:o)
that is good to hear.
> One more question, have you setup several realms? It will be my case,
> and if you have some clues it must be a quick win.
Yes, it will work with multiple realms. There is not much that you need
to other than you need to use HINTS or any other way of rewriting in t
Shawky Skaff wrote:
> Basically I currently have one active realm and need to have another
> realm configured onto the same radius box. For example
> dsl.example.com.au is one and voice.example.com.au is the second.
You need to configure two realms.
> How can I configure the second? I know it’s
Hi,
I have spent some time reading and trying to configure multiple realms to no
avail.
Basically I currently have one active realm and need to have another realm
configured onto the same radius box. For example dsl.example.com.au is one and
voice.example.com.au is the second.
How can I
On 27 Jul 2011, at 17:14, Charles Plater wrote:
> On Jul 26, 2011, at 4:36 PM, Alan DeKok wrote:
>
>> Charles Plater wrote:
>>> Is there any way to try multiple realms inside an update control
>>> statement? What I want to do is try proxying to one realm, an
Charles Plater wrote:
> If I'm reading raddb/proxy.conf correctly home_server_pool allows for
> fail-over and load-balancing configurations.
Yes.
> In my case I was to try the
> same credentials against multiple servers.
RADIUS doesn't do that. It's a *terrible* idea.
> What I'm looking at
On Jul 26, 2011, at 4:36 PM, Alan DeKok wrote:
> Charles Plater wrote:
>> Is there any way to try multiple realms inside an update control
>> statement? What I want to do is try proxying to one realm, and if that
>> fails trying the credentials via the local ream. Thanks i
Charles Plater wrote:
> Is there any way to try multiple realms inside an update control
> statement? What I want to do is try proxying to one realm, and if that
> fails trying the credentials via the local ream. Thanks in advance.
Read raddb/proxy.conf. Look for the home server poo
Is there any way to try multiple realms inside an update control statement?
What I want to do is try proxying to one realm, and if that fails trying the
credentials via the local ream. Thanks in advance.
--
Charles Plater
Lead Application Technical Analyst
Internet Services
+1-313-577-4620
ab3
Hi,
> apples.com auth's off a mysql db
> pears.com auth's off Active Directory
yes. set a virtual server as the server in the proxy.conf
or use unlang to update the realm details and send it to a new
virtual server. that VS will only have the relevant engines
configured in it
alan
-
List info/su
Greetings freeradius list members,
I'm hoping one of the more experienced FR2 users might shed some light
on a query I have, historically
i've only worked with radiator so i am very much a novice with FR2.
Is it possible to auth different realms off different database server
types within the same
On 1/6/2010 12:13 PM, Nalin Mistry wrote:
We have just installed FreeRADIUS and have basic functionality working for ISP
and Hotspot applications.
For the ISP application, we would like to specify the realms supported on a NAS
basis. Is this feasible and how would one go about configuring it.
We have just installed FreeRADIUS and have basic functionality working for ISP
and Hotspot applications.
For the ISP application, we would like to specify the realms supported on a NAS
basis. Is this feasible and how would one go about configuring it.
Thanks in advance...
-
List info/subsc
Oops, just a typo :)
Anyway I have tested it with one domains, (I will have more in the future)
but in theory it should work and my testing using RADNTPING and RADIUS -X
shows that it should.
Thanks
Bob
On Tue, Oct 20, 2009 at 12:36 PM, Alan Buxey wrote:
> Hi,
>
> > if ( User-Name =~
Hi,
> if ( User-Name =~ /^host\//i ) {
> if ( User-Name =~ /\\.first\\.domain$/i ) {
> update control {
> Proxy-To-Realm := "first.domain"
> }
> }
> if ( User-Name =~ /\\.second\\.domain$/i ) {
> update control {
>
Okay, just to update everyone and for others that might search this
mail-listing:
I have finally gotten it, using the code below in the authorize section I
can send host authentication to multiple proxies based on domain name
if ( User-Name =~ /^host\//i ) {
if ( User-Name =~ /\\.firs
Great I'll try the update control..
As for Realms file, I did try using prefix instead of suffix, but in the
case of username.domain.name, it says that the Realm is username and the
Stripped User name is domain.name
Thanks
Bob
On Tue, Oct 20, 2009 at 10:21 AM, Ivan Kalik wrote:
> > 1. Is there
> 1. Is there a way to "manually" specify a proxy or Realm in the authorize
> section?
