Extremely Affordable Prescript[ion Drug!s!
Re: WinXP Protected EAP (PEAP) MS-CHAPv2
Hello Justin, This week I had the same problem than u. 0,9,3 version does not support peap. So u need the latest snapshot. Personally, i have installed the 20031204 snapshot. ftp.freeradius.org/pub/radius/CVS-snapshots The next problem is, if u want to use peap, you need to activate tls. In the configuration file 'radius.conf' there are several items to configure (eg certificate_file, CA_file...). So i tried to andeersand what is it. I followed step by step the FreeRadius EAP/TLS - WinXP Howto from Raymond McKay V1.2 (10/30/02) [ http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm ] . But now, i have a problem with openssl version to generate client certificat with the good format for winXP. Good luck Le dim 07/12/2003 06:36, Justin Bailey a crit : Does version 0.9.3 have support for PEAP, MS-CHAPv2? (I am running RedHat 6.2.) If not, is there a version that does? If so, what configuration settings go I need to make to ensure proper exchange for 802.1x authentication. I found an excellent tutorial concerning MD5/EAP for pre SP1. Unfortunately, I am beyond SP1. Justin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SOLVED?! ( was Re: BUG?! (was Re: date type attribute not added to accounting request using attr_rewrite)
I found now WHY a change in attr_rewrite when used in pre-Proxy does not work. It operates on request-packet rather than request-proxy. Now the question is which ought to be fixed; the call to pre-proxy in procy.c or the pre-proxy chain that uses standard calls to operate on the request? I am now testing the former. I would appreciate feedback if that is correct. BTW: I would also appreciate input on where to look for the problem not getting any rewriting out of mod_perl. Paul Alan DeKok wrote: I am happy to help fix it as I need this to work soon. However I would appreciate some pointers where to look. src/lib/valuepair.c, function paircreate() Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Paul Sijben tel: +31205210321 VP Architecture and Business Development direct: +31205210333 Picopointfax: +31205210320 Amsterdam mobile: +31629582154 the Netherlands http://www.picopoint.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SOLVED?! ( was Re: BUG?! (was Re: date type attribute not added to accounting request using attr_rewrite)
Paul Sijben [EMAIL PROTECTED] wrote: I found now WHY a change in attr_rewrite when used in pre-Proxy does not work. It operates on request-packet rather than request-proxy. That should be fixed. Now the question is which ought to be fixed; the call to pre-proxy in procy.c Absolutely not. I don't know what you would change there, or why. or the pre-proxy chain that uses standard calls to operate on the request? I don't know what you mean by that, either. You said the module doesn't do what you expect. Why not change the module? The configuration for the module currently allows it to search in the packet, config, or reply. Why not add proxy and prpxy_reply' to that list? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SOLVED?! ( was Re: BUG?! (was Re: date type attribute not added to accounting request using attr_rewrite)
On Sun, 7 Dec 2003, Alan DeKok wrote: Paul Sijben [EMAIL PROTECTED] wrote: I found now WHY a change in attr_rewrite when used in pre-Proxy does not work. It operates on request-packet rather than request-proxy. That should be fixed. Now the question is which ought to be fixed; the call to pre-proxy in procy.c Absolutely not. I don't know what you would change there, or why. or the pre-proxy chain that uses standard calls to operate on the request? I don't know what you mean by that, either. You said the module doesn't do what you expect. Why not change the module? The configuration for the module currently allows it to search in the packet, config, or reply. Why not add proxy and prpxy_reply' to that list? OK fixed. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SOLVED?! ( was Re: BUG?! (was Re: date type attribute not added to accounting request using attr_rewrite)
Alan DeKok wrote: Paul Sijben [EMAIL PROTECTED] wrote: I found now WHY a change in attr_rewrite when used in pre-Proxy does not work. It operates on request-packet rather than request-proxy. That should be fixed. Now the question is which ought to be fixed; the call to pre-proxy in procy.c Absolutely not. I don't know what you would change there, or why. Working off the 0.9.3 source code I found that the changes attr_rewrite made to the vps went nowhere since they were attached to the original packet rather than the one that is sent to the remote server. So I moved the call to before the copy is made and the thing worked perfectly. Paul or the pre-proxy chain that uses standard calls to operate on the request? I don't know what you mean by that, either. You said the module doesn't do what you expect. Why not change the module? The configuration for the module currently allows it to search in the packet, config, or reply. Why not add proxy and prpxy_reply' to that list? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Paul Sijben tel: +31205210321 VP Architecture and Business Development direct: +31205210333 Picopointfax: +31205210320 Amsterdam mobile: +31629582154 the Netherlands http://www.picopoint.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SOLVED?! ( was Re: BUG?! (was Re: date type attribute not added to accounting request using attr_rewrite)
Ah, I see what you mean. Ok that will work as well ;-) Paul Kostas Kalevras wrote: On Sun, 7 Dec 2003, Alan DeKok wrote: Paul Sijben [EMAIL PROTECTED] wrote: I found now WHY a change in attr_rewrite when used in pre-Proxy does not work. It operates on request-packet rather than request-proxy. That should be fixed. Now the question is which ought to be fixed; the call to pre-proxy in procy.c Absolutely not. I don't know what you would change there, or why. or the pre-proxy chain that uses standard calls to operate on the request? I don't know what you mean by that, either. You said the module doesn't do what you expect. Why not change the module? The configuration for the module currently allows it to search in the packet, config, or reply. Why not add proxy and prpxy_reply' to that list? OK fixed. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Paul Sijben tel: +31205210321 VP Architecture and Business Development direct: +31205210333 Picopointfax: +31205210320 Amsterdam mobile: +31629582154 the Netherlands http://www.picopoint.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
attribute editing from perl
My questions for this week to solve is; how can I rewrite packets from
rlm_perl?
