Reply-Items in Ldap-Group
I wish to assign various Reply-Items to a group defined in LDAP, and then configuring FreeRADIUS to fetch those Reply-Items whenever a user belonging to that group authenticates. Is that possible? Thank you! smime.p7s Description: S/MIME Cryptographic Signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1 mysql Attribute
That should be in the reply - so radreply or radgroupreply. Ivan Kalik Kalik Informatika ISP Dana 29/2/2008, "Dustin Schuemann" <[EMAIL PROTECTED]> piše: >Ok I found that. Where do I add the stuff in my mysql database to >allow that attribute. >On Feb 29, 2008, at 5:19 AM, Ivan Kalik wrote: > >> Most likely. Can you post the content of your dictionary file? >> >> Or download 2.0.2 and see if that attribute is in >> dictionary.slipstream. >> If it is include it with the other dictionaries. >> >> Ivan Kalik >> Kalik Informatika ISP >> >> >> Dana 29/2/2008, "Dustin Schuemann" <[EMAIL PROTECTED]> pi�e: >> >>> Can I just add it ? >>> On Feb 28, 2008, at 5:51 PM, Ivan Kalik wrote: >>> > > Add to your dictionary file at /usr/local/etc/raddb/dictionary: > Same file in Freeradius. > VENDORATTR 7000 Slipstream-Auth 1 string > You will find this in there: #ATTRIBUTE My-Local-String 3000string #ATTRIBUTE My-Local-IPAddr 3001ipaddr #ATTRIBUTE My-Local-Integer3002integer Change the first one to: ATTRIBUTE Slipstream-Auth 3000string Restart the server for this to take effect. Use the attribute as instructed (but correct the first line as per instructions in users file if you are using a recent freeradius version). Attribute should appear in the Access-Accept packet if all goes well. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html >>> >>> >>> >>> Dustin Schuemann . Network Engineer >>> .. . . . . . . . . . . . . . . . . . . . . . . . . . >>> AMS/The Support Dept >>> 400 Ann St NW Suite 102 >>> Grand Rapids, MI 49504 >>> p. 616.235.0725 ext. 7007 >>> e. [EMAIL PROTECTED] >>> >>> >>> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html > > > >Dustin Schuemann . Network Engineer >.. . . . . . . . . . . . . . . . . . . . . . . . . . >AMS/The Support Dept >400 Ann St NW Suite 102 >Grand Rapids, MI 49504 >p. 616.235.0725 ext. 7007 >e. [EMAIL PROTECTED] > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1 mysql Attribute
Ok I found that. Where do I add the stuff in my mysql database to allow that attribute. On Feb 29, 2008, at 5:19 AM, Ivan Kalik wrote: Most likely. Can you post the content of your dictionary file? Or download 2.0.2 and see if that attribute is in dictionary.slipstream. If it is include it with the other dictionaries. Ivan Kalik Kalik Informatika ISP Dana 29/2/2008, "Dustin Schuemann" <[EMAIL PROTECTED]> piše: Can I just add it ? On Feb 28, 2008, at 5:51 PM, Ivan Kalik wrote: Add to your dictionary file at /usr/local/etc/raddb/dictionary: Same file in Freeradius. VENDORATTR 7000 Slipstream-Auth 1 string You will find this in there: #ATTRIBUTE My-Local-String 3000string #ATTRIBUTE My-Local-IPAddr 3001ipaddr #ATTRIBUTE My-Local-Integer3002integer Change the first one to: ATTRIBUTE Slipstream-Auth 3000string Restart the server for this to take effect. Use the attribute as instructed (but correct the first line as per instructions in users file if you are using a recent freeradius version). Attribute should appear in the Access-Accept packet if all goes well. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Dustin Schuemann . Network Engineer .. . . . . . . . . . . . . . . . . . . . . . . . . . AMS/The Support Dept 400 Ann St NW Suite 102 Grand Rapids, MI 49504 p. 616.235.0725 ext. 7007 e. [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Dustin Schuemann . Network Engineer . . . . . . . . . . . . . . . . . . . . . . . . . . AMS/The Support Dept 400 Ann St NW Suite 102 Grand Rapids, MI 49504 p. 616.235.0725 ext. 7007 e. [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mideye authentication
otp.conf in raddb directory. Ivan Kalik Kalik Informatika ISP Dana 29/2/2008, "Norbert Wegener" <[EMAIL PROTECTED]> piše: >One of our customers uses an authentication service from Mideye, which >is described this way: > >The end-user requests access to a >protected application, and is prompted for >a user name and password. If the correct >credentials have been provided, a one- >time password (OTP) is presented on the >user's mobile phone. The user is requested >to enter the OTP, and if the correct OTP is >returned, access is granted. > >http://www.mideye.com/index.php3?bredd=268.5 > >It should be simple to generate a one time password, throw it into a >database,send it via sms and make it available for the next time, the >user requests access. The problem here seems to be, that after a first >successfull authentication another one with only a new password but the >already entered username has to be done. >Can this be realised with an actual freeradius? If so: Where can I find >documentation about it? > >Norbert Wegener > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: header enrichment
