--
Alexander Clouter
.sigmonster says: Take your Senator to lunch this week.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Alexander Clouter
.sigmonster says: Postage will be paid by addressee.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
documentation...
Cheers
--
Alexander Clouter
.sigmonster says: I'm having fun HITCHHIKING to CINCINNATI or FAR ROCKAWAY!!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
://freeradius.1045715.n5.nabble.com/foreach-attribute-array-td2787874.html
Cheers
--
Alexander Clouter
.sigmonster says: Guillotine, n.:
A French chopping center.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alexander Clouter a...@digriz.org.uk wrote:
The content is generally rather good, and aside from a few typos, the
book is let only on some relatively *minor* points:
[snipped]
* unfortunately short EAP section, ignoring session resumption and why
particular EAP methods meet
useful things:
http://wiki.freeradius.org/Rlm_perl
...and even less surprisingly it's the same as whats in
src/modules/rlm_perl/example.pl.
*sigh*
Cheers
--
Alexander Clouter
.sigmonster says: Mongoose knghtbrd: and the meek shall inherit k-mart
-
List info/subscribe/unsubscribe? See http
rather than a
beginners guide...so I probably am being mean :)
The price is reasonable, and if you are a complete newbie, it will get
you on your feet. The book definitely does what it says on the tin and
I would give it a 7 out of 10...
Cheers
--
Alexander Clouter
.amongst says: Dibble's
better when we ditched mysql
Our experience has been that using MySQL pretty much guarantees you
*will* be burnt...especially with the replication.
Cheers
--
Alexander Clouter
.sigmonster says: I'm having a MID-WEEK CRISIS!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
to be crazy to use just basic regex.
Cheers
--
Alexander Clouter
.sigmonster says: Tact, n.:
The unsaid part of what you're thinking.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alexander Clouter a...@digriz.org.uk wrote:
I've put some pre releases of 2.1.12 on the web site:
http://git.freeradius.org/pre/
Priming up my end for a burn in...
24 hours later, still churning happily. Running 2.1.12 (bfe2c025).
Cheers
--
Alexander Clouter
.sigmonster says
{
Acct-Interim-Interval := 3000 + %{rand:1200}
}
This would give me Acct-Interim-Interval set to 1hr+-10mins.
As it is set now, I just got 1MB of journal recorded to file accounting
data landing on my systems :)
Cheers
--
Alexander Clouter
.sigmonster says: The chief cause
] http://lists.cistron.nl/pipermail/freeradius-users/2011-June/msg00334.html
--
Alexander Clouter
.sigmonster says: An algorithm must be seen to be believed.
-- D. E. Knuth
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok al...@deployingradius.com wrote:
I've put some pre releases of 2.1.12 on the web site:
http://git.freeradius.org/pre/
Priming up my end for a burn in...
Cheers
--
Alexander Clouter
.sigmonster says: And on the seventh day, He exited from append mode.
-
List info/subscribe
to mention that one
chunk of the debug was for the outer layer, the other the inner auth :-/
Cheers
--
Alexander Clouter
.sigmonster says: Misfortunes arrive on wings and leave on foot.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
attributes, so drop the ':0' too):
notice the
if (Tunnel-Private-Group-Id == 5) {
[stuff]
}
Cheers
--
Alexander Clouter
.sigmonster says: Do not apply to broken skin.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
if you want some help and think this could be
getting off topic; although there are a *lot* of eduroam'ers here on the
list.
Cheers
--
Alexander Clouter
.sigmonster says: DIDI ... is that a MARTIAN name, or, are we in ISRAEL?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
this with what
Alan already has pointed you to, do_not_respond in policy.conf, and you
should be able to get to where you want to be.
Cheers
--
Alexander Clouter
.sigmonster says: If you sow your wild oats, hope for a crop failure.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
be done; unless you can find a PAM
RADIUS plugin that supports CHAP.
You should use SSH public keys. If you want that centrally managed have
a look at putting your users SSH keys into LDAP:
http://freshmeat.net/projects/lpkfuse
Cheers
--
Alexander Clouter
.sigmonster says: List at least two
reply off list, but I'm curious why you say e to
PHP, and what you would use instead?
Flamebait! I nearly fell for it. :)
You have permission to Google-stalk me if you really want to know
what I use.
Cheers
--
Alexander Clouter
.sigmonster says: What soon grows old? Gratitude
the responses other than the RLM_MODULE_OK and
RLM_MODULE_REJECTED.
http://wiki.freeradius.org/Modules2#Module+Return+Codes
RLM_MODULE_FAIL looks like a better option to use, although it will not
give you what you want; but it would enable you to use unlang to perform
other tasks.
