Re: Help needed with Realms (Freeradius) Urgent!
virulence wrote: > Sorry Alan, > I do not really understand you. firstly, the server is a totally empty > server as it was set up by my colleague for me for testing before > implementation That doesn't matter. The client is sending packets. The configuration items that generate those error messages are about the packets that the client is sending. > and secondly is there a way to check the packets that i am > suppose to be expecting. By the way, the results came as a result of a > radtest. Sorry for the noobness. Ah. If the "more than 200 attributes" packet came in via radtest, then you've configured the server wrong. i.e. You've told the server to proxy requests to itself. Don't do that. See "proxy.conf". One of the "realms" entries has the same IP and port that the server is listening on. Change that IP:port to "LOCAL". Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed with Realms (Freeradius) Urgent!
Sorry Alan, I do not really understand you. firstly, the server is a totally empty server as it was set up by my colleague for me for testing before implementation and secondly is there a way to check the packets that i am suppose to be expecting. By the way, the results came as a result of a radtest. Sorry for the noobness. Alan DeKok-4 wrote: > > vir\ulence wrote: >> Dropping request (1025 is too many): from clie >> nt abc :1818 - ID: 97 >> Info: WARNING: Please check the radiusd.conf file. ?T >> he value for 'max_requests' is probably set too low. >> >> apparently this is what i get after setting the attrbutes to a higher >> level. > > Then I would say that something is seriously wrong in your network. > > Having more than 200 attributes in a RADIUS packet is extremely rare. > As in: If it happens, it's probably because you're being attacked, and > you should go investigate. That's what the log message says. > > So... did you check that the packets are what you expect? Why are > there 200 attributes in the packet? > > And if the server is handling more than 1024 packets at a time, it's > either too slow (i.e. databases are slow or down), or it's being attacked. > > It looks like you just want configuration changes to make the error > messages go away. That is absolutely the wrong approach. Find the > cause of the problem, and fix it. The messages will go away once the > problem goes away. > > Alan DeKok. > -- > http://deployingradius.com - The web site of the book > http://deployingradius.com/blog/ - The blog > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://www.nabble.com/Help-needed-with-Realms-%28Freeradius%29-Urgent%21-tf3412705.html#a9555658 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed with Realms (Freeradius) Urgent!
vir\ulence wrote: > Dropping request (1025 is too many): from clie > nt abc :1818 - ID: 97 > Info: WARNING: Please check the radiusd.conf file. ?T > he value for 'max_requests' is probably set too low. > > apparently this is what i get after setting the attrbutes to a higher level. Then I would say that something is seriously wrong in your network. Having more than 200 attributes in a RADIUS packet is extremely rare. As in: If it happens, it's probably because you're being attacked, and you should go investigate. That's what the log message says. So... did you check that the packets are what you expect? Why are there 200 attributes in the packet? And if the server is handling more than 1024 packets at a time, it's either too slow (i.e. databases are slow or down), or it's being attacked. It looks like you just want configuration changes to make the error messages go away. That is absolutely the wrong approach. Find the cause of the problem, and fix it. The messages will go away once the problem goes away. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed with Realms (Freeradius) Urgent!
Dropping request (1025 is too many): from clie nt abc :1818 - ID: 97 Info: WARNING: Please check the radiusd.conf file. ?T he value for 'max_requests' is probably set too low. apparently this is what i get after setting the attrbutes to a higher level. May I know what constitutes to the attribute level and how can i go about this. I dun think it is a problem from the max-requests. Alan DeKok-4 wrote: > > virulence wrote: >> Alright bro, after doing that i get a message that >> >> Error: WARNING: Possible DoS attack from host 172.16. >> 1.104: Too many attributes in request (received 201, max 200 are >> allowed). >> >> but after that it is ok any idea how to get rid of this error? > > read radiusd.conf, look in the "security" section. > > Alan DeKok. > -- > http://deployingradius.com - The web site of the book > http://deployingradius.com/blog/ - The blog > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://www.nabble.com/Help-needed-with-Realms-%28Freeradius%29-Urgent%21-tf3412705.html#a9548801 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed with Realms (Freeradius) Urgent!
