FreeRadius: PPTP - RADIUS and client IP address
-
I sent the diff files for freeradius.inc and freeradius.xml that were made by jeroen before. But I think he has updated one which have more fuctions.
-
Hey, I was following this thread hoping it would help with our current issues.
I currently have pfsense using pptp and authenticating against our PDC (Win2k3 using microsoft internet authentication service) I know it's microsoft, but our entire company is AD driven and we need to integrate to a single directory service for centralization.
anyway this works fine for authentication, but what we would really like is the ability to have granular firewall control to VPN users.
So basically I am just checking, since microsoft's method also supports assigning static IPs to users, will this new code follow that, and actually assign the ip that radius tells it to? and if so, when will this feature be available to users?
We are hoping to impliment some kind of granular VPN setup very soon, so if there is a way we can apply it (if I just need to apply diffs to the above mentioned code or what) let me know.
Thanks!
-
I have probed other devs and they are interested.
Please email me a final patch set to sullrich@gmail.com
-
currently interested in merging radius code, however lack of time prohibits me from merging it this month. Perhaps somewhere after mid march.
-
Databeestje,
Any update on merging the radius code?
Regards,
Mon
-
Unfortunately I have not had the time at all to even look at it. There have been some other pressing matters I needed to take care of.
Also I have been a bit burned out recently the prevented me from participating in the project. As time permits i'll look at it.
-
databeestje,
Thanks for the update. Sorry to hear you are so busy.
Can anybody else take on this responsibility? I would if I could but I can't! i.e. i'm just a mere mortal.
Regards,
Mon
-
BUMP
-
Any update on this - it has been quite a while now!
-
BUMP
Any updates?
-
i saw great features being added to freeradius at some previous page. How can i add the diff files to my current freeradius files?
Edited : nevermind, i just managed to change the code manually using console. Great job to great writers!
-
azmihamzah,
Sorry for being a bit stuupid - but can you (or anybody else) tell me how you exactly applied the patches/updated code?
-
OK,
I have the four diff files and have located where the files to be patched are on the pfsense server:
/usr/local/pkg
–------------------
freeradius.inc
freeradius.xml/usr/local/www
vpn_pptp.php
/etc/inc
vpn.inc
However, I don't know how to patch the files. The thread has information and links on how to make the diff files. but how do you actually apply/patch these diff files? Can you copy the patch file to the pfsense server and run a command to perform the patch?
Please can somebody provide some simple instructions on how to apply these patches.
Cheers!
-
i just scp -ed to my box and edited those files manually, it took much time and concentration, but it works! I don't know the simpler method…
-
I'm running PFSense 1.2 RC3. The diff files were a little out of date for 1.2 RC3 so I manually applied them. I'm attaching the modified files for anyone who is interested. To use them make sure you are running the same version of PFSense, enable SSH on PFSense, rename the files removing the '.txt' from the filename. Then use sftp to copy them onto your PFSense machine.
I'm working on adding more features to FreeRadius and thought I should first start with the updates that have already been made up to this point. When I have completed the additions then I will create a diff and patch file.
Best Regards to the PFSense team and users.
freeradius.inc.txt
freeradius.xml.txt
vpn.inc.txt
vpn_pptp.php.txt -
Please send me diffs of the files to coreteam@pfsense.com and I will get the changes commited. Thanks for working on this.
-
I created the diff files and sent them to coreteam@pfsense.com. I built them using the following commands:
cd /usr/local/pkg
diff -rub freeradius.xml freeradius.xml.txt > freeradius.xml.diff
diff -rub freeradius.inc freeradius.inc.txt > freeradius.inc.diffcd /usr/local/www
diff -rub vpn_pptp.php vpn_pptp.php.txt > vpn_pptp.php.diffcd /etc/inc
diff -rub vpn.inc vpn.inc.txt > vpn.inc.diff -
As mentioned in a previous post I'm working on additional features to the PFSense Freeradius package. I wanted to add database support for multiple databases. The GUI is ready to go the config file is correctly edited for MySQL and then the snag… The FreeRadius package used does not have MySQL driver support compiled in.
Modifying a BSD Package is a bit beyond my current knowledge however I'm willing to learn if someone will point me in the right direction. Anyone want to add PostgreSQL, MySQL, and Oracle libraries to the BSD package that the PFSense FreeRadius add on uses?
One other option would be to use have the install pickup the FreeRadius Port and desired database client libraries and compile them during the install of the PFSense package. Is it okay to use Ports in the install of a Package? If so is there any PFSense Packages that install/compile a BSD port that can be used an example? I'm guessing it is just a matter of fetching the port remotely, extracting it and starting the compile?
Any recommendations, suggestions or help is appreciated.
-
Today I searched for how to create a package and found that it can be generated quite easily with a port.
http://www.onlamp.com/pub/a/bsd/2003/08/07/FreeBSD_Basics.htmlIn short you can navigate to /usr/ports directory and choose the specific port you want to use to create a package. Then run the following:
make packageThe easiest way to have access to /usr/ports seems to be the developers edition of PFSense.
Will be doing some testing soon to install the MySQL client libraries and then create the package. Hopefully the new FreeRadius package will then compile in the MySQL support. If successful I will experiment with other database vendors and finish up the new changes.
-
i applied the patches to HEAD and RELENG_1… should work, i hope...
cybrsrfr: please have a look at the timeline / cvs to crosscheck if it's correct...