username = # 'g=C5=82up.w=C3=B3r'
ORDER BY priority
# rlm_sql_mysql: query: SELECT groupname FROM radusergroup # WHERE
username = 'g=C5=82up.w=C3=B3r' ORDER BY priority
the username is encoded as
g=C5=82up.w=C3=B3r
both UTF-8 encoded characters (=C5=82, =C3=B3) were
On 12/16/2010 08:14 AM, John Dennis wrote:
On 12/16/2010 04:25 AM, karnik jain wrote:
Ok, I understood your point.
But as per RFC 2865,
what is the meaning of then UTF-8 encoded 10646 [7] characters, *the [7]?*
*7 stands for what over here?*
**
And one more thing as per RFC 2865,
1) As per
with something like this:
...
IF('%{Some-Trigger-Attribute}'=TRIGGER-VALUE,
UNHEX('%{Called-Station-Id}'), '%{Called-Station-Id}'), \
...
A little bit of overhead to every query, but I suspect it will be
manageable on our network. Alternatively, I suppose I could do
Ah, it occurred to me I might know where your confusion is coming from. In
an earlier email you referenced the iconv encoding library and asked
shouldn't FreeRADIUS be encoding/decoding text. The answer is no. The reason
why is because radius implementations treat text as an octet string (e.g
that :-)
The remaining issue occurs only when the base64-encoded SSHA password
starts with the two characters 0x or 0X. In that case, FreeRADIUS
thinks oh, a hex number, let's decode it - while the input is not a
number at all.
Doesn't lead to crashes, but auths going wrong. And, IIRC, that kind of
failed
username
--domain=STRING domain name
--workstation=STRING workstation
--challenge=STRING challenge (HEX encoded)
--lm-response=STRING LM Response to the challenge
as a stdio-based helper
--username=STRINGusername
--domain=STRING domain name
--workstation=STRING workstation
--challenge=STRING challenge (HEX encoded)
--lm-response=STRING
encoded)
--lm-response=STRING LM Response to the challenge
(HEX encoded)
--nt-response=STRING NT or NTLMv2 Response to the
challenge (HEX encoded
On 18/05/11 17:22, Gary Gatten wrote:
If one has (just for example) 1000 groups, this is a lot of overhead
Sure (I did see your query the other day - I just haven't had a chance
to write up a reply, but see below)
- checking every group. Also, what if they belong to several groups?
Well
, value, op FROM radcheck
WHERE username = 'james' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'james' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id
- authorize_group_check_query
3- authorize_reply_query
4- authorize_group_reply_query
5- simul_count_query **returns 1**
6- simul_verify_query
7- accounting stop query **performs a stop in the previously established
session**
8- postauth_query
9- accounting_start_query
10- accounting_update_query (updates the radacct table
num_sql_socks = 5
# number of seconds to dely retrying on a failed database
# connection (per_socket)
connect_failure_retry_delay = 60
# Safe characters list for sql queries. Everything else is
replaced
# with their mime-encoded equivalents
# number of seconds to dely retrying on a failed database
# connection (per_socket)
connect_failure_retry_delay = 60
# Safe characters list for sql queries. Everything else is
replaced
# with their mime-encoded equivalents.
# The default list should
unusual) or store the
password not literal in the database, but properly encoded. the rlm_sql
module will then take the user's password, encode it, and check it against
the same-encoded string in the database.
Of course, the problem might also be that your shared secret for this client
isn't correct
the
password not literal in the database, but properly encoded. the rlm_sql
module will then take the user's password, encode it, and check it against
the same-encoded string in the database.
Of course, the problem might also be that your shared secret for this client
isn't correct, as the end
: query: SELECT groupname FROM radusergroup # WHERE
username = 'g=C5=82up.w=C3=B3r' ORDER BY priority
the username is encoded as
g=C5=82up.w=C3=B3r
both UTF-8 encoded characters (=C5=82, =C3=B3) were treated as separate
characters (=C5, =82, =C3, =B3).
I found sth about
%{tolower: ...string ... }, which returns the lowercase
+version of the string.
+
+ Bug fixes
+ * Fix endless loop when there are multiple sub-options for
+DHCP option 82.
+ * More debug output when sending / receiving DHCP packets.
+ * EAP-MSCHAPv2 should return the MPPE keys when used
with information
regarding the Online Users.
general_finger_type: snmp
What should be the default quering method of the nas. It can be 'snmp' (for
snmpfinger)
or empty to query the radacct table without first querying the nas
general_snmpfinger_bin: %{general_base_dir}/bin/snmpfinger
This probably does
18 matches
Mail list logo