mauro wrote: > but I think we can procede togheter, also if we could find a way to > introduce Freeradius into the Mobile Network. FreeRADIUS is already used in existing mobile networks. For integration into web-enabled mobile services like you're talking about, the main effort would be updating the web servers. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to authenticate suplicant at any time it reconnect
Radius server doesn't ask for authentication - switch does. Ivan Kalik Kalik Informatika ISP Dana 29/2/2008, "hamid benane" <[EMAIL PROTECTED]> piše: >hello every body, >the probleme was on the cisco switch i resolve this probleme and now its work >fine. I seen on the wireless connexion that the server radius did not ask for >the identity of the supllicant since i stop and restart the cconnexion. can >someone tell me how to do to make the server ask for the autentication about >the supplicant at any time he reconnect. > >thanks >_ > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: header enrichment
Hi Mauro, VSA means Vendor Specific Attribute. Vendors can provide 'private' attribute value pairs (AVPs) that are only understood by their equipment so that you can send them information that is not supported natively by the standard RADIUS protocol. If the vendor of your device that would actually perform the header enrichment function can make a query to a RADIUS server based on some 'username' derived from the information available to it (would the user have to login via a web portal first?) then the RADIUS server could return attributes associated with that user. You could theoretically create 'groups' that relate to particular handsets/UA strings and return attributes based on that info, but you still have to have a username. Rgds, Guy On 29/02/2008, mauro <[EMAIL PROTECTED]> wrote: > > > thanks , this can really helps my. > So you suggest to investigate about supported RADIUS attributes > admitelly I'm not ARADIUS expert and I don't know what VSA means. > but I think we can procede togheter, also if we could find a way to > introduce Freeradius > into the Mobile Network. > if you think we are OT please feel free to contact me privately > to not disturb the list > thanks very much > > > > >If there is a RADIUS attribute/VSA that can be interpreted by the > >RADIUS client as containing the information required to enrich your > >headers, and the client then does the right thing with the Value of > >that AV pair, then yes, it can be done. If the RADIUS client cannot > >take the information from a specific AVP, then no it cannot be done > >without development work by your client vendor (nothing the server can > >do to force it). > > Hope that helps, > > > > > L'email della prossima generazione? Puoi averla con la nuova Yahoo! Mail > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: header enrichment
thanks , this can really helps my. So you suggest to investigate about supported RADIUS attributes admitelly I'm not ARADIUS expert and I don't know what VSA means. but I think we can procede togheter, also if we could find a way to introduce Freeradius into the Mobile Network. if you think we are OT please feel free to contact me privately to not disturb the list thanks very much >If there is a RADIUS attribute/VSA that can be interpreted by the >RADIUS client as containing the information required to enrich your >headers, and the client then does the right thing with the Value of >that AV pair, then yes, it can be done. If the RADIUS client cannot >take the information from a specific AVP, then no it cannot be done >without development work by your client vendor (nothing the server can >do to force it). Hope that helps, ___ L'email della prossima generazione? Puoi averla con la nuova Yahoo! Mail: http://it.docs.yahoo.com/nowyoucan.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
how to authenticate suplicant at any time it reconnect