Cheers
--
Alexander
though.
Cheers
[1] TLS_CACERT /etc/ssl/certs/ca-certificates.crt
[2]
http://lists.cistron.nl/pipermail/freeradius-users/2005-December/msg00228.html
and http://bytes.com/topic/php/answers/11274-use-php-authenticate-ad
--
Alexander Clouter
.sigmonster says: You are magnetic in your bearing
only
search a sub-branch. I suspect the fix is nothing more than setting
'basedn' to ou=lusers,dc=my,dc=domain,dc=name.
Cheers
[1] http://www.php.net/manual/en/function.ldap-search.php#45388
--
Alexander Clouter
.sigmonster says: Without fools there would be no wisdom.
-
List info/subscribe
normal (from my torrus[1] graphs).
Will keep you posted if anything crops up...touch wood it seems okay.
Cheers
[1] http://torrus.org/ is amazing, especially combined with snmpd on
hosts too
--
Alexander Clouter
.sigmonster says: HOST SYSTEM RESPONDING, PROBABLY UP...
-
List info/subscribe
-users%2F+sql+session+clean
Cheers
--
Alexander Clouter
.sigmonster says: Got a dictionary? I want to know the meaning of life.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
with the SNMP
communitities and you quickly have five minutely graphs for *every* port
on your network; and various server with SNMPd running.
Simples
--
Alexander Clouter
.sigmonster says: Apathy is not the problem, it's the solution
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
overhead will like the rlm_perl.
Without including your FreeRADIUS configuration there is very little
anyone here can do to help you other than ask have you just tried using
both modules?
authorize {
...
eap
perl
...
}
authenticate {
eap
perl
}
Cheers
--
Alexander
. If the system briefly came back and died then
on attempt two or three you would have likely seen a failure.
Hope I am explaining myself well :)
Cheers
--
Alexander Clouter
.sigmonster says: BOFH excuse #256:
You need to install an RTFM interface.
-
List info/subscribe
Alexander Clouter a...@digriz.org.uk wrote:
I am though currently trying to pin down a bug where FreeRADIUS just
closes it's-self down for no reason at all. I have run tcpdump during
the clean shutdown, and see it is not malformed traffic causing the
problem, RAM usage is normal, open
Fajar A. Nugraha l...@fajar.net wrote:
On Thu, Jul 28, 2011 at 4:42 PM, Alexander Clouter a...@digriz.org.uk wrote:
rad_recv: Status-Server packet from host 127.0.0.1 port 50412, id=38,
length=38
[event.c:3002] Failed to insert event
There seem to be a bunch of malloc()'s where
Alan DeKok al...@deployingradius.com wrote:
Alexander Clouter wrote:
rad_recv: Status-Server packet from host 127.0.0.1 port 50412, id=38,
length=38
[event.c:3002] Failed to insert event
Ouch.
Indeed. It did only start to happen once I upgraded to 2.1.11 from
2.1.10. Of course I
)?
Is it possible to do this configuration in conjunction with redundant ldap
configuration??
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg71133.html
Cheers
--
Alexander Clouter
.sigmonster says: Is there life before breakfast?
-
List info/subscribe/unsubscribe? See
there would be other grumblings on
the list (or I have missed them and it's already fixed...).
Cheers
--
Alexander Clouter
.sigmonster says: I can't stand squealers; hit that guy.
-- Albert Anastasia
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
resumption? Also TTLS/MSCHAPv2 is possibly for you actually
TTLS/EAP-MSCHAPv2 which means you get in effect an inner-inner tunnel if
I remember correctly.
Have a nosey at:
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg71026.html
Cheers
--
Alexander Clouter
.sigmonster says
existing content.
Cheers
--
Alexander Clouter
.sigmonster says: I'm having a MID-WEEK CRISIS!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Alexander Clouter
.sigmonster says: Massachusetts has the best politicians money can buy.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
://www.soas.ac.uk/itsupport/personal-equipment/unauthorised-workstation.html
--
Alexander Clouter
.sigmonster says: Where do you think you're going today?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the *inner* auth User-Name is realmless and
making it's way out into outer.reply. When you use 'User-Name' in
post-auth{} you will get reply:User-Name rather than request:User-Name
if I remember correctly.
The fix is to *reject* inner-authentications that are realm-less.