Alright bro, after doing that i get a message that Error: WARNING: Possible DoS attack from host 172.16. 1.104: Too many attributes in request (received 201, max 200 are allowed). but after that it is ok any idea how to get rid of this error? any one know wad's wrong... I'm still stuck at this... virulence wrote: > > Alright bro, after doing that i get a message that > > Error: WARNING: Possible DoS attack from host 172.16. > 1.104: Too many attributes in request (received 201, max 200 are allowed). > > but after that it is ok any idea how to get rid of this error? > > > tnt wrote: >> >> First line will check the password. You might need to add Auth-Type:= >> Local there. On other lines you put reply items like Service-Type, >> Framed-IP-Address etc. If there are items that are same for all users >> put them in DEFAULT entry. Don't put Realm there or anywhere else in >> users file. >> >> Ivan Kalik >> Kalik Informatika ISP >> >> >> Dana 18/3/2007, "virulence" <[EMAIL PROTECTED]> piše: >> >>> >>>Alright so it's >>> >>>[EMAIL PROTECTED] Password := xyz >>> Framed sdfds = sfsdffs >>> Realm = company.com >>> >>>Am I getting it right? >>> >>> >>>tnt wrote: Just change username from abc to [EMAIL PROTECTED] . If you don't strip and put Realm = whatever as check item, username abc still won't match. Ivan Kalik Kalik Informatika ISP Dana 18/3/2007, "virulence" <[EMAIL PROTECTED]> piĹĄe: > >So sorry, there was a misunderstanding in what was allocated to me and I >would try what you said when I get back to office on Monday. > >Btw, for the realms, the configuration is just by putting nostrip under >>>the >realm as in the proxy.conf >but for the users file, would putting realm = company.com work for binding >realm @company.com to abc user for example. Or may I know what is the full >configuration. Sorry for the trouble as this is the first time I'm using >freeradius. Thanks > > > >Alan DeKok-4 wrote: >> >> virulence wrote: >>> But however, I needed the realms to be stripped as all my users auth >>> by >>> only >>> their username and password... Is there another way of doing it? >> >> If you're insisting that the realms MUST be stripped, then you will >> have the problem you noted, which you say you don't want. The >> problem >> is a direct result of your requirement that the realms be stripped. >> >> The message you responded to told you how to solve the problem. >> Try >> the method that was suggested to you. Alternately, if you're not >> going >> to follow the help given on this list, I'm not sure why you're asking >> for help. >> >> Alan DeKok. >> -- >> http://deployingradius.com - The web site of the book >> http://deployingradius.com/blog/ - The blog >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >> > >-- >View this message in context: >>>http://www.nabble.com/Help-needed-with-Realms-%28Freeradius%29-Urgent%21-tf3412705.html#a9537046 >Sent from the FreeRadius - User mailing list archive at Nabble.com. > >- >List info/subscribe/unsubscribe? See >>>http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html >>> >>>-- >>>View this message in context: http://www.nabble.com/Help-needed-with-Realms-%28Freeradius%29-Urgent%21-tf3412705.html#a9539717 >>>Sent from the FreeRadius - User mailing list archive at Nabble.com. >>> >>> >>>- >>>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >> > > -- View this message in context: http://www.nabble.com/Help-needed-with-Realms-%28Freeradius%29-Urgent%21-tf3412705.html#a9547937 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed with Realms (Freeradius) Urgent!
virulence wrote: > Alright bro, after doing that i get a message that > > Error: WARNING: Possible DoS attack from host 172.16. > 1.104: Too many attributes in request (received 201, max 200 are allowed). > > but after that it is ok any idea how to get rid of this error? read radiusd.conf, look in the "security" section. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed with Realms (Freeradius) Urgent!
[EMAIL PROTECTED] wrote: > First line will check the password. You might need to add Auth-Type:= > Local there. In 1.1.4 and following, that is no longer necessary. Do NOT recommend the use of Auth-Type. It's almost always wrong. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed with Realms (Freeradius) Urgent!
