Help. Realms not being stripped.
My NNTP provider and dialup provider proxy requests for [EMAIL PROTECTED] to my FreeRadius server, which is not stripping the realm. For some very strange reason, for those people who are in /etc/passwd, they can authenticate anyhow. But I'm migrating over to LDAP, and looking for [EMAIL PROTECTED],ou=Users,dc=jtnllc,dc=com won't work - the DN of a dialup user is uid=user,ou=Users,dc=jtnllc,dc=com (without the suffix). I need to have the suffix stripped. I listed justthe.net as a LOCAL realm in /usr/local/etc/raddb/realms, but what else do I have to do to get this to work? Thanks in advance. -- JustThe.net LLC - Steve "Web Dude" Sobol, CTO ICQ: 56972932/WebDude216 website: http://JustThe.net email: [EMAIL PROTECTED] phone: 216.619.2NET postal: 5686 Davis Drive, Mentor On The Lake, OH 44060-2752 DalNet: ZX-2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Getting username/Hint from Radius accounting detail
Tyler Hardison <[EMAIL PROTECTED]> wrote: > There is also a script that I use regularly. So much so that I made a > CGI frontend for it. Its called radiusreport and it does very good on > Freeradius' detail files. > > >http://www.pgregg.com/projects/radiusreport/index.php?cookiesarenotok=1&q=00101017002673CK5HPJankX84gUi9epKxQch9yd4tmcxYWDFLmQ9HNhL3b3dqsY Nice... I've added it to the (short) list of related things in: http://www.freeradius.org/related/ Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Getting username/Hint from Radius accounting detail
[EMAIL PROTECTED] wrote: >Joe Maimon <[EMAIL PROTECTED]> wrote: > >>I was wondering if there is any way to access the username/hint located >>in the accounting detail keyed by IP address. >> > > The 'detail' file is just a file on the disk, so at the minimum, you >can write a script to root through it. > There is also a script that I use regularly. So much so that I made a CGI frontend for it. Its called radiusreport and it does very good on Freeradius' detail files. http://www.pgregg.com/projects/radiusreport/index.php?cookiesarenotok=1&q=00101017002673CK5HPJankX84gUi9epKxQch9yd4tmcxYWDFLmQ9HNhL3b3dqsY enjoy. Tyler. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Getting username/Hint from Radius accounting detail
Joe Maimon <[EMAIL PROTECTED]> wrote: > I was wondering if there is any way to access the username/hint located > in the accounting detail keyed by IP address. The 'detail' file is just a file on the disk, so at the minimum, you can write a script to root through it. > I have an application in mind in which a Proxy Server matches a client's > IP address with a radius username/Hint in order to grant access or apply > a filter/criteria list for that IP address. They are not neccessarily > the same machine. I would prefer a pull mechanism from the proxy server. > > Is there anyway to request this from the radius server? No. RADIUS doesn't do requests. > Can I trigger a script on accounting packets to feed the information to > a hash database or something? Yes. See raddb/acct_users, and scripts/exec-program-wait Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Getting username/Hint from Radius accounting detail
Hi, I was wondering if there is any way to access the username/hint located in the accounting detail keyed by IP address. I have an application in mind in which a Proxy Server matches a client's IP address with a radius username/Hint in order to grant access or apply a filter/criteria list for that IP address. They are not neccessarily the same machine. I would prefer a pull mechanism from the proxy server. Is there anyway to request this from the radius server? Can I trigger a script on accounting packets to feed the information to a hash database or something? I apologize for my ignorance. Joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Passwords and case-sensivity (radclient)
> I think there is a problem with the case-sensivity of password > (freeradius-0.3) in radclient: The passwords usually are case sensitive, unless you've played with the 'lower_pass' configuration item in radiusd.conf. > Results: > - User "a" is accepted with its lower case password "x". (This is OK) > - User "A" is NOT accepted with its upper case password "X". (This is not > OK) > - User "A" is accepted with the lower case password "x". (This is not OK) I don't see that in my local server. It's pretty much a stock config from the distribution, with the 'a' and 'A' users added. Are you sure you haven't made some other change to your local config? > The "funny" part ist, that radiusd is working OK. But I needed 4 hours to > find that out. If my NAS is communicating with the RADIUS, everything is OK. > Only oif I use radclient, the problem occurs. So I am pretty sure, radclient > is messing with the case of the password. Can someone with radclient > knowledge take a look at this? Radclient does NOT change the case of the passwords. It doesn't do *anything* with the passwords, other than encrypt them, and send them to the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeRadius how to support Simultaneous-Use ???
