Re: MS-CHAPv2 + MySQL + group authtype failure

you mind naming it dictionary.university_of_bristol on the basis that the official IANA vendor code calls it this? I'll also be updating my documentation to include FreeRADIUS info, as well as spit IAS. josh. -- --- Josh Howlett, Networking

OT: ms-filter attribute

as to the formatting of this attribute? many thanks, josh. -- --- Josh Howlett, Networking Digital Communications, Information Systems Computing, University of Bristol, U.K. 'phone: 0117 928 7850 email: [EMAIL PROTECTED

Re: I need help

? See http://www.freeradius.org/list/users.html -- --- Josh Howlett, Networking Digital Communications, Information Systems Computing, University of Bristol, U.K. 'phone: 0117 928 7850 email: [EMAIL PROTECTED

Proxy and No such realm NULL

in this hypothesis is that the dead time is configured at ten minutes (dead_time = 600) yet the server continues to drop RADIUS packets beyond this time. I would be interested in any ideas or suggestions to fix this. many thanks, josh. -- --- Josh Howlett

Proxy where a single server is marked dead?

appreciate an educated opinion! best regards, josh. -- --- Josh Howlett, Networking Digital Communications, Information Systems Computing, University of Bristol, U.K. 'phone: 0117 928 7850 email: [EMAIL PROTECTED

Re: Proxy where a single server is marked dead?

On Tue, 2003-10-14 at 12:18, Josh Howlett wrote: Can someone please briefly indicate the expected behaviour of FreeRADIUS where a realm has a single instance of a {auth|acct}host is specified, but this server has been marked dead owing to inactivity? My reading of the source suggests to me

Re: Proxy where a single server is marked dead?

On Tue, 2003-10-14 at 15:22, Alan DeKok wrote: Josh Howlett [EMAIL PROTECTED] wrote: My reading of the source suggests to me that it will get dropped silently, but I would appreciate an educated opinion! Pretty much. Sending a reject request may be friendlier, though. Yes. It would

Re: Weird username proxying bug?

On Wed, 2003-10-08 at 17:55, Chris Parker wrote: At 10:45 AM 10/8/2003, Josh Howlett wrote: I am using freeradius (0.9) to proxy RADIUS packets. I have run into a possible bug. A username with a Windows domain prepended to the user in the format CC\\username gets proxied in the format C

Off-topic: RADIUS, VPN and PPPoE for wireless

of users, and non-trivial networking requirements then you might like to look at it. Hopefully it might help someone avoid re-inventing a wheel... http://www.bris.ac.uk/is/services/computers/nwservices/nomadic/download josh. -- --- Josh

Re: pppd + freeradius

-pppd.html josh. -- --- Josh Howlett, Networking Digital Communications, Information Systems Computing, University of Bristol, U.K. 'phone: 0117 928 7850 email: [EMAIL PROTECTED

How to access Proxy-to-Realm in script?

. Is it not possible to access FR internal attributes in this way? If so, any ideas how I might achieve a similar effect? best regards, josh. -- --- Josh Howlett, Networking Digital Communications, Information Systems Computing, University

RE: Static Compilation

/unsubscribe? See http://www.freeradius.org/list/users.html -- --- Josh Howlett, Networking Digital Communications, Information Systems Computing, University of Bristol, U.K. 'phone: 0117 928 7850 email: [EMAIL PROTECTED

script: how to detect when in accounting

whether this was an accounting packet and, if so, to exit immediable. Is this possible? Or is there another way of achieving the same effect? josh. -- --- Josh Howlett, Networking Digital Communications, Information Systems Computing

round robin and DEFAULT and NULL realms

Is it possible to use ldflag=round_robin for the DEFAULT and NULL realms? I'm using a CVS version post 0.81 and it doesn't seem to work (just proxies to whichever realm is defined last). Or so it seems... thanks, josh. Josh Howlett

copy accounting to second server

What's the easiest way to copy accouting packets to a second server, without using radrelay? tia, josh. -- --- Josh Howlett, Networking Digital Communications, Information Systems Computing, University of Bristol, U.K. 'phone: 0117 928

threads

. -- --- Josh Howlett, Networking Digital Communications, Information Systems Computing, University of Bristol, U.K. 'phone: 0117 928 7850 email: [EMAIL PROTECTED] --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list

matching realm on user-name

. -- --- Josh Howlett, Networking Digital Communications, Information Systems Computing, University of Bristol, U.K. 'phone: 0117 928 7850 email: [EMAIL PROTECTED] --- - List info/subscribe

Re: Help needed with MS Chap v2

sufficient information to diagnose the error then please let me know and I will send more information. Thanks in advance Guy Warner - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- --- Josh Howlett

Re: Can RADIUS attributes pass through to Apache?

