RE: Working radiusd.conf for TTLS - Alfa & Ariss client setup?
We use A&A with build 1024 with no problem with or with out
Server certificate validation.
> -Original Message-
> From: Damjan [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 04, 2003 1:40 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Working radiusd.conf for TTLS - Alfa & Ariss client
setup?
>
> > > I have seen this asked a few times in the group but no one seemed
to
> be
> > > able to post a radiusd.conf that works form him/her in a TTLS with
> > > Alfa & Ariss client setup, so I thought I'd ask again ;)
> >
> > I think I've used it with the A&A client, but I don't recall for
> > sure. I do recall that one of the clients I tested crashed when
using
> > TTLS, which was unfortunate.
>
> I've used the Alfa & Ariss client with freeradius-snapshot-20031029
and
> there were no problems at all.
>
> Also there is nothing special about my radiusd.conf setup except that
I
> made a self signed certificate without a password:
> tls {
> # private_key_password =
> private_key_file = /etc/1x/wifi.pem
> certificate_file = /etc/1x/wifi.pem
> CA_file = /etc/1x/wifi.pem
> ...
>
> But I've also disabled checking the server certificate in the client,
> for the initial testing (and I didn't have time to test since then)
>
> The client was authenticated with a user name and password from the
> "/etc/raddb/users" file.
>
>
>
> --
> Damjan Georgievski
> jabberID: [EMAIL PROTECTED]
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Working radiusd.conf for TTLS - Alfa & Ariss client setup?
> > I have seen this asked a few times in the group but no one seemed to be
> > able to post a radiusd.conf that works form him/her in a TTLS with
> > Alfa & Ariss client setup, so I thought I'd ask again ;)
>
> I think I've used it with the A&A client, but I don't recall for
> sure. I do recall that one of the clients I tested crashed when using
> TTLS, which was unfortunate.
I've used the Alfa & Ariss client with freeradius-snapshot-20031029 and
there were no problems at all.
Also there is nothing special about my radiusd.conf setup except that I
made a self signed certificate without a password:
tls {
# private_key_password =
private_key_file = /etc/1x/wifi.pem
certificate_file = /etc/1x/wifi.pem
CA_file = /etc/1x/wifi.pem
...
But I've also disabled checking the server certificate in the client,
for the initial testing (and I didn't have time to test since then)
The client was authenticated with a user name and password from the
"/etc/raddb/users" file.
--
Damjan Georgievski
jabberID: [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Working radiusd.conf for TTLS - Alfa & Ariss client setup?
Jeroen Roodhart <[EMAIL PROTECTED]> wrote: > I have seen this asked a few times in the group but no one seemed to be > able to post a radiusd.conf that works form him/her in a TTLS with > Alfa & Ariss client setup, so I thought I'd ask again ;) I think I've used it with the A&A client, but I don't recall for sure. I do recall that one of the clients I tested crashed when using TTLS, which was unfortunate. > The thing is, I have TTLS working with a Linux client using Xsupplicant, > but can't get WinXP to work using this configuration. The Aegis Meetinghouse client works for sure. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Working radiusd.conf for TTLS - Alfa & Ariss client setup?
Hello, I have seen this asked a few times in the group but no one seemed to be able to post a radiusd.conf that works form him/her in a TTLS with Alfa & Ariss client setup, so I thought I'd ask again ;) The thing is, I have TTLS working with a Linux client using Xsupplicant, but can't get WinXP to work using this configuration. I've read some success stories here from people using A&A and I probably would be helped if I can compare my setup with one of these working setups. Thanks in advance for the help, With kind regards, Jeroen Roodhart -- Jeroen Roodhart University of Amsterdam jeroen@science.uva.nlFaculty of Science / ICT-Group Systeem- en netwerkbeheerTel. 020 525 7203 / 06 51338165 -- See http://www.science.uva.nl/~jeroen for openPGP public key signature.asc Description: This is a digitally signed message part
Re: Recommended value in radiusd.conf for HIGH load env.
On Thu, 18 Sep 2003, Rohaizam Abu Bakar wrote:
> Please help me to tune recommended value in radiusd.conf for HIGH load environment
>
> Used:
>
> FreeBSD 4.8
> Freeradius 0.9.0
> Openldap 2.0.27
>
> .