hello every body, the probleme was on the cisco switch i resolve this probleme and now its work fine. I seen on the wireless connexion that the server radius did not ask for the identity of the supllicant since i stop and restart the cconnexion. can someone tell me how to do to make the server ask for the autentication about the supplicant at any time he reconnect. thanks _ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mideye authentication
One of our customers uses an authentication service from Mideye, which is described this way: The end-user requests access to a protected application, and is prompted for a user name and password. If the correct credentials have been provided, a one- time password (OTP) is presented on the user's mobile phone. The user is requested to enter the OTP, and if the correct OTP is returned, access is granted. http://www.mideye.com/index.php3?bredd=268.5 It should be simple to generate a one time password, throw it into a database,send it via sms and make it available for the next time, the user requests access. The problem here seems to be, that after a first successfull authentication another one with only a new password but the already entered username has to be done. Can this be realised with an actual freeradius? If so: Where can I find documentation about it? Norbert Wegener - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Response packets with attributes
>greetings, >i am very close to my deadline and stil can't figure out >how to retrieve some user specific informations from freeRadius. > >for example: how to construct a request packet to freeRadius >that would respond me with a packet in which would be >user status (active, expired, disabled, online)? > >i really searched through tons of references but couldnt >find anything remotely close, > >thank you for your support, >David > No wonder. This is not radius, it's administration. 1. active, expired, disabled - you would normally place a user in a group of such accounts. If you need this information in radius reply you can configure a group specific Reply-Message (if you use Expiration attribute instead of a group for expired accounts, the message is generated by default). But you would normally query the database to see which group is user in rather than to try a login. 2. online - a) radwho. It will list all the users that radius "thinks" are online. But you should query NAS if user is online. Radius information is bit less reliable. 2. online - b) radius.log. Configure Simultaneous-Use and if user is online a message will be generated in the log (and request will be rejected). Again, attempting login with user details is a strange way of checking user status. You would normally use such information from the logs if user complains about trouble connecting. I hope this will be of some use to you. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Response packets with attributes
greetings, i am very close to my deadline and stil can't figure out how to retrieve some user specific informations from freeRadius. for example: how to construct a request packet to freeRadius that would respond me with a packet in which would be user status (active, expired, disabled, online)? i really searched through tons of references but couldnt find anything remotely close, thank you for your support, David Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1 mysql Attribute
Most likely. Can you post the content of your dictionary file? Or download 2.0.2 and see if that attribute is in dictionary.slipstream. If it is include it with the other dictionaries. Ivan Kalik Kalik Informatika ISP Dana 29/2/2008, "Dustin Schuemann" <[EMAIL PROTECTED]> piše: >Can I just add it ? >On Feb 28, 2008, at 5:51 PM, Ivan Kalik wrote: > >>> >>> Add to your dictionary file at /usr/local/etc/raddb/dictionary: >>> >> >> Same file in Freeradius. >> >>> VENDORATTR 7000 Slipstream-Auth 1 string >>> >> >> You will find this in there: >> >> #ATTRIBUTE My-Local-String 3000string >> #ATTRIBUTE My-Local-IPAddr 3001ipaddr >> #ATTRIBUTE My-Local-Integer3002integer >> >> Change the first one to: >> >> ATTRIBUTESlipstream-Auth 3000string >> >> Restart the server for this to take effect. Use the attribute as >> instructed (but correct the first line as per instructions in users >> file >> if you are using a recent freeradius version). Attribute should appear >> in the Access-Accept packet if all goes well. >> >> Ivan Kalik >> Kalik Informatika ISP >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html > > > >Dustin Schuemann . Network Engineer >.. . . . . . . . . . . . . . . . . . . . . . . . . . >AMS/The Support Dept >400 Ann St NW Suite 102 >Grand Rapids, MI 49504 >p. 616.235.0725 ext. 7007 >e. [EMAIL PROTECTED] > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html