Rubby <[EMAIL PROTECTED]> wrote TWICE: > I want to know freeRadius 0.3 how to support Simultaneous-Use? > Does it maintain a internal online-users table? > If I use SQL to authorize and authenticate, I must add a temporary online-users >table? > And how to configure? Can you PLEASE only post ONE message to the list? And DO NOT post the SAME message to both the users and devel lists. Pick one list, and post one message. As for your question, have you done an 'ls' of the 'doc' directory? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeRadius how to support Simultaneous-Use ???
At 12:10 PM 1/4/2002 +0800, Rubby wrote: >Hi,all,happy new year! > >I want to know freeRadius 0.3 how to support Simultaneous-Use? 0.4 is the latest release. And the current CVS builds have many more bugfixes beyond 0.4. >Does it maintain a internal online-users table? It is described, in lots of detail, in 'doc/Simultaneous-Use'. Read that. >If I use SQL to authorize and authenticate, I must add a temporary >online-users table? >And how to configure? Read the documentation, it tells you. -Chris -- \\\|||/// \ Chris Parker-Manager, Development Engineering \ ~ ~ / \ WX *is* Wireless!\ [EMAIL PROTECTED] | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Without C we would have 'obol', 'basi', and 'pasal' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Passwords and case-sensivity (radclient)
Hello, I think there is a problem with the case-sensivity of password (freeradius-0.3) in radclient: Lets sess the follwoing excerpt of my configuation: a Auth-Type := Local, Password == "x" Framed-Protocol = PPP A Auth-Type := Local, Password == "X" Framed-Protocol = PPP Now I run 3 requests with radclient for the two users a (Password: a lower case x) and A (Password: an upper case X): bash-2.03$ bin/radclient -x -s -d radius1 hybris:12345 auth foo User-Name = a , Password = x Sending Access-Request of id 98 to 145.230.107.11:21645 User-Name = "a" Password = "\257\327 sm\033\334\000)\231zR\264^hw" rad_recv: Access-Accept packet from host 145.230.107.11:21645, id=98, length=32 Service-Type = Framed-User Framed-Protocol = PPP User-Name = A , Password = X Sending Access-Request of id 99 to 145.230.107.11:21645 User-Name = "A" Password = "Cn\303\365\363\314N\016\030\375nY\204\346\353\033" rad_recv: Access-Reject packet from host 145.230.107.11:21645, id=99, length=20 User-Name = A , Password = x Sending Access-Request of id 100 to 145.230.107.11:21645 User-Name = "A" Password = "\356n\231\236\tj3Y\220{\007\037(yD\256" rad_recv: Access-Accept packet from host 145.230.107.11:21645, id=100, length=32 Service-Type = Framed-User Framed-Protocol = PPP Results: - User "a" is accepted with its lower case password "x". (This is OK) - User "A" is NOT accepted with its upper case password "X". (This is not OK) - User "A" is accepted with the lower case password "x". (This is not OK) I would have expected, user "A" would be accepted with its upper case password "X" but it is not. I do not use the case conversion feature, as you see from the radius start messages: main: lower_user = "no" main: lower_pass = "no" The "funny" part ist, that radiusd is working OK. But I needed 4 hours to find that out. If my NAS is communicating with the RADIUS, everything is OK. Only oif I use radclient, the problem occurs. So I am pretty sure, radclient is messing with the case of the password. Can someone with radclient knowledge take a look at this? > Christian > > -- > Vodafone Passo GmbH > Christian Esken > DTD - Development Telematics Distributed Architecture > Niederkasseler Lohweg 20 > D - 40547 Düsseldorf > Fon: +49 (0) 211 53 68 - 358 > Fax: +49 (0) 211 53 68 - 440 > mailto:[EMAIL PROTECTED] > http://www.passo.de > > - This Mail has been checked for Viruses Attention: Encrypted mails can NOT be checked! ** Diese Mail wurde auf Viren geprueft Hinweis: Verschluesselte mails koennen NICHT auf Viren geprueft werden! - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html