On 07/02/2013 02:30 AM, Matt Zagrabelny wrote:
If a user is not in the secret group, then their login should fail if
the Vendor-3076-Attr-146 = 0x554d44 pair is in the request.
This is pretty easy:
authorize {
...
if (Vendor-3076-Attr-146 == 0x554d44) {
if (SQL-Group == secret) {
On 01.07.2013 18:34, Alan DeKok wrote:
It's not possible for one proxy radius to send request to different EAP
SIM/EAP AKA radius server (based on certain criteria) ?
When you're proxying an EAP packet, the ONLY criteria you have is the
EAP identity. You do NOT have the EAP type available.
On 2 Jul 2013, at 07:18, Phil Mayers p.may...@imperial.ac.uk wrote:
On 07/02/2013 02:30 AM, Matt Zagrabelny wrote:
If a user is not in the secret group, then their login should fail if
the Vendor-3076-Attr-146 = 0x554d44 pair is in the request.
This is pretty easy:
authorize {
...
On 2 Jul 2013, at 07:41, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
On 2 Jul 2013, at 07:18, Phil Mayers p.may...@imperial.ac.uk wrote:
On 07/02/2013 02:30 AM, Matt Zagrabelny wrote:
If a user is not in the secret group, then their login should fail if
the Vendor-3076-Attr-146
From: Iliya Peregoudov iperegu...@cboss.ru
To: freeradius-users@lists.freeradius.org
Sent: Tuesday, July 2, 2013 2:20 PM
Subject: Re: Using freeradius as proxy for EAP-SIM/EAP-AKA
On 01.07.2013 18:34, Alan DeKok wrote:
It's not possible for one proxy radius to send request to different EAP
Hi
I'll see if I can send through some dictionary file entries later today
Alan
This smartphone uses eduroam which gives me free WiFi around the world. Now
thats what I call smart!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 07/02/2013 07:56 AM, Ming-Ching Tiew wrote:
So this [^@]*@wlan.mncX.mccY.3gppnetwork.org is unique ? All the SIMs
from the same mobile operator will have the same string and it will be
different from another mobile operator ?
Yes, though be aware the pattern given isn't exactly valid; X
On 07/02/2013 07:52 AM, Arran Cudbard-Bell wrote:
This may work for 2.x.x but definitely wont't work for 3.0 which uses
direct DICT_ATTR pointer comparisons in some places (instead of
comparing vendor/attribute number).
So... what *can* you do with Vendor-X-Attr-Y?
-
List
On 2 Jul 2013, at 08:53, Phil Mayers p.may...@imperial.ac.uk wrote:
On 07/02/2013 07:52 AM, Arran Cudbard-Bell wrote:
This may work for 2.x.x but definitely wont't work for 3.0 which uses
direct DICT_ATTR pointer comparisons in some places (instead of
comparing vendor/attribute number).
On 02/07/13 11:37, Arran Cudbard-Bell wrote:
On 2 Jul 2013, at 08:53, Phil Mayers p.may...@imperial.ac.uk
wrote:
On 07/02/2013 07:52 AM, Arran Cudbard-Bell wrote:
This may work for 2.x.x but definitely wont't work for 3.0 which
uses direct DICT_ATTR pointer comparisons in some places
Hi,
We have a generic VPN profile that we'd like to allow *all* users to
login to - this works well.
When users login to the secret profile, then the following VPN
attribute is included in the request:
Vendor-3076-Attr-146 = 0x554d44
use/load the dictionary.cisoc.vpn3000 dictionary file
On 2 Jul 2013, at 11:57, Phil Mayers p.may...@imperial.ac.uk wrote:
On 02/07/13 11:37, Arran Cudbard-Bell wrote:
On 2 Jul 2013, at 08:53, Phil Mayers p.may...@imperial.ac.uk
wrote:
On 07/02/2013 07:52 AM, Arran Cudbard-Bell wrote:
This may work for 2.x.x but definitely wont't work for
On 2 Jul 2013, at 12:15, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
On 2 Jul 2013, at 11:57, Phil Mayers p.may...@imperial.ac.uk wrote:
On 02/07/13 11:37, Arran Cudbard-Bell wrote:
On 2 Jul 2013, at 08:53, Phil Mayers p.may...@imperial.ac.uk
wrote:
On 07/02/2013 07:52 AM,
On 2 Jul 2013, at 12:19, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
On 2 Jul 2013, at 12:15, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
On 2 Jul 2013, at 11:57, Phil Mayers p.may...@imperial.ac.uk wrote:
On 02/07/13 11:37, Arran Cudbard-Bell wrote:
On 2 Jul 2013,
I have a setup where we have three distinct OTP services, one by the
organization and 2 specific to our group. Users can choose which service they
want to use and this is done by membership in a netgroup (an rlm_perl script
looks up the user to see what netgroup they belong to). We have proxy
Ti Leggett wrote:
Tue Jul 2 10:39:04 2013 : Error: WARNING: Unresponsive child for request 0,
in component core module thread
Fix your scripts so that they don't block the server.
The upstream server does get the request, send the reject back to the proxy
and the proxy receives the
I'm not sure how the script could be blocking the server after it's already ran
and returned the updated packet so the proxying can take place which does
happen:
• rlm_perl: Changing User-Name: legg...@yubiauth.mcs.example.com
• rlm_perl: Added pair NAS-Port-Type = Virtual
Ti Leggett wrote:
I'm not sure how the script could be blocking the server after it's already
ran and returned the updated packet so the proxying can take place which does
happen:
I don't know. All I know is that the default configuration doesn't
have child threads blocking when sending
On 2 Jul 2013, at 18:51, Alan DeKok al...@deployingradius.com wrote:
Ti Leggett wrote:
I'm not sure how the script could be blocking the server after it's already
ran and returned the updated packet so the proxying can take place which
does happen:
I don't know. All I know is that the
Well sure. I figured it was in my local configuration, but is there any other
debugging I can do to help me pinpoint what may be going on since, as you said,
from the debug logs everything looks correct? Disabling the script will give me
a working installation but not a usable one in our
I'm not seeing a spin lock, but I'm running a 2.2.1 branch version that I
believe you pointed me at to fix an rlm_krb5 issue I was seeing earlier this
year. Is there an update for that branch or should I be moving to some other
version/branch?
On Jul 2, 2013, at 1:03 PM, Arran Cudbard-Bell
Ti Leggett wrote:
Well sure. I figured it was in my local configuration, but is there any other
debugging I can do to help me pinpoint what may be going on since, as you
said, from the debug logs everything looks correct? Disabling the script will
give me a working installation but not a
On 2 Jul 2013, at 19:28, Ti Leggett legg...@mcs.anl.gov wrote:
I'm not seeing a spin lock, but I'm running a 2.2.1 branch version that I
believe you pointed me at to fix an rlm_krb5 issue I was seeing earlier this
year. Is there an update for that branch or should I be moving to some other
23 matches
Mail list logo