Authorization question
Hi all, I'm looking to find a way to dynamically append (or rewrite) attribute values on proxy server for request responses. This is the basic case where home server will only authenticate the user, and we need to define the authorisation data at the proxy server (the home server does not know what authorisation parameters should be included, not their values). Any hints on how to get this done? maybe Autz-Type could help in this by setting a default entry in the users file as follows: DEFAULT Realm == other.company.com, Autz-Type := SQL will this enable authenticating the user from remote server, but authorizing him from entries in SQL database? Regards, Veli-Matti Riepula - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: LOCAL target and username stripping
Veli-Matti Riepula [EMAIL PROTECTED] wrote: I have found that when using LOCAL as auth/acct host in proxy.conf realm definitions, the username is not stripped. Is there a way to get it stripped somehow? Now my way around it is to point the host to 127.0.0.1 and use nostrip option, but this is not very elegant. Which version are you using? Have you tried the latest CVS snapshot? Alan DeKok. FR0.5 release version. I'll try the CVS snapshot and see it that solves it. Veli-Matti - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Core dump when user is in group (msyql)
Can you read 'doc/bugs', and post the relevant information to the list? Damn, after a reboot and various other config changes the problem is away, I cannot replay the event and I cannot tell after which action it disappeared. I'll post the data if I run into it again. Veli-Matti - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Core dump when user is in group (msyql)
Hello, I have a RH7.2 box running on standard kernel with FR 0.5 and mysql 3.23.40. When I try to authenticate a user that is mapped into any group in usergroup table, I get a core dump. If the user is not a part of any group, then things are fine. The mysql table structure should be according to the schema provided with FR0.5. Anyone had the same problems? -- modcall: entering group authorize modcall[authorize]: module preprocess returns ok modcall[authorize]: module suffix returns ok radius_xlat: 'grp_a1' sql_escape in: 'grp_a1' sql_escape out: 'grp_a1' sql_set_user: escaped user -- 'grp_a1' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'grp_a1' ORDER BY id' rlm_sql: Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'grp_a1' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'grp_a1' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'grp_a1' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' Segmentation fault (core dumped) - Regards, Veli-Matti Riepula - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Using Radius for Mac Auth. with Wireless Internet.
How secure is it Mac Authentication. I mean, is there no way for someone to emulate a Authorized Mac. with software or something to get onto the network? Practically it provides low security, anyone who knows a valid MAC address can connect. Most network cards (wired or wireless) provide MAC spoofing as user-friendly option in the card settings, so it does not require the person to be a Mack-the-Hack either. Veli-Matti - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Using Radius for Mac Auth. with Wireless Internet.
Ye , that's what I thought . Thanks for the conformation though. Is there any other way in making this more secure? Nokia has a hybrid WEP/MAC authentication using RADIUS, where the user's personal WEP key is delivered to the AP as a reply-item from a RADIUS server. The user must have corresponding WEP key on his WLAN card settings. Thus trivial spoofing is not enough to gain access. The WEP security is then another story by itself. This does not help if you have Lucent gear, however (assumed from the context)... v-m - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: free radius for wavelan
how can i configure the free radius server to provide MAC adress authentication for our wavelan access points? thanks Wavelan APs send the wireless user's MAC as username and uses same password for everyone. This password is same the client (NAS) password. So, one wireless user in the users file looks simply like: 00601d-2317f8 password=password Regards, Veli-Matti - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html