Send Freeradius-Users mailing list submissions to
freeradius-users@lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
freeradius-users-requ...@lists.freeradius.org
You can reach the person managing the list at
freeradius-users-ow...@lists.freeradius.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Re: IPv6 ready? (Alan Buxey)
2. Re: cisco WAP/FreeRadius/OpenLDAP (Alan Buxey)
3. Re: add field in radcheck table (gary)
4. Re: add field in radcheck table (Fajar A. Nugraha)
5. Client hostname in clients.conf instead of IP address (tohaikmeng)
6. Re: Client hostname in clients.conf instead of IP address
(Fajar A. Nugraha)
7. Re: add field in radcheck table (gary)
8. Re: add field in radcheck table (Fajar A. Nugraha)
----------------------------------------------------------------------
Message: 1
Date: Mon, 31 Oct 2011 19:23:09 +0000
From: Alan Buxey<a.l.m.bu...@lboro.ac.uk>
Subject: Re: IPv6 ready?
To: FreeRadius users mailing list
<freeradius-users@lists.freeradius.org>
Message-ID:<20111031192309.gc19...@lboro.ac.uk>
Content-Type: text/plain; charset=iso-8859-1
Hi,
Thank you all for your help. I added two more listen blocks in
radiusd.conf and I updated detail { ... with the following:
%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} and it works but
..... (there's always a but). if we use an IPv6 address, then
Packet-Src-APv6-Address value will be, for instance, 0:0:0:0:0:0:0:0, and
the path becomes :
?????????????? ${radacctdir}/0:0:0:0:0:0:0:0/detail-%Y%m%d.log
but FR crashes since it cannot create a folder with that name. Is there
any way of overcoming this issue? replace : with . or so???
well, you asked how it could be done..you didnt say you were
trying this on Windows! whats the next surprise?
I would do something like use PERL to make %{Packet-Src-IPv6-Address} become
sanitized..... eg assign %{Tmp-String-0} and use SED to swap : with -
this means no single source code line change and easily adaptable to whatever
else you might come across....
then use simly use %{Tmp-String-0} in your detail module config....
alan
------------------------------
Message: 2
Date: Mon, 31 Oct 2011 19:25:49 +0000
From: Alan Buxey<a.l.m.bu...@lboro.ac.uk>
Subject: Re: cisco WAP/FreeRadius/OpenLDAP
To: FreeRadius users mailing list
<freeradius-users@lists.freeradius.org>
Message-ID:<20111031192549.gd19...@lboro.ac.uk>
Content-Type: text/plain; charset=us-ascii
Hi,
so now the password is not clear text in the log as it was before but
still seeing that no good password error....but then there is that line
towards the bottom that sasys user authorized to use remote access... do
i need to configure Filter-Id or something in the sites-enabled/default
or innertunnel or something like that?
getting confused with authorization and authentication? check your requirements
in LDAP - do they match (eg CN/DN?)
have you got PAP listed after the ldap and is the auto_header enabled in the pap
module?
alan
------------------------------
Message: 3
Date: Tue, 1 Nov 2011 10:07:00 +0800
From: "gary"<gary.y...@browan.com>
Subject: Re: add field in radcheck table
To: "FreeRadius users mailing list"
<freeradius-users@lists.freeradius.org>
Message-ID:<003901cc983a$f335b490$cd15a8c0@ggyy40fbc8fbae>
Content-Type: text/plain; format=flowed; charset="iso-8859-1";
reply-type=original
----- Original Message -----
From: "Fajar A. Nugraha"<l...@fajar.net>
To: "FreeRadius users mailing list"<freeradius-users@lists.freeradius.org>
Sent: Monday, October 31, 2011 8:34 PM
Subject: Re: add field in radcheck table
On Mon, Oct 31, 2011 at 5:23 PM, gary<gary.y...@browan.com> wrote:
Hi Fajar
I think the secondname field may be realm instead of.
First rule before asking anything: make SURE you know what you want.
When you're not even sure, how can others help you?
I am thinking this in case without proxy, using local database it can
determine by two field "username+realm" instead one check field username
such as "gary@companyA" . User can see his/her name like "gary" only
without
"@companyA" character.
What do you mean "User can SEE"?
The question is simple. What does the user put as username? How do you
want to process that username?
If the user only inputs "gary", and you don't know how you you can get
the realm, then how can FR do what you want? By being psychic?
Sorry for my poor english.
> From the login page,user can type his name and select pull-down option for
the realm and then send to FR server for authentication.
for example, gary@domain1 and gary@domain2 come from different company and
both in same database.
I can directly input gary@domain1 and gary@domain2 as user name for
authentication.
but I would like to separate two field for checking.
user can see(probably read) user infomation(eg:logout page) only user name
instead of gary@domain1 .
Furthermore, in case lot of data in radcheck, it can be search,sort...etc
according to the realm field to improve server performance.
--
Fajar
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
------------------------------
Message: 4
Date: Tue, 1 Nov 2011 10:02:22 +0700
From: "Fajar A. Nugraha"<l...@fajar.net>
Subject: Re: add field in radcheck table
To: FreeRadius users mailing list
<freeradius-users@lists.freeradius.org>
Message-ID:
<cag1y0scmgflgqivxcf+i12puyfcmwwzzuxygn8vdfmmz4qr...@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
On Tue, Nov 1, 2011 at 9:07 AM, gary<gary.y...@browan.com> wrote:
From the login page,user can type his name and select pull-down option for
the realm and then send to FR server for authentication.
for example, gary@domain1 and gary@domain2 come from different company and
both in same database.
I can directly input gary@domain1 and gary@domain2 as user name for
authentication.
but I would like to separate two field for checking.
user can see(probably read) user infomation(eg:logout page) only user name
instead of gary@domain1 .
This is a captive portal setup, right? FR doesn't really care what
user puts in "drop down box", it only cares what the NAS (e.g.
chillispot) sends. And the NAS doesn't really care what the user
inputs, it only cares what the captive portal sends it (which may or
may not be the same as what the user inputs).
For example, in my setup the captive portal adds a realm automatically
(user can't put it manually) and pre-process the password that user
entered (e.g. using a custom hash).
In that setup there's really no need to separate user and realm. Just
use the default setup.
Furthermore, in case lot of data in radcheck, it can be search,sort...etc
according to the realm field to improve server performance.
I actually think the easiest way is to just add a "realm" field in
radcheck as ENUM type, indexed, used only for search/sorting purposes,
updated automatically by mysql trigger. That way you don't have to
modify anything on FR side.