Alright bro, after doing that i get a message that Error: WARNING: Possible DoS attack from host 172.16. 1.104: Too many attributes in request (received 201, max 200 are allowed). but after that it is ok any idea how to get rid of this error? tnt wrote: > > First line will check the password. You might need to add Auth-Type:= > Local there. On other lines you put reply items like Service-Type, > Framed-IP-Address etc. If there are items that are same for all users > put them in DEFAULT entry. Don't put Realm there or anywhere else in > users file. > > Ivan Kalik > Kalik Informatika ISP > > > Dana 18/3/2007, "virulence" <[EMAIL PROTECTED]> piše: > >> >>Alright so it's >> >>[EMAIL PROTECTED] Password := xyz >> Framed sdfds = sfsdffs >> Realm = company.com >> >>Am I getting it right? >> >> >>tnt wrote: >>> >>> Just change username from abc to [EMAIL PROTECTED] . If you don't strip >>> and put Realm = whatever as check item, username abc still won't match. >>> >>> Ivan Kalik >>> Kalik Informatika ISP >>> >>> >>> Dana 18/3/2007, "virulence" <[EMAIL PROTECTED]> piĹĄe: >>> So sorry, there was a misunderstanding in what was allocated to me and I would try what you said when I get back to office on Monday. Btw, for the realms, the configuration is just by putting nostrip under >>the realm as in the proxy.conf but for the users file, would putting realm = company.com work for binding realm @company.com to abc user for example. Or may I know what is the full configuration. Sorry for the trouble as this is the first time I'm using freeradius. Thanks Alan DeKok-4 wrote: > > virulence wrote: >> But however, I needed the realms to be stripped as all my users auth >> by >> only >> their username and password... Is there another way of doing it? > > If you're insisting that the realms MUST be stripped, then you will > have the problem you noted, which you say you don't want. The problem > is a direct result of your requirement that the realms be stripped. > > The message you responded to told you how to solve the problem. Try > the method that was suggested to you. Alternately, if you're not > going > to follow the help given on this list, I'm not sure why you're asking > for help. > > Alan DeKok. > -- > http://deployingradius.com - The web site of the book > http://deployingradius.com/blog/ - The blog > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: >>http://www.nabble.com/Help-needed-with-Realms-%28Freeradius%29-Urgent%21-tf3412705.html#a9537046 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See >>http://www.freeradius.org/list/users.html >>> >>> - >>> List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >>> >>> >> >>-- >>View this message in context: http://www.nabble.com/Help-needed-with-Realms-%28Freeradius%29-Urgent%21-tf3412705.html#a9539717 >>Sent from the FreeRadius - User mailing list archive at Nabble.com. >> >> >>- >>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://www.nabble.com/Help-needed-with-Realms-%28Freeradius%29-Urgent%21-tf3412705.html#a9545306 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed with Realms (Freeradius) Urgent!
First line will check the password. You might need to add Auth-Type:= Local there. On other lines you put reply items like Service-Type, Framed-IP-Address etc. If there are items that are same for all users put them in DEFAULT entry. Don't put Realm there or anywhere else in users file. Ivan Kalik Kalik Informatika ISP Dana 18/3/2007, "virulence" <[EMAIL PROTECTED]> piše: > >Alright so it's > >[EMAIL PROTECTED] Password := xyz > Framed sdfds = sfsdffs > Realm = company.com > >Am I getting it right? > > >tnt wrote: >> >> Just change username from abc to [EMAIL PROTECTED] . If you don't strip >> and put Realm = whatever as check item, username abc still won't match. >> >> Ivan Kalik >> Kalik Informatika ISP >> >> >> Dana 18/3/2007, "virulence" <[EMAIL PROTECTED]> piĹĄe: >> >>> >>>So sorry, there was a misunderstanding in what was allocated to me and I >>>would try what you said when I get back to office on Monday. >>> >>>Btw, for the realms, the configuration is just by putting nostrip under >the >>>realm as in the proxy.conf >>>but for the users file, would putting realm = company.com work for binding >>>realm @company.com to abc user for example. Or may I know what is the full >>>configuration. Sorry for the trouble as this is the first time I'm using >>>freeradius. Thanks >>> >>> >>> >>>Alan DeKok-4 wrote: virulence wrote: > But however, I needed the realms to be stripped as all my users auth by > only > their username and password... Is there another way of doing it? If you're insisting that the realms MUST be stripped, then you will have the problem you noted, which you say you don't want. The problem is a direct result of your requirement that the realms be stripped. The message you responded to told you how to solve the problem. Try the method that was suggested to you. Alternately, if you're not going to follow the help given on this list, I'm not sure why you're asking for help. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html >>> >>>-- >>>View this message in context: >http://www.nabble.com/Help-needed-with-Realms-%28Freeradius%29-Urgent%21-tf3412705.html#a9537046 >>>Sent from the FreeRadius - User mailing list archive at Nabble.com. >>> >>>- >>>List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html >>> >>> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >> > >-- >View this message in context: >http://www.nabble.com/Help-needed-with-Realms-%28Freeradius%29-Urgent%21-tf3412705.html#a9539717 >Sent from the FreeRadius - User mailing list archive at Nabble.com. > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed with Realms (Freeradius) Urgent!