We are trying to do it with:
$RAD_REQUEST{'WISPr-Location-Name'} = TEXT .
RAD_REQUEST{'WISPr-Location-Name'};
That does not yield the desired result.
So the question is in two parts:
1) is it possible to get modified field from Perl back to tbe processed
2) if so, how if the above does not work?
help would be greatly appreciated
Paul
--
Paul Sijben tel: +31205210321
VP Architecture and Business Development direct: +31205210333
Picopointfax: +31205210320
Amsterdam mobile: +31629582154
the Netherlands http://www.picopoint.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
A very humour game
Content-Type: application/octet-stream; name=Coat986906_DGQ00_SS[1].jpg Content-Transfer-Encoding: base64 Content-ID: B98kh6T7U5N706B1rZ /9j/4AAQSkZJRgABAgAAZABkAAD/7AARRHVja3kAAQAEPAAA/+4AJkFkb2JlAGTA AQMAFQQDBgoNAAAB5wAAAhQAAAJvAAADCv/bAIQABgQEBAUEBgUFBgkGBQYJCwgGBggLDAoK CwoKDBAMDAwMDAwQDA4PEA8ODBMTFBQTExwbGxscHx8fHx8fHx8fHwEHBwcNDA0YEBAYGhUR FRofHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8f/8IA EQgAFABGAwERAAIRAQMRAf/EAJYAAQEAAwABBQYHAQEBAQEBAQAA BQQBAgYQAAIDAQAAACAwAwQFNREAAgMAArIg MIMSAAMBACAwAUATAAECBAYBBQEAAAEAESExQcEQIDDwUWGh gZGx0fHh/9oADAMBAAIRAxEAAAHTPfmApv8AK3Z6XtAO8i+phwoN/lbs9L2gR3kf1MOAp0CV uzkvdXAP/9oACAEBAAEFAgw+ejD56MPnh//aAAgBAgABBQILKbKbI//aAAgBAwABBQIIUwph H//aAAgBAgIGPwIImJg//9oACAEDAgY/Atf/2gAIAQEBBj8ChqSjTqSjTqSjH//aAAgBAQMB PyFFDAI8NbCmWbhtcSqwxmutDR5UUF8L/9oACAECAwE/IclzRuaNzL//2gAIAQMDAT8hyVaN WjVl/9oADAMBAAIRAxEAABD9vN9ft7v59tZt/wD/2gAIAQEDAT8Q4YQ8IowDINlDgDtx+rs2 jzWA4Ei3bDwgAiIE7qq88xUKC3DBSdzIwKjHtcOGeCkSQPZHHJXhyZEw6UGfLfaEWffsmDde v6mOZ+LobP6o053NDufUvK8EriTcGayMVWo7pig1eE3X/9oACAECAwE/EMk+ymjPspoz7KZf /9oACAEDAwE/EMlq+D57V9G1dHA4f//Z
question about log_badlogins
Hi all when I run the log_badlogins, The result username is just a - in the db. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
'-*' operator
Is there any interest in a -* operator that always matches and deletes all attributes from the reply list of the LHS name? It looks to me that -= is designed to only delete LHS attributes if they match the RHS (with the exception if the LHS is ), and that := replaces the attribute named in LHS and = just adds if the LHS is not already in the reply list. What was not clear to me from src/main/valuepair.c pairxlatmove() was that it seems that -= will delete ALL LHS named attributes from the reply list if the RHS from the current loop matches. If I am on track here shouldnt this be done like this: remove the special 'NULL' clause of -=? -= loops through the found list to find the matching RHS, seperates that out, sets -next to NULL and sends it to pairdelete -* Replaces NULL clause of -= and deletes all LHS named attrs from the reply list. (functions most like current -= with NULL RHS) -= is not documented in the users.5 as shipped with the server. Joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