> max_request_time = 30
> delete_blocked_requests = no
> cleanup_delay = 5
> max_requests = 256000
> hostname_lookups = yes
> allow_core_dumps = no
>
> # THREAD POOL CONFIGURATION
> thread pool {
> start_servers = 5
> max_servers = 2048=> is it too high ???
Probably yes. If your backend responds quickly you wont need to increase it to
such high levels. You will need to increase the start_servers,*spare_servers
directives though to some reasonable values like start_servers = 20
> min_spare_servers = 3
> max_spare_servers = 10
> max_requests_per_server = 0
> }
>
> # MODULE
> ldap {
> server = "10.1.1.1"
> identity = "cn=Sysadmin,ou=Applications,dc=xxx,dc=xx"
> password = xxx
> basedn = "ou=People,dc=,dc=xxx"
> filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
> start_tls = no
> access_attr = "dialupAccess"
> dictionary_mapping = ${raddbdir}/ldap.attrmap
> ldap_connections_number = 2048=> is it too high ?
That's *really* too high. I don't think you will ever need to increase it to
more than 128-256 connections.
> timeout = 10
> timelimit = 10
> net_timeout = 5
> }
> ..
>
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Recommended value in radiusd.conf for HIGH load env.
Please help me to
tune recommended value in radiusd.conf for HIGH load environment
Used:
FreeBSD 4.8
Freeradius 0.9.0
Openldap 2.0.27
.
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 256000
hostname_lookups = yes
allow_core_dumps = no
# THREAD POOL CONFIGURATION
thread pool {
start_servers = 5
max_servers
= 2048 => is it too high
???
min_spare_servers =
3
max_spare_servers =
10
max_requests_per_server =
0
}
# MODULE
ldap {
server =
"10.1.1.1"
identity =
"cn=Sysadmin,ou=Applications,dc=xxx,dc=xx"
password
= xxx
basedn =
"ou=People,dc=,dc=xxx"
filter =
"(uid=%{Stripped-User-Name:-%{User-Name}})"
start_tls =
no
access_attr =
"dialupAccess"
dictionary_mapping =
${raddbdir}/ldap.attrmap
ldap_connections_number = 2048 => is it
too high
?
timeout =
10
timelimit =
10
net_timeout = 5
}..
Re: max_request and max_servers in radiusd.conf
Quoting Kostas Kalevras <[EMAIL PROTECTED]>: > > Freeradius version: 0.9.0 > > Authentication method: LDAP - openldap-2.0.27.tgz > > Running in ISP enviroment connected to various kind of NAS > > > > Found a few errors in radius.log > > > > i) thread error > > > > /var/log/radius.log.0.gz:Thu Aug 28 18:59:19 2003 : Info: The > maximum > > number of threads (32) are active, cannot spawn new thread to handle > > request > > > > => What is the recommended value for max_servers and also max_request > in > > radius.conf ?? > > It depends on your needs on the modules used etc. Maybe something > around 96-120 > Thanks for the value... But that is for max_servers... How about max_request value?? By default it is set to 1024 by the rules of 256*4 client... So I try with 100 clients .. so the value would be 256*100 = 25600 .. Is it ok ?? For backend slow response.. I'll try to fix it... thanks... regards, --haizam This e-mail has been sent via JARING webmail at http://www.jaring.my - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: max_request and max_servers in radiusd.conf
Rohaizam Abu Bakar <[EMAIL PROTECTED]> wrote: > ii) Unresponsive child > > Fri Aug 29 11:49:56 2003 : Error: WARNING: Unresponsive child (id > 135796736) for request 32216 > > => Anybody can explain this error?? Search the mailing list archives. One of your back-end databases is incredibly slow. Fix it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: max_request and max_servers in radiusd.conf