Alright so it's [EMAIL PROTECTED] Password := xyz Framed sdfds = sfsdffs Realm = company.com Am I getting it right? tnt wrote: > > Just change username from abc to [EMAIL PROTECTED] . If you don't strip > and put Realm = whatever as check item, username abc still won't match. > > Ivan Kalik > Kalik Informatika ISP > > > Dana 18/3/2007, "virulence" <[EMAIL PROTECTED]> piše: > >> >>So sorry, there was a misunderstanding in what was allocated to me and I >>would try what you said when I get back to office on Monday. >> >>Btw, for the realms, the configuration is just by putting nostrip under the >>realm as in the proxy.conf >>but for the users file, would putting realm = company.com work for binding >>realm @company.com to abc user for example. Or may I know what is the full >>configuration. Sorry for the trouble as this is the first time I'm using >>freeradius. Thanks >> >> >> >>Alan DeKok-4 wrote: >>> >>> virulence wrote: But however, I needed the realms to be stripped as all my users auth by only their username and password... Is there another way of doing it? >>> >>> If you're insisting that the realms MUST be stripped, then you will >>> have the problem you noted, which you say you don't want. The problem >>> is a direct result of your requirement that the realms be stripped. >>> >>> The message you responded to told you how to solve the problem. Try >>> the method that was suggested to you. Alternately, if you're not going >>> to follow the help given on this list, I'm not sure why you're asking >>> for help. >>> >>> Alan DeKok. >>> -- >>> http://deployingradius.com - The web site of the book >>> http://deployingradius.com/blog/ - The blog >>> - >>> List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >>> >>> >> >>-- >>View this message in context: http://www.nabble.com/Help-needed-with-Realms-%28Freeradius%29-Urgent%21-tf3412705.html#a9537046 >>Sent from the FreeRadius - User mailing list archive at Nabble.com. >> >>- >>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html >> >> > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://www.nabble.com/Help-needed-with-Realms-%28Freeradius%29-Urgent%21-tf3412705.html#a9539717 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed with Realms (Freeradius) Urgent!
Just change username from abc to [EMAIL PROTECTED] . If you don't strip and put Realm = whatever as check item, username abc still won't match. Ivan Kalik Kalik Informatika ISP Dana 18/3/2007, "virulence" <[EMAIL PROTECTED]> piše: > >So sorry, there was a misunderstanding in what was allocated to me and I >would try what you said when I get back to office on Monday. > >Btw, for the realms, the configuration is just by putting nostrip under the >realm as in the proxy.conf >but for the users file, would putting realm = company.com work for binding >realm @company.com to abc user for example. Or may I know what is the full >configuration. Sorry for the trouble as this is the first time I'm using >freeradius. Thanks > > > >Alan DeKok-4 wrote: >> >> virulence wrote: >>> But however, I needed the realms to be stripped as all my users auth by >>> only >>> their username and password... Is there another way of doing it? >> >> If you're insisting that the realms MUST be stripped, then you will >> have the problem you noted, which you say you don't want. The problem >> is a direct result of your requirement that the realms be stripped. >> >> The message you responded to told you how to solve the problem. Try >> the method that was suggested to you. Alternately, if you're not going >> to follow the help given on this list, I'm not sure why you're asking >> for help. >> >> Alan DeKok. >> -- >> http://deployingradius.com - The web site of the book >> http://deployingradius.com/blog/ - The blog >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >> > >-- >View this message in context: >http://www.nabble.com/Help-needed-with-Realms-%28Freeradius%29-Urgent%21-tf3412705.html#a9537046 >Sent from the FreeRadius - User mailing list archive at Nabble.com. > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed with Realms (Freeradius) Urgent!
