Is there any way inside a clause to access the reason for the
current requests failing, as it is accessible via %1 in an
clause? I would like to be able to pass back the actual failure reason to
the client instead of the cryptic Reply-Message="Request
Denied". Something along the lines of th
When i played around with this setup, and i needed to run a few
instances with identical configs but on different IPs, i found using a
GlobalVar to be very useful. set the IP or port in each radius by passing
it via a GlobalVar on the command line, then you can use it to set various
ite
usernames and the NAS
queries use the original usernames.
regards
Hugh
On Sunday, Mar 16, 2003, at 05:00 Australia/Melbourne, Jeremy Hinton wrote:
Hugh,
i understand what you're saying, but i think you may still not
quite understand the issue i'm trying to describe. Below, i'
low, the username gets stored in the session
database as "jgh" (original) and "jgh" (rewritten).
Then in your scenario #2, the username gets stored as "[EMAIL PROTECTED]"
(original) and "jgh" (rewritten).
Your session database CountQuery uses the rewrit
e as it already does.
The session database just needs to contain a bit more information in the
form of the rewritten username.
I think you are making it a bit too complicated below.
regards
Hugh
On Saturday, Mar 15, 2003, at 03:53 Australia/Melbourne, Jeremy Hinton wrote:
Hugh,
I had
the rewritten
username, and the NAS query can continue to use the original username.
BTW - some NAS's will accept the rewritten username in a User-Name
attribute in the access accept, or you could also use the Class attribute
for the same purpose.
regards
Hugh
On Friday, Feb 28, 2003,
Hugh & Mike,
While working on locking down multiple logins recently, i noticed an
interesting situation. I have a default realm of visi.net, so logging in as
bob and [EMAIL PROTECTED] are treated the same. I log into the server as bob. i
then try to log in to the server as [EMAIL PROTECTED] No
I just noticed this, and i thought i would post incase any others have
this problem. I was having some difficulty getting multiple login
confirmation on my Bay term servers working, and i tracked it down to the
following. The current release of Net-SNMP snmpget (5.0.7) by default use
SNMP v2,
st a
scratch-pad area in memory that you can use however you like.
AuthByPolicy .
.
AddToRequest AuthBy1 = LDAP2
.
AddToRequest AuthBy2 = SQL
.
st AuthBy1 = LDAP2
AddToRequest AuthBy2 = SQL
Your logging should include %{AuthBy1} and %{AuthBy2}.
Please let me know how you get on.
regards
Hugh
On Friday, Feb 21, 2003, at 05:51 Australia/Melbourne, Jeremy Hi
Greetings,
I'm trying to figure out of theres a way to log which AuthBy clause issued
the Request-Failed via AuthLogSQL. I use a AuthBy LDAP primarily, but if
that times out i fall back to an AuthBy SQL. When an auth attempt gets
rejected, i'd like to know if the AuthBy LDAP timed out and its
Hugh & crew,
From reading the docs, and my own testing, it looks like the BindAddress
parameter can only accept a single IP. As a result,
it looks like you're limited to either having radiator respond on all IPs,
or just on one. If this is not the case, someone please feel free to
correct me.
Greetings all,
I'm having a bit of a puzzle i cant seem to figure out. I am using an
AuthBy LDAP2 clause to auth with an LDAP server. The LDAP
schema is built as uid=,cn=. Since most of my users log in
w/out specifying a realm, i have a DefaultRealm specified in my Client
clause. This
I have a feature request for another load balancing AuthBy based on AuthBy
RADIUS. I would like to see AuthBy LEASTCONNS. This would check to see
which radius server had the least pending/outstanding connections, and
would use that server to process the request. Since AuthBy Radius is d
I have a question regarding licensing. Is the licensing model per server
or per instance? If i have one physical server running 3 instances of
radiusd, is that 1 or 3 licenses? I would assume 1, but i wanted to make sure.
- jeremy
===
Archive at http://www.open.com.au/archives/radiator
>{ServerChecksPassword})
! {
! my $auth_check_dn = $dn;
! if ($self->{AuthCheckDN}) {
! $auth_check_dn = &Radius::Util::format_special
! ($self->{AuthCheckDN},
! $p, undef);
! }
$got_password =
Sep 25 21:19:07 2001: DEBUG: Deleting session for jgh,
206.246.195.69, 39
Tue Sep 25 21:19:07 2001: DEBUG: Handling with Radius::AuthLDAP2:
Tue Sep 25 21:19:07 2001: INFO: Connecting to x.x.x.x, port 389
Tue Sep 25 21:19:07 2001: INFO: Attempting to bind with xx,
xxx (server x.x.x.x:389)
Tue Sep 2
Oops, i didn't go far enough into the logs i guess. It looks like
it goes anonymous for the initial search query, and then uses the supplied
username and password to authenticate the actual record lookup later.
Answered my own question ;).
- jeremy
On Fri, 13 Jul 2001, Jeremy H
__ __ 0a
30 12: SEQUENCE {
0002 021: INTEGER = 1
0005 617: [APPLICATION 1] {
0007 0A1: ENUM = 0
000A 040: STRING = ''
000C 040: STRING = ''
000E: }
000E: }
// Jeremy Hinton
d any1 use mrtg+radiator succesfully?
> (i have mrtg 2.6.6 and radiator 2.13)
>
> Thanks,
> Ricardo.
>
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the bod
dictionary was made that way to correct a bug in older bay
code... or anything else for that matter, i didnt analyze the
packet dumps at Trace 5.
- jeremy
-----
Jeremy Hinton[EMAIL PROT
EBUG: Deleting all sessions for 203.132.1.244
> Mon May 17 22:17:56 1999: DEBUG: got On/Off from 203.132.1.244
> Mon May 17 22:17:56 1999: DEBUG: Accounting accepted
> Mon May 17 22:17:56 1999: DEBUG: Packet dump:
> *** Sending to 203.132.1.244 port 1040
> Code: Accountin
tabase person ... thanks!
>
>
// Jeremy HintonSometimes you wake up,
// NOC - VisiNetand sometimes you die.
// [EMAIL PROTECTED]And sometimes when you fall
// www.visi.net/~jgh y o u f l y. Neil Gaiman
===
Archive at http://ww
23 matches
Mail list logo