On Wed, 2003-03-26 at 14:31, Alan DeKok wrote: Josh Howlett [EMAIL PROTECTED] wrote: Might I suggest a general mechanism for implementing this, whereby arbitrary and application-specific variable/value pairs are passed to the WWW application within a 'generic' wrapper A/V? The auth server

Re: Can RADIUS attributes pass through to Apache?

On Wed, 2003-03-26 at 15:56, Alan DeKok wrote: The sole objective, at least from where I'm standing, is to pass information about a user from a database (or equiv.) to apache. to *where* in Apache? Ah, I understand. I assumed that Apache would provide an nice easy interface for this

mod_auth_radius: compile error

. -- --- Josh Howlett, Networking Digital Communications, Information Systems Computing, University of Bristol, U.K. 'phone: 0117 928 7850 email: [EMAIL PROTECTED] --- - List info/subscribe/unsubscribe

mod_radius_auth digest auth

In the docs, it states the mod_radius_auth does not support digest authentication. Is this by virtue of it being impossible-in-principle, or merely as-yet-not-implemented? Thanks, josh. -- --- Josh Howlett, Networking Digital

Re: mod_radius_auth digest auth

On Tue, 2003-03-04 at 12:00, Alan DeKok wrote: Josh Howlett [EMAIL PROTECTED] wrote: To clarify, I want users to authenticate via HTTP via mod_auth_radius against a remote RADIUS server without the intermediate WWW server (or, for that matter, anything else) gaining knowledge of the user's

Re: mod_radius_auth digest auth

. -- --- Josh Howlett, Networking Digital Communications, Information Systems Computing, University of Bristol, U.K. 'phone: 0117 928 7850 email: [EMAIL PROTECTED] --- - List info

realms wildcards

Is it possible to select a realm using wildcards? ie. realm foo* { ... } realm *bar { ... } Thanks, josh. -- --- Josh Howlett, Networking Digital Communications, Information Systems Computing

realm length

Hi, I got an error when I tried to specify a realm length 63 characters. Is this an arbitrary limitation that could be extended beyond 63 characters? Thanks. josh. -- --- Josh Howlett, Networking Digital Communications, Information

zombies in non-threaded, single-server mode

Regarding: http://freeradius.org/cvs-log/2003-02-18.09%3A00%3A00.html#file-radiusd-src-main-radiusd-c,0 I can confirm that this fix works. josh. -- --- Josh Howlett, Networking Digital Communications, Information Systems Computing

Realm selection

. Josh Howlett, Networking Digital Communications, Information Systems Computing, University of Bristol, U.K. 'phone: 0117 928 7850 email: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list

proxy access-accept

. -- --- Josh Howlett, Networking Digital Communications, Information Systems Computing, University of Bristol, U.K. 'phone: 0117 928 7850 email: [EMAIL PROTECTED] --- - List info/subscribe/unsubscribe? See http

Re: proxy access-accept

be prepared to consider sponsoring the development of an 'rlm_exec' module (depending on the price) - any takers? josh. -- --- Josh Howlett, Networking Digital Communications, Information Systems Computing, University of Bristol, U.K

add attribute to accounting

. -- --- Josh Howlett, Networking Digital Communications, Information Systems Computing, University of Bristol, U.K. 'phone: 0117 928 7850 email: [EMAIL PROTECTED] --- - List info/subscribe/unsubscribe? See

Re: add attribute to accounting

On Thu, 2002-12-19 at 16:31, Alan DeKok wrote: Josh Howlett [EMAIL PROTECTED] wrote: The scripts/exec-program-wait example suggests that you can add arbitrary AVs to RADIUS packets by writing to stdout from witin the exec-program script. Is this a correct interpretation? Should

Re: Re[2]: MS-CHAP

at 15:52, 3APA3A wrote: Dear Josh Howlett, No. rlm_smb is authentication module, not authorization one. You can use either rlm_mschap or rlm_smb. --Wednesday, November 27, 2002, 6:46:43 PM, you wrote to [EMAIL PROTECTED]: JH Does that include rlm_smb? JH thanks, josh. JH On Wed, 2002

MS-CHAP

Hi, What can Freeradius use to authenticate MS-CHAP against? I know of the following methods: - the 'users' file - /etc/smbpasswd - LDAP directory - proxy to another RADIUS server Are there any others? thanks, josh. -- --- Josh