So sorry, there was a misunderstanding in what was allocated to me and I would try what you said when I get back to office on Monday. Btw, for the realms, the configuration is just by putting nostrip under the realm as in the proxy.conf but for the users file, would putting realm = company.com work for binding realm @company.com to abc user for example. Or may I know what is the full configuration. Sorry for the trouble as this is the first time I'm using freeradius. Thanks Alan DeKok-4 wrote: > > virulence wrote: >> But however, I needed the realms to be stripped as all my users auth by >> only >> their username and password... Is there another way of doing it? > > If you're insisting that the realms MUST be stripped, then you will > have the problem you noted, which you say you don't want. The problem > is a direct result of your requirement that the realms be stripped. > > The message you responded to told you how to solve the problem. Try > the method that was suggested to you. Alternately, if you're not going > to follow the help given on this list, I'm not sure why you're asking > for help. > > Alan DeKok. > -- > http://deployingradius.com - The web site of the book > http://deployingradius.com/blog/ - The blog > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://www.nabble.com/Help-needed-with-Realms-%28Freeradius%29-Urgent%21-tf3412705.html#a9537046 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed with Realms (Freeradius) Urgent!
So sorry, there was a misunderstanding in what was allocated to me and I would try what you said when I get back to office on Monday. Btw, for the realms, the configuration is just by putting nostrip under the realm as in the proxy.conf but for the users file, would putting realm = company.com work for binding realm @company.com to abc user for example. Or may I know what is the full configuration. Sorry for the trouble as this is the first time I'm using freeradius. Thanks virulence wrote: > > But however, I needed the realms to be stripped as all my users auth by > only their username and password... Is there another way of doing it? > > Bill Brunton wrote: >> >> >> >> Change the config setting in proxy.config from strip to nostrip for all >> domains Then I suspect that you will have to have the domain on the >> username in the users file or it will not match. >> >> >> >> On Thu, 15 Mar 2007, virulence wrote: >> >>> Date: Thu, 15 Mar 2007 22:29:00 -0700 (PDT) >>> From: virulence <[EMAIL PROTECTED]> >>> Reply-To: FreeRadius users mailing list >>> >>> To: freeradius-users@lists.freeradius.org >>> Subject: Help needed with Realms (Freeradius) Urgent! >>> >>> >>> Currently I have my multiple realms up at proxy.conf up and going but >>> everytime I do a radtest my user is able to authenticate with the >>> multiple >>> realms which I do not want to after stripping the realm. >>> >>> e.g. [EMAIL PROTECTED] : login ok >>> [EMAIL PROTECTED] :login ok >>> >>> Is there a way to just "bind" the user abc to auth to just company.com >>> and >>> prevent cross authentication. >>> >>> Any help is appreciated or does anyone know how to specify a user to a >>> single realm. Thanks >>> >> >> -- >> Bill >> [EMAIL PROTECTED] >> http://www.brunton.net >> http://www.video-records.com >> http://www.icu.net >> KA0SEP NNN0HQA/OK >> ATP CFII BE200 BE300 BE300F BE1900 BE2000 BE2000S CE500 >> >> The Internet... The place to be! >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >> > > -- View this message in context: http://www.nabble.com/Help-needed-with-Realms-%28Freeradius%29-Urgent%21-tf3412705.html#a9529909 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed with Realms (Freeradius) Urgent!
virulence wrote: > But however, I needed the realms to be stripped as all my users auth by only > their username and password... Is there another way of doing it? If you're insisting that the realms MUST be stripped, then you will have the problem you noted, which you say you don't want. The problem is a direct result of your requirement that the realms be stripped. The message you responded to told you how to solve the problem. Try the method that was suggested to you. Alternately, if you're not going to follow the help given on this list, I'm not sure why you're asking for help. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed with Realms (Freeradius) Urgent!
