Hi Hugh, Thanks a million! I moved the AutoMPPEkeys to the Authby SQL clause and left the AddToReply clause for the Encryption types in the AuthBy DYNADDRESS clause. I will check out the hooks next week (I don't know much Perl though).
Regards, Tunde I. ----- Original Message ----- From: "Hugh Irvine" <[EMAIL PROTECTED]> To: "Ayotunde Itayemi" <[EMAIL PROTECTED]> Cc: "Mike McCauley" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Saturday, August 03, 2002 1:49 AM Subject: Re: (RADIATOR) Re: Radiator and Windows Encryption > > Hello Tunde - > > I will let Mike deal with the first part of your message. > > For the second part, you will need to write a PostAuthHook to do what > you describe. > > You will find some example hooks in the file "goodies/hooks.txt". > > regards > > Hugh > > > On Saturday, August 3, 2002, at 03:34 AM, Ayotunde Itayemi wrote: > > > Hi Mike, > > > > I have given the 3.1 patch a shot but to no effect. The relevant part > > of my > > config file is: > > > > <AuthBy DYNADDRESS> > > Identifier myIPADDRESSauth > > Allocator mySQLallocator > > AddToReply Class = %{Reply:Framed-IP-Address} > > PoolHint %{Reply:PoolHint} > > MapAttribute yiaddr, Framed-IP-Address > > MapAttribute subnetmask, Framed-IP-Netmask > > StripFromReply PoolHint > > DefaultSimultaneousUse 1 > > AutoMPPEKeys > > # policy = 4 (40bit), 2 (128bit), 6 (any) > > AddToReply MS-MPPE-Encryption-Policy = 2, > > MS-MPPE-Encryption-Types = > > 4 > > </AuthBy> > > > > I have also tried adding MS-MPPE-Send-Key and MS-MPPE-Recv-Key to the > > "AddToReply" > > clause above with various combinations of MS-MPPE-Encryption-Policy and > > MS-MPPE-Encryption-Types. > > > > Okay, is there anyone on the list that has got this to work please :-) > > > > Also, about my other problem, is there anyway to conditionally remove a > > Reply attribute from the access acccept > > packet before it is sent? The functional word is "conditionally" > > Simply stated, after selecting the users record from the database, > > checking > > the passwords etc, stripping say the > > Framed-IP-Address attribute off if it is from say the "192.168.10.x" > > block. > > OR alternatively, dynanically changing the > > PoolHint attribute based on the NAS sending the request? > > > > Regards, > > Tunde I. > > > > > > ----- Original Message ----- > > From: "Mike McCauley" <[EMAIL PROTECTED]> > > To: "Hugh Irvine" <[EMAIL PROTECTED]>; "Ayotunde Itayemi" > > <[EMAIL PROTECTED]> > > Cc: <[EMAIL PROTECTED]> > > Sent: Friday, August 02, 2002 1:43 AM > > Subject: Re: Radiator and Windows Encryption > > > > > >> Hello Tunde, > >> > >> On Fri, 2 Aug 2002 10:15, Hugh Irvine wrote: > >>> Hello Tunde - > >>> > >>> We have many customers using Windows 2000 and we have many customers > >>> using Patton RAS, however I don't know if anyone is using both > >>> together. > >>> > >>> As for the MPPE questions, I have copied Mike on this mail for his > >>> comments. > >> > >> There are some recent patches to the AutoMPPEKeys feature in the > >> Radiator > > 3.1 > >> area. They extend AputoMPPEKeys to MSCHAP V2, and also fix an > >> interoperability problem. These have been tested to be working > >> correctly > > now > >> by a number of people. > >> > >> Cheers. > >> > >>> > >>> regards > >>> > >>> Hugh > >>> > >>> On Friday, August 2, 2002, at 12:48 AM, Ayotunde Itayemi wrote: > >>>> Hi Hugh, Hi All, > >>>> > >>>> Please, a straight forward question to everybody: > >>>> > >>>> 1. Is there anyone on this mailing list using Radiator and Windows > > 2000 > >>>> servers? > >>>> 2. Is there anyone on this mailing list using Radiator and Patton > > NASes? > >>>> > >>>> If yes to any of the questions above, has anyone implemented RADIUS > >>>> authentication > >>>> with MPPE encryption (or any other encryption)? > >>>> > >>>> > >>>> (Hugh) Also, "someone" I mailed suggested that it is likely radiator > >>>> isn't sending the proper > >>>> MPPE keys to the Windows box (reason for not doing encryption or > >>>> being > >>>> able to connect > >>>> when client requires encryption) > >>>> > >>>> Regards, > >>>> Tunde Itayemi. > >>>> > >> > >> -- > >> Mike McCauley [EMAIL PROTECTED] > >> Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW > >> 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au > >> Phone +61 3 9598-0985 Fax +61 3 9598-0955 > >> > >> Radiator: the most portable, flexible and configurable RADIUS server > >> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > >> Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc > >> on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc > >> > >> > >> > > > > === > > Archive at http://www.open.com.au/archives/radiator/ > > Announcements on [EMAIL PROTECTED] > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. > > > > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.