Yes.
update control {
Proxy-To-Realm := "some_realm"
}
> 2. Is there a way to modify the Realms file to find a realm find the realm
> domain.name in from within user.domain.name. Whenever I try I only ge
Hi,
> Okay, perfect that was part of the answer I needed, Thanks!
>
> I guess I now have two more questions:
>
> 1. Is there a way to "manually" specify a proxy or Realm in the authorize
> section?
>
> 2. Is there a way to modify the Realms file to find a realm find the realm
> domain.name in fr
Okay, perfect that was part of the answer I needed, Thanks!
I guess I now have two more questions:
1. Is there a way to "manually" specify a proxy or Realm in the authorize
section?
2. Is there a way to modify the Realms file to find a realm find the realm
domain.name in from within user.domain.
> Perfect, I think that is exactly what I want, but I'm hoping you might be
> able to help me with the syntax. I am trying this, but is doesn't seem to
> work:
>
> # - From the proxy.conf file:
> realm host {
> if ( Stripped-User-Name =~ ".*\.domain\.name" ) {
> pool = adradius
>
dius
nostrip
}
}
Thanks
Bob
On Thu, Oct 15, 2009 at 3:38 PM, Alan Buxey wrote:
> Hi,
> > What I want to do is proxy requests based on being in multiple realms.
> For
> > example:
> > Realm1/username.Realm2
>
> so long as the second part with always be usernam
Hi,
> What I want to do is proxy requests based on being in multiple realms. For
> example:
> Realm1/username.Realm2
so long as the second part with always be username.realm2 (and you dont get
into user.name.realm2 then you can use 2.1.x with unlang to configure what
you need. you need
What I want to do is proxy requests based on being in multiple realms. For
example:
Realm1/username.Realm2
Where is Realm1 is "host" AND Realm2 is "some.fqdn" then proxy to
xxx.xxx.xxx.xxx
Specifically what I am doing is trying to use FreeRadius to proxy for AD
Domains. I
> radiusd.conf[723] Failed to link to module 'rlm_mschap_co1': Shared object
> "rlm_mschap_co1.so" not found, required by "radiusd"
> radiusd.conf[1949] Unknown module "mschap_co1".
> radiusd.conf[1949] Failed to parse "mschap_co1" entry.
Did you create 3 instances of mschap using aliases like be
On Tue, 28 Jul 2009, Ivan Kalik wrote:
Thankyou for the reply and suggestion. I've been interstate and just back
now to try it.
Create two mschap module instances, mschap_co1 with first ntlm_auth line
and mschap_co2 with second one.
ok.
Then create redundancy inside Auth-Type
MS-CHAP (
> I have used
>
> ntlm_auth --request-nt-key --username=user --password=xxx
> --domain=COMPANY1.LOCAL --require-membership-of=COMPANY1-VPN-USERS
>
> ntlm_auth --request-nt-key --username=otheruser --password=xxx
> --domain=COMPANY2.LOCAL --require-membership-of=COMPANY2-VPN-USERS
>
> and
I've inherited a system which now needs changed and I can't seem to make it do
it! I'm sure it can, but I'm just not familiar enough with FreeRadius to know
how to coax it into doing what I need.
Its a fairly old system, FreeRADIUS Version 1.1.3
Remote users connect to the host using windows
Great, it does the trick :)
It was simplier than I thought.
Another question: is it safe to write into the same sql
server\database\table by 2 radius servers authenticating the same realm?
--
Andrea Cerrito
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Andrea Cerrito wrote:
> How can I let the proxy write in a db just the realm DEF and GHI and ignore
> the realm ABC?
Do *conditional* logging to SQL. See Acct-Type, which lets you
conditionally call a module.
> I think it can be done in the post-proxy section of the radius.conf... But
> how?
Hi to this list,
I'm using freeradius from few weeks, and now I need a little help to
understand how to configure a proxied configuration to do what I need.
My situation:
[ Proxy Frontend ] -- REALM ABC >> proxied to [ My Radius Server ]
|
|- REA
Scott Lambert <[EMAIL PROTECTED]> wrote:
> Would I be able to setup three mysql entries in the way that Alan
> suggested for the LDAP setup, but with a different query specified for
> each realm which includes the realm in the selection criteria of query?
If the users are logging in with differe
On Sat, Aug 12, 2006 at 01:06:38AM +0200, Francois-Xavier GAILLARD wrote:
> Le Fri, Aug 11, 2006 at 06:09:21PM -0400, Alan DeKok ecrivait:
> > Francois-Xavier GAILLARD <[EMAIL PROTECTED]> wrote:
> > > It's a bit tricky, any easier way Alan ?