Cheers
--
Alexander Clouter
--
Alexander Clouter
.sigmonster says: fortune: not found
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
. :)
Cheers
--
Alexander Clouter
.sigmonster says: Sauron is alive in Argentina!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
. :(
Cheers
[1] http://www.digriz.org.uk/lanwarden
--
Alexander Clouter
.sigmonster says: You are so boring that when I see you my feet go to sleep.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
instructions to connect to the wireless (and wired) network.
It is also then trivial to put in 'eduroam'; if you use 'eduroam' from
day one (*strongly* recommended to avoid pain down the road).
Cheers
--
Alexander Clouter
.sigmonster says: Youth is the trustee of posterity.
-
List info/subscribe
}
...
}
Cheers
--
Alexander Clouter
.sigmonster says: Remember to say hello to your bank teller.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Gary Gatten ggat...@waddell.com wrote:
RADIUS - Half the complexity of Diameter
Don't encourage him...
Cheers
--
Alexander Clouter
.sigmonster says: Life is NP-hard, and then you die.
-- Dave Cock
-
List info/subscribe/unsubscribe? See http
the inner name for
resumed sessions
As a bonus, the Auth-Type is extractable..if you use TLS cached
sessions, then this will be EAP.
Cheers
--
Alexander Clouter
.sigmonster says: It was Penguin lust... at its ugliest.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
://lmgtfy.com/?q=freeradius+exec
Cheers
--
Alexander Clouter
.sigmonster says: Have no friends not equal to yourself.
-- Confucius
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
* rihad ri...@mail.ru [2011-07-07 15:09:22+0500]:
On 07/07/2011 12:28 PM, Alexander Clouter wrote:
rihadri...@mail.ru wrote:
Hi, all. We have some legacy software that ran under XTradius
(xtradius.sourceforge.net). The important thing was to execute an
external program for every auth
connected:
https://su1x.swan.ac.uk/
Believe me, collecting and managing MAC addresses is not something I
would wish on anyone.
Cheers
--
Alexander Clouter
.sigmonster says: Ninety percent of baseball is half mental.
-- Yogi Berra
-
List info/subscribe/unsubscribe
. If the MAC address is not
'registered' then the client has to use an 802.1X authentication.
Cheers
--
Alexander Clouter
.sigmonster says: When you don't know what to do, walk fast and look worried.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-thingy
...
}
Cheers
--
Alexander Clouter
.sigmonster says: Good day for overcoming obstacles. Try a steeplechase.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Y.Y.Y.Y Z.Z.Z.Z
FR allows you to specify something like this on clients.conf
X.X.X.0/24 using ipaddr and netmask
I suspect you can use 'templates {}' too, we use it in proxy.conf, I
cannot see why it could not be used in clients.conf too.
Cheers
--
Alexander Clouter
.sigmonster says: You
have added a pam option
always prompt in the attached code. This will force a WiKID
passcode: prompt regardless of any previous password entry. This can
be changed, of course.
Better to lead with the OTP as then you fend off brute force and
dictionary attacks.
Cheers
--
Alexander Clouter
:= Reject
--
Alexander Clouter
.sigmonster says: Don't compare floating point numbers solely for equality.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
show :)
Cheers
--
Alexander Clouter
.sigmonster says: You will have many recoverable tape errors.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
not need to install an experimental armel valgrind :)
Cheers
--
Alexander Clouter
.sigmonster says: Expect the worst, it's the least you can do.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
)
--
Alexander Clouter
.sigmonster says: BOFH excuse #138:
BNC (brain not connected)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
restarts.
Cheers
[1] http://search.cpan.org/dist/BerkeleyDB/BerkeleyDB.pod
--
Alexander Clouter
.sigmonster says: BOFH excuse #192:
runaway cat on system.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
when rlm_perl fires up, afterwards your
methods are called whenever required, pre-emptively.
Cheers
--
Alexander Clouter
.sigmonster says: You mean you don't want to watch WRESTLING from ATLANTA?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
processed
in authenticate.
So, for example:
authorize {
...
# User-Password is 'foo bar'
python-otp
# User-Password is 'foo'
# User-OTP is 'bar'
ldap
...
}
authenticate {
...
Auth-Type python-otp {
otp
ldap
}
...
}
Cheers
--
Alexander Clouter
LDAP module. Same with the OTP/SMS approach if
possible. Calling OS commands like that, especially when there are
native libraries, is generally a Bad Idea(tm) and the coding gods *will*
smite you for your crimes.
Cheers
--
Alexander Clouter
.sigmonster says: Time as he grows old teaches all
to recompile things as an example).
Cheers
--
Alexander Clouter
.sigmonster says: Don't feed the bats tonight.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
there...although I would recommend the
users file with a bunch of fall throughs personally.
