vlan - without
dhcp for example.

HTH,
Sven
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFH6ZUZQoCguWUBzBwRAvIRAKCt8fL1/Z9V89UwnbD864cCO3/8dwCfUaCe
xDu+BoIAxx7nqKdHqQQ2/JM=
=8B6r
-----END PGP SIGNATURE-----
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: dhcp+radius

Kevin Zhang-4
In reply to this post by tnt-5
Hi Ivan,

Thanks again for the reply. Actually my scenario is like this:
I have a box needs to be installed via PXE. The box will send out its mac
address to get the ip of tftp server and the location of pxelinux.0.
Without Radius, the box will talk to DHCP server directly for all
The information it needs. If I want to implement the authentication
Using RADIUS so net boot will continue only after the
authentication succeed. I just want to know where RADIUS fit into
this model step by step.

Kevin SZ


-----Original Message-----
From: freeradius-users-bounces+kzhang=[hidden email] [mailto:freeradius-users-bounces+kzhang=[hidden email]] On Behalf Of Ivan Kalik
Sent: Tuesday, March 25, 2008 5:03 PM
To: FreeRadius users mailing list
Subject: RE: dhcp+radius

Because it will never be asked for one. PPP negotaiation will not reach
that stage.

Ivan Kalik
Kalik Informatika ISP


Dana 25/3/2008, "Kevin Zhang" <[hidden email]> piše:

>Hi Ivan,
>
>Thanks for your reply. But how do DHCP know NOT to give the IP to the client
>When the authentication fail on RADIUS?
>
>Kevin SZ
>
>-----Original Message-----
>From: freeradius-users-bounces+kzhang=[hidden email] [mailto:freeradius-users-bounces+kzhang=[hidden email]] On Behalf Of Ivan Kalik
>Sent: Tuesday, March 25, 2008 4:51 PM
>To: FreeRadius users mailing list
>Subject: Re: dhcp+radius
>
>There is nothing to configure. It works that way.
>
>Ivan Kalik
>Kalik Informatika ISP
>
>Dana 25/3/2008, "Kevin Zhang" <[hidden email]> piše:
>
>>Hi,
>>
>>
>>
>>How do I configure Radius server to work with DHCP server, so the client
>>will authenticate with Radius first
>>
>>before DHCP will assign it an IP?
>>
>>
>>
>>Kevin SZ
>>
>>
>>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: dhcp+radius

Sven 'Darkman' Michels
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

if you don't mind i answer ;)

Kevin Zhang wrote:

> Hi Ivan,
>
> Thanks again for the reply. Actually my scenario is like this:
> I have a box needs to be installed via PXE. The box will send out its mac
> address to get the ip of tftp server and the location of pxelinux.0.
> Without Radius, the box will talk to DHCP server directly for all
> The information it needs. If I want to implement the authentication
> Using RADIUS so net boot will continue only after the
> authentication succeed. I just want to know where RADIUS fit into
> this model step by step.

IMHO nope. pxeboot occours at the beginning when nothing is running on
the box. So all you have at this time is your pxeloader, no
"supplicant". You need a kind of "isolated" lan where you can install
via. pxe (and maybe nothing else) and after your client is installed
(make sure that you have a supplicant/radiusclient installed on it) you
can use your radius to get into another vlan.

Regards,
Sven
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFH6ZvZQoCguWUBzBwRArleAJ9YjR6nVzfBqhJwgJb/UcyzheYyEQCcCgAw
4mQaELzSUj+0USKALuhdmTw=
=aZN2
-----END PGP SIGNATURE-----
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Loading...