> >
> > I'm not sure... the main problem is that multi
Le Fri, Aug 11, 2006 at 06:09:21PM -0400, Alan DeKok ecrivait:
> Francois-Xavier GAILLARD <[EMAIL PROTECTED]> wrote:
> > It's a bit tricky, any easier way Alan ?
>
> I'm not sure... the main problem is that multiple people with the
> same name are dialing into the same NAS equipment. So they re
Francois-Xavier GAILLARD <[EMAIL PROTECTED]> wrote:
> It's a bit tricky, any easier way Alan ?
I'm not sure... the main problem is that multiple people with the
same name are dialing into the same NAS equipment. So they really are
the "same" person, but with many possible valid passwords.
It
Le Fri, Aug 11, 2006 at 02:48:33PM -0400, Alan DeKok ecrivait:
> Scott Lambert <[EMAIL PROTECTED]> wrote:
> > I was thinking about putting everything into mysql/postgresql databases.
>
> That gets a little harder, because you effectively have 3 passwords
> for the user, and want any one of them
Scott Lambert <[EMAIL PROTECTED]> wrote:
> I was thinking about putting everything into mysql/postgresql databases.
That gets a little harder, because you effectively have 3 passwords
for the user, and want any one of them to work. Th eserver sn't
really set up to do that right now...
It cou
Attualmente non sono in sede. Per richieste urgenti contattare lo 800 919299 o
inviare una mail a [EMAIL PROTECTED] oppure a [EMAIL PROTECTED]
Cordiali Saluti
Giuseppe Parlato
Area Network
mailto:[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.h
On Thu, Aug 10, 2006 at 05:26:39PM -0400, Alan DeKok wrote:
> Scott Lambert <[EMAIL PROTECTED]> wrote:
> > I need to merge dial-up numbers and bring the DSL aggregation together
> > in order to reduce costs. That means, I will have potentially three
> > users with the username of "bob" trying to l
Attualmente non sono in sede. Per richieste urgenti contattare lo 800 919299 o
inviare una mail a [EMAIL PROTECTED] oppure a [EMAIL PROTECTED]
Cordiali Saluti
Giuseppe Parlato
Area Network
mailto:[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.h
Scott Lambert <[EMAIL PROTECTED]> wrote:
> I've been using GNU-RADIUS and asked this question on the GNU-RADIUS
> list last week but didn't get any responses.
They haven't had a release for 2 years now...
> I need to merge dial-up numbers and bring the DSL aggregation together
> in order to red
Attualmente non sono in sede. Per richieste urgenti contattare lo 800 919299 o
inviare una mail a [EMAIL PROTECTED] oppure a [EMAIL PROTECTED]
Cordiali Saluti
Giuseppe Parlato
Area Network
mailto:[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.h
IUS mailing list and trying to
search google for pointers on how to accomplish this. Unfortunately,
the search terms I have been trying are pretty much useless. "multiple
realms", "multiple domains" combined with or without "one NAS", "same
NAS" ...
If anyone h
ng list
Subject: Re: Adding multiple realms
You should probably look into the strip realms config item since you
only want a single username for all realms.
--
Lewis Bergman
Texas Communications
4309 Maple St.
Abilene, TX 79602-8044
Off. 325-691-1301
Cell 325-439-0533
fax 325-695-6841
-
List
You should probably look into the strip realms config item since you
only want a single username for all realms.
--
Lewis Bergman
Texas Communications
4309 Maple St.
Abilene, TX 79602-8044
Off. 325-691-1301
Cell 325-439-0533
fax 325-695-6841
-
List info/subscribe/unsubscribe? See http://www.fr
Hello everyone! I am serious newbie and I apologize for my poor netiquette.
I am such a newbie that I cannot tell you what version of free radius that I
am running for I know not where to look.
It is running on red hat 9 box with mysql.
Currently we resell dial-up access; we have to provide the
Normando Marcolongo <[EMAIL PROTECTED]> wrote:
> I would like to have freeradius behave like this:
> - realm 'alwaysok' would always accept authentication
> - realme 'checkthis' would always check against mysql
Sure, but they're not really realms.
> Is there a more elegant way of doing this?
Hi!