Cheers
--
Alexander Clouter
.sigmonster says: All phone calls are obscene.
-- Karen Elizabeth Gordon
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
}
}
}
else {
...
}
The regex should extract a usable value when present.
Cheers
--
Alexander Clouter
.sigmonster says: wok, n.:
Something to thwow at a wabbit.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a '/^$/'?
Cheers
--
Alexander Clouter
.sigmonster says: Old programmers never die, they just become managers.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
which might already have a fix:
http://git.freeradius.org/
Cheers
--
Alexander Clouter
.sigmonster says: He's just like Capistrano, always ready for a few swallows.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, not FreeRADIUS :)
Cheers
--
Alexander Clouter
.sigmonster says: Them as has, gets.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
expecting to happen
* what is actually happening
Cheers
--
Alexander Clouter
.sigmonster says: You enjoy the company of other people.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the following to the end:
DEFAULT Auth-Type := Reject
I prefer to 'deny, allow' (in Apache speak), but you might prefer
'allow, deny'.
Cheers
--
Alexander Clouter
.sigmonster says: Have a taco.
-- P. S. Beagle
-
List info/subscribe/unsubscribe? See http
--
Alexander Clouter
.sigmonster says: BOFH excuse #350:
paradigm shift...without a clutch
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
go on, join eduroam.
I got a @illinois.edu lurker this week here at soas.ac.uk :)
Cheers
--
Alexander Clouter
.sigmonster says: Wagner's music is better than it sounds.
-- Mark Twain
-
List info/subscribe
having to buy an expensive and/or complicated load-balancer:
http://www.digriz.org.uk/ha-ospf-anycast
Cheers
--
Alexander Clouter
.sigmonster says: If you knew what to say next, would you say it?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-auth. Is that correct ?
Without the output from 'radiusd -X', I cannot help you.
Regards
--
Alexander Clouter
.sigmonster says: Am I accompanied by a PARENT or GUARDIAN?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
for your reply, and sorry for my english, I'm French ;)
We forgive you... ;)
Cheers
--
Alexander Clouter
.sigmonster says: A modem is a baudy house.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a max of 65535
Session-Timeout := 64800
}
}
Aruba might expect something different, so you should check with *them*
(remember, this is a FreeRADIUS support mailing list, *not* an Aruba
one).
Cheers
--
Alexander Clouter
.sigmonster says: A vivid and creative mind characterizes you
accounting on-off packets (your NAS will send a 'reset'
accounting packet to your RADIUS server that you can use to trigger an
early session stop for all the users).
Cheers
--
Alexander Clouter
.sigmonster says: Accordion, n.:
A bagpipe with pleats.
-
List info/subscribe
?)
If you need the FreeRADIUS -X malarkey, then do ask, it is just tricker
to get on a production box... :)
Cheers
[1] http://stuff.digriz.org.uk/freeradius-acct-segfault.pcap
--
Alexander Clouter
.sigmonster says: Preserve the old, but know the new.
-
List info/subscribe/unsubscribe? See http
when it arrives? 'detail'
module? SQL ?
Journalled accounting, it's picked up by decoupled account virtual
server.
Cheers
--
Alexander Clouter
.sigmonster says: Generic Fortune.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
://www.iana.org/assignments/radius-types/radius-types.txt
Cheers
--
Alexander Clouter
.sigmonster says: You auto buy now.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
of view, so far it
seems to us, the problem is not important enough to you to detail here
its specifics or for you to actually read the documentation, so
obviously is not important enough for us all to burn our *free* and
*volunteered* time on?
Cheers
--
Alexander Clouter
.sigmonster says: You
, if any)
Please, throw is a freeking bone here...try starting with the
documentation, Google and the FreeRADIUS mailing list archives.
Regards
--
Alexander Clouter
.sigmonster says: What this country needs is a good five cent microcomputer.
-
List info/subscribe/unsubscribe? See http
in the output of 'radiusd
-X'.
Cheers
--
Alexander Clouter
.sigmonster says: Out of register space (ugh)
-- vi
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
. If you have miconfigured the
server so that it does not how to route to src-ip-of-request via the
interface it saw the packet come in on, then you will have a problem
(although I would have expected no reply at all).
Cheers
--
Alexander Clouter
.sigmonster says: Vax Vobiscum
-
List info
probably will find if you change those tls 'demands' to 'never'
things work, but then it kinda is self defeating :)
Cheers
--
Alexander Clouter
.sigmonster says: You can't break eggs without making an omelet.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
?
is there any way?