Re: MS-CHAP

Does that include rlm_smb? thanks, josh. On Wed, 2002-11-27 at 15:34, 3APA3A wrote: Dear Josh Howlett, You can use mschap authentication module in conjunction with any authorization module (for example sql or dbm). All you need is cleartext or NT-crypted password to be accessable

problem with rewrite

, for some reason Freeradius sees this as ! Does anyone have any suggestions what else I could try? many thanks, josh. -- Josh Howlett, Networking Digital Communications, Information Systems Computing, University of Bristol, U.K. 'phone

Re: Re[3]: MS-CHAP and LDAP

(Microsoft implementation of RADIUS) and use FreeRADIUS as proxy to IAS. I do this. It works (even if MS IAS is a toy compared to FreeRADIUS). josh. Josh Howlett, Networking and Digital Communications Group, Information Systems Computing, University of Bristol. email: [EMAIL PROTECTED

Re: accounting-start proxy error

to xxx.xxx.xxx.xxx:xx And the NAS generates the error: WARNING: Identifier does not match - ignoring response WARNING: Invalid response signature - check secret! Josh Howlett, Networking and Digital Communications Group, Information Systems Computing, University of Bristol

Re: voip gateway billing (H323)and radius

this behaviour? josh. Josh Howlett, Networking and Digital Communications Group, Information Systems Computing, University of Bristol. email: [EMAIL PROTECTED] | phone: +44 (0)117 928 7850 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

radiusd pid

Hi, 1) Does freeradius write it's PID anywhere? 2) What signals does freeradius accept? thanks, josh. Josh Howlett, Networking and Digital Communications Group, Information Systems Computing, University of Bristol. email: [EMAIL PROTECTED] | phone: +44 (0)117 928 7850 - List info/subscribe

rlm_sql authorisation

. Josh Howlett, Networking and Digital Communications Group, Information Systems Computing, University of Bristol. email: [EMAIL PROTECTED] | phone: +44 (0)117 928 7850 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

connection speed

Which attribute do NASes usually expect to specify the speed of a connection for a user? thanks, josh. Josh Howlett, Networking and Digital Communications Group, Information Systems Computing, University of Bristol. email: [EMAIL PROTECTED] | phone: +44 (0)117 928 7850 - List info

accounting on a proxy

Hi, Is it possible to ocnfigure a Freeradius proxy to log details of accounting packets that it is proxying? thanks, josh. Josh Howlett, Networking and Digital Communications Group, Information Systems Computing, University of Bristol. email: [EMAIL PROTECTED] | phone: +44 (0)117 928 7850

Append A/V pair to proxied packet?

Hi all, Is it possible for freeradius, acting as a proxy, to add an arbitrary A/V pair to a RADIUS packet? thanks, josh. Josh Howlett, Networking Digital Communications, Information Systems Computing, University of Bristol, U.K

Re: Append A/V pair to proxied packet?

I should add: specifically, accounting packets. thanks, josh. Hi all, Is it possible for freeradius, acting as a proxy, to add an arbitrary A/V pair to a RADIUS packet? thanks, josh. Josh Howlett, Networking Digital

Re: Append A/V pair to proxied packet?

/unsubscribe? See http://www.freeradius.org/list/users.html Josh Howlett, Networking Digital Communications, Information Systems Computing, University of Bristol, U.K. 'phone: 0117 928 7850 email: [EMAIL PROTECTED

Compiling/installing freeradius with specific modules

Hi all, Is it possible to configure freeradius to only compile and install certain specified modules? Or do you have to compile the lot, and then remove the modules you don't use? cheers, josh. Josh Howlett, Networking Digital

Re[3]: Fwd: Re: Encrypted attribute problems

in this matter, josh. On Mon, 27 May 2002, 3APA3A wrote: Dear Josh Howlett, Replace dictionary.microsoft in _both_ RADIUS source and installation (normally /usr/local/etc/raddb) dir, it should help (make sure you have latest CVS snapshot, older FreeRADIUS incorrectly handles tunnel

Encrypted attribute problems

Hi, What is the status of encrypted attribute support in Freeradius at the moment? It appears to be broken - has anyone had similar problems? thanks, josh. Josh Howlett, Networking Digital Communications, Information Systems

Re: Encrypted attribute problems

Josh Howlett [EMAIL PROTECTED] wrote: What is the status of encrypted attribute support in Freeradius at the moment? It appears to be broken - has anyone had similar problems? WHICH encrypted attribute? There's more than one, and there are a number of different encryption schemes

Re: Fwd: Re: Encrypted attribute problems

suggest sounds sensible to me, but I do not know much at all about RADIUS :-(. regards, josh. --This is a forwarded message From: Josh Howlett [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Monday, May 27, 2002, 7:28:36 PM Subject: Encrypted attribute problems ===8