I would like to have freeradius behave like this:
- realm 'alwaysok' would always accept authentication
- realme 'checkthis' would always check against mysql
Since now I'd have done this by telling freeradius to proxy one of the
realms to another freeradius the would behave accordingly leav
On Thu, 2 Dec 2004, Christian Reeves wrote:
> > > I have an ISP scenario using freeradius 1.0.1. to
> > authenticate dialup
> > > customers on our single domain. We use a Mysql backend.
> > > We have added a second domain for a national dialup service. A 3rd
> > > party providing the POPS will pas
> > I have an ISP scenario using freeradius 1.0.1. to
> authenticate dialup
> > customers on our single domain. We use a Mysql backend.
> > We have added a second domain for a national dialup service. A 3rd
> > party providing the POPS will pass radius requests to our
> radius servers.
> >
> >
> I have an ISP scenario using freeradius 1.0.1. to authenticate dialup
> customers on our single domain. We use a Mysql backend.
> We have added a second domain for a national dialup service. A 3rd party
> providing the POPS will pass radius requests to our radius servers.
>
> Question:
> How do
I have an ISP scenario using freeradius 1.0.1. to authenticate dialup
customers on our single domain. We use a Mysql backend.
We have added a second domain for a national dialup service. A 3rd party
providing the POPS will pass radius requests to our radius servers.
Question:
How do I setup the
Alan,
Thanks for your quick response. I put several more hours of testing
in after I made this posting and determined it is almost certainly
not a radius issue, but probably a PAM or Kerberos issue, so I am
starting to dig deeper in those areas. The LDAP information is
interesting and may prove
Bill Shaver <[EMAIL PROTECTED]> wrote:
> I need to add at least one more Kerberos realm (read MS Windows forest/AD)
> back-end authentication store. (These MS Windows forests do not trust
> each other.) On the radius server (computer), I can manually perform kinit
> requests against each krb5 realm
I am new to this list and am hoping for some assistance with my freeradius
configuration. Please forgive me if this is a stupid qustion, but I am
stumped.
Background:
Red Hat 9.0
Freeradius (from RH)
The RPMs that seem most relevant are:
freeradius-0.9.3-1
krb5-libs-1.2.7-14
27;, 'RADIUS', '', '', '0', '0', '2345678901', '99',
'', 'Framed-User', 'PPP', '111.222.333.123', '0', '0')'
rlm_sql: Reserving sql socket id: 3
rlm_sql: Rele
"Anson Rinesmith" <[EMAIL PROTECTED]> wrote:
> DEFAULT Called-Station-Id == "2345678901", Realm := "isp1.net"
> In both users and acct_users
> And I still get DEFAULT put in the realm field in my database.
Then read the debug log to see where the DEFAULT realm is coming from.
Alan DeKok.
-
t;
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:freeradius-
> [EMAIL PROTECTED] On Behalf Of Alan DeKok
> Sent: Monday, February 23, 2004 12:38 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Multiple realms
>
> "Anson Rinesmith" <[EMAIL PROTECTED]>
"Anson Rinesmith" <[EMAIL PROTECTED]> wrote:
> I would like the SQL database field "realm" to properly reflect what
> realm it is actually proxying for.
Ok...
> The problem is that if I put Called-Station-Id in the users file and put
> the realm information in proxy.conf, I get an infinite loop
I have a freeradius server accepting proxy requests for
multiple Called-Station-Id‘s
I would like the SQL database field “realm” to
properly reflect what realm it is actually proxying for.
The problem is that if I put Called-Station-Id in the users
file and put the realm information in pr
1) Use preproxy.
2) Yes correct.
Jyran Glucky
- Original Message -
From: "Dave Mason" <[EMAIL PROTECTED]>
To: "freeradius mailing list" <[EMAIL PROTECTED]>
Sent: Monday, January 12, 2004 7:11 PM
Subject: questions about multiple realms and proxy
> Hi
Dave Mason <[EMAIL PROTECTED]> wrote:
> 1. Is it possible to append another realm to the NAI when proxying a
> message? That is, if a message with [EMAIL PROTECTED] arrives and I proxy it
> to another host based on realm1 in proxy.conf, can the outgoing NAI be
> [EMAIL PROTECTED]@realm2? If th
Hi,
This may be in a FAQ or earlier thread but I didnt see it. Just a quick
couple of questions.
1. Is it possible to append another realm to the NAI when proxying a
message? That is, if a message with [EMAIL PROTECTED] arrives and I proxy it
to another host based on realm1 in proxy.conf, can
62 matches
Mail list logo