Indeed.
Regards
--
Alexander Clouter
.sigmonster says: Talk is cheap because supply always exceeds demand.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
*
s/VLAN/IP/
IP assignment on
You need to run a DHCP server.
Indeed, do not mention though FreeRADIUS can do DHCP though ;)
Cheers
--
Alexander Clouter
.sigmonster says: If you're not careful, you're going to catch something.
-
List info/subscribe/unsubscribe? See http
of the init.d script I could look at?
That's a Bad Idea(tm). Learn to use 'screen'[1], 'tee' and call
freeradius with 'radiusd -X | tee /tmp/debug' manually.
Cheers
[1] http://www.kuro5hin.org/story/2004/3/9/16838/14935
--
Alexander Clouter
.sigmonster says: An adequate bootstrap
through instead it is possible. You would need
to script up something with rlm_perl/rlm_python to build up a cache, and
the virtual failover system would then have to query that cache.
Cheers
--
Alexander Clouter
.sigmonster says: Manoj I *like* the chicken
-
List info/subscribe/unsubscribe
#It_still_doesn.27t_work.21
Cheers
--
Alexander Clouter
.sigmonster says: Check your local listings.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Arran Cudbard-Bell a.cudba...@gmail.com wrote:
On Apr 11, 2011, at 1:40 PM, Alexander Clouter wrote:
GreenUA green_...@mail.ru wrote:
I reviewed RFC and FAQ, but i can't fined sane info about
configuration of freeRADIUS server (on Windows) to send
access-challenge message on access
' and
'member=CN=RobertTest1,ou=WANN,ou=Departments,dc=corp,dc=development,dc=com'?
Cheers
--
Alexander Clouter
.sigmonster says: You have a truly strong individuality.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
,dc=development,dc=com
'((cn=WANN)(|((objectClass=GroupOfNames)(member=CN...'
I'm guessing that's not where 'cn=WANN' lives? What does the following
give you?
ldapsearch -h server -x -b dc=corp,dc=development,dc=com cn=wann dn member
Cheers
--
Alexander Clouter
.sigmonster says
vendors might vary.
Cheers
--
Alexander Clouter
.sigmonster says: He don't know me vewy well, DO he? -- Bugs Bunny
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ramon Escriba escr...@cells.es wrote:
Has any one a clue of what I did wrong?
attempts to read Ramon's mind
attempts to use remote viewing to see output of debugging
Actually, forget it...
http://wiki.freeradius.org/index.php/FAQ#It_still_doesn.27t_work.21
Regards
--
Alexander Clouter
--
Alexander Clouter
.sigmonster says: Better late than never.
-- Titus Livius (Livy)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-Address} %{NAS-IP-Address} %{NAS-Port}
%{User-Name} %{Calling-Station-Id}
}
# break out of 'authorize' early to spare CPU cycles
handled
}
[unlang/policy that is used for all *non-proxied* packets]
}
Cheers
--
Alexander Clouter
.sigmonster says: People who push both buttons
David Peterson dav...@wirelessconnections.net wrote:
These values are unique per user. Is there an elegant way to copy this to
the post-auth section?
The following might help?
http://lists.freeradius.org/mailman/htdig/freeradius-users/2011-January/msg00353.html
Cheers
--
Alexander Clouter
the User-Name/whatever-wimax utilises now movable from the
inner-layer to the outer you can just do you policy on the outer layer
instead. Do authentication on the inner-tunnel, whilst authorisation
keep to the outer layer...
Cheers
--
Alexander Clouter
.sigmonster says: Stay the curse
that QA is no longer done for
commercial software either...
Sorry, couldn't resist.
Cheers
--
Alexander Clouter
.sigmonster says: BOFH excuse #189:
SCSI's too wide.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
*abuses* LDAP, you should be adding
them to a *group*, not bloating-up and overloading the user object;
otherwise you might as well use something horrible like SQL...
Cheers
--
Alexander Clouter
.sigmonster says: A woman can never be too rich or too thin.
-
List info/subscribe/unsubscribe
waiting to be processed and
will re-enable notifications once it drops to half the trigger mark
(512kB).
Cheers
--
Alexander Clouter
.sigmonster says: T-shirt:
Life is *not* a Cabaret, and stop calling me chum!
-
List info/subscribe/unsubscribe? See http
this week, but it imploded
twice and I added a few more CASE's and %{%{...}:-0}'s
--
Alexander Clouter
.sigmonster says: To teach is to learn twice.
-- Joseph Joubert
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
1 - 100 of 322 matches
Mail list logo