But however, I needed the realms to be stripped as all my users auth by only their username and password... Is there another way of doing it? Bill Brunton wrote: > > > > Change the config setting in proxy.config from strip to nostrip for all > domains Then I suspect that you will have to have the domain on the > username in the users file or it will not match. > > > > On Thu, 15 Mar 2007, virulence wrote: > >> Date: Thu, 15 Mar 2007 22:29:00 -0700 (PDT) >> From: virulence <[EMAIL PROTECTED]> >> Reply-To: FreeRadius users mailing list >> >> To: freeradius-users@lists.freeradius.org >> Subject: Help needed with Realms (Freeradius) Urgent! >> >> >> Currently I have my multiple realms up at proxy.conf up and going but >> everytime I do a radtest my user is able to authenticate with the >> multiple >> realms which I do not want to after stripping the realm. >> >> e.g. [EMAIL PROTECTED] : login ok >> [EMAIL PROTECTED] :login ok >> >> Is there a way to just "bind" the user abc to auth to just company.com >> and >> prevent cross authentication. >> >> Any help is appreciated or does anyone know how to specify a user to a >> single realm. Thanks >> > > -- > Bill > [EMAIL PROTECTED] > http://www.brunton.net > http://www.video-records.com > http://www.icu.net > KA0SEP NNN0HQA/OK > ATP CFII BE200 BE300 BE300F BE1900 BE2000 BE2000S CE500 > > The Internet... The place to be! > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://www.nabble.com/Help-needed-with-Realms-%28Freeradius%29-Urgent%21-tf3412705.html#a9526696 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed with Realms (Freeradius) Urgent!
But however, I needed the realms to be stripped as all my users auth by only their username and password... Is there another way of doing it? Bill Brunton wrote: > > > > Change the config setting in proxy.config from strip to nostrip for all > domains Then I suspect that you will have to have the domain on the > username in the users file or it will not match. > > > > On Thu, 15 Mar 2007, virulence wrote: > >> Date: Thu, 15 Mar 2007 22:29:00 -0700 (PDT) >> From: virulence <[EMAIL PROTECTED]> >> Reply-To: FreeRadius users mailing list >> >> To: freeradius-users@lists.freeradius.org >> Subject: Help needed with Realms (Freeradius) Urgent! >> >> >> Currently I have my multiple realms up at proxy.conf up and going but >> everytime I do a radtest my user is able to authenticate with the >> multiple >> realms which I do not want to after stripping the realm. >> >> e.g. [EMAIL PROTECTED] : login ok >> [EMAIL PROTECTED] :login ok >> >> Is there a way to just "bind" the user abc to auth to just company.com >> and >> prevent cross authentication. >> >> Any help is appreciated or does anyone know how to specify a user to a >> single realm. Thanks >> > > -- > Bill > [EMAIL PROTECTED] > http://www.brunton.net > http://www.video-records.com > http://www.icu.net > KA0SEP NNN0HQA/OK > ATP CFII BE200 BE300 BE300F BE1900 BE2000 BE2000S CE500 > > The Internet... The place to be! > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://www.nabble.com/Help-needed-with-Realms-%28Freeradius%29-Urgent%21-tf3412705.html#a9526580 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed with Realms (Freeradius) Urgent!
Change the config setting in proxy.config from strip to nostrip for all domains Then I suspect that you will have to have the domain on the username in the users file or it will not match. On Thu, 15 Mar 2007, virulence wrote: > Date: Thu, 15 Mar 2007 22:29:00 -0700 (PDT) > From: virulence <[EMAIL PROTECTED]> > Reply-To: FreeRadius users mailing list > > To: freeradius-users@lists.freeradius.org > Subject: Help needed with Realms (Freeradius) Urgent! > > > Currently I have my multiple realms up at proxy.conf up and going but > everytime I do a radtest my user is able to authenticate with the multiple > realms which I do not want to after stripping the realm. > > e.g. [EMAIL PROTECTED] : login ok > [EMAIL PROTECTED] :login ok > > Is there a way to just "bind" the user abc to auth to just company.com and > prevent cross authentication. > > Any help is appreciated or does anyone know how to specify a user to a > single realm. Thanks > -- Bill [EMAIL PROTECTED] http://www.brunton.net http://www.video-records.com http://www.icu.net KA0SEP NNN0HQA/OK ATP CFII BE200 BE300 BE300F BE1900 BE2000 BE2000S CE500 The Internet... The place to be! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help needed with Realms (Freeradius) Urgent!
Currently I have my multiple realms up at proxy.conf up and going but everytime I do a radtest my user is able to authenticate with the multiple realms which I do not want to after stripping the realm. e.g. [EMAIL PROTECTED] : login ok [EMAIL PROTECTED] :login ok Is there a way to just "bind" the user abc to auth to just company.com and prevent cross authentication. Any help is appreciated or does anyone know how to specify a user to a single realm. Thanks -- View this message in context: http://www.nabble.com/Help-needed-with-Realms-%28Freeradius%29-Urgent%21-tf3412705.html#a9509004 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