On Fri, 29 Aug 2003, Rohaizam Abu Bakar wrote: > > Freeradius version: 0.9.0 > Authentication method: LDAP - openldap-2.0.27.tgz > Running in ISP enviroment connected to various kind of NAS > > > Found a few errors in radius.log > > i) thread error > > /var/log/radius.log.0.gz:Thu Aug 28 18:59:19 2003 : Info: The maximum > number of threads (32) are active, cannot spawn new thread to handle > request > > => What is the recommended value for max_servers and also max_request in > radius.conf ?? It depends on your needs on the modules used etc. Maybe something around 96-120 > > > ii) Unresponsive child > > Fri Aug 29 11:49:56 2003 : Error: WARNING: Unresponsive child (id > 135796736) for request 32216 > > => Anybody can explain this error?? A thread is taking too much time to handle the request. It is probably waiting for a backend to respond. > > iii) bad search filter > > Fri Aug 29 12:35:48 2003 : Error: rlm_ldap: ldap_search() failed: Bad > search filter > > => Anybody can explain this error Probably your user is passing garbage in the username and as a result the produced search filter is invalid. Do a CVS update on the rlm_ldap module I 've added logging of the failed search filter. > > > Appreciate your help > > regards, > > --haizam > > > > This e-mail has been sent via JARING webmail at http://www.jaring.my > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
max_request and max_servers in radiusd.conf
Freeradius version: 0.9.0 Authentication method: LDAP - openldap-2.0.27.tgz Running in ISP enviroment connected to various kind of NAS Found a few errors in radius.log i) thread error /var/log/radius.log.0.gz:Thu Aug 28 18:59:19 2003 : Info: The maximum number of threads (32) are active, cannot spawn new thread to handle request => What is the recommended value for max_servers and also max_request in radius.conf ?? ii) Unresponsive child Fri Aug 29 11:49:56 2003 : Error: WARNING: Unresponsive child (id 135796736) for request 32216 => Anybody can explain this error?? iii) bad search filter Fri Aug 29 12:35:48 2003 : Error: rlm_ldap: ldap_search() failed: Bad search filter => Anybody can explain this error Appreciate your help regards, --haizam This e-mail has been sent via JARING webmail at http://www.jaring.my - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd.conf for LDAP searches
On Fri, 25 Jul 2003, simpel wrote: > Hello, > > I would like to configure my freeradius 0.8 to search in a LDAP data base using > groups. I then tried things on the radiusd.conf file, to use the > groupname_attribute, groupmembership_filter, groupmembership_filter, and > groupmembership_attribute attributes, but nothing worked. > > My concern is to be able to find users which ar not situated under the same OU, but > which are all contained in the same group. > > Could somebody help me? > > Thank you, > > Regards, > > Thierry Not sure if this is what you are looking for, but here is an example of groups with ldap. in radiusd.conf groupname_attribute = radiusGroupName in ldap uid: example,dc=example,dc=com uid: example objectclass: radiusprofile userPassword: example radiusGroupName: disabled in users DEFAULT Ldap-Group == disabled, Auth-Type := Reject Reply-Message = "Account Disabled" So what would happen is the user would be authorized and radius would do a lookup to see if they belonged to the group disabled. If it exists, then the user will be rejected. If not, then the users file will continue to be parsed. You'd have another default under that one that specified what actions for users that are not disabled. Hope that helps. Dustin Doris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radiusd.conf for LDAP searches
Hello, I would like to configure my freeradius 0.8 to search in a LDAP data base using groups. I then tried things on the radiusd.conf file, to use the groupname_attribute, groupmembership_filter, groupmembership_filter, and groupmembership_attribute attributes, but nothing worked. My concern is to be able to find users which ar not situated under the same OU, but which are all contained in the same group. Could somebody help me? Thank you, Regards, Thierry Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software
Re: radiusd.conf
good point, cisco use 1645 default if you dont specify in the configuration. =) Evren On Mon, 9 Dec 2002, William Ragsdale wrote: > On Mon, 09 Dec 2002 17:01:05 -0600 Bill <[EMAIL PROTECTED]> wrote: > > > Hello! > > Can someone send me a radiusd.conf example that would show a connection > > for > > an AS5200 or similar? I have FreeRadius running on Suse 8.0. I'm > > currently > > a wireless provider going to dial-up also. When I try to connect, the > > Cisco > > box says that it can't find the Radius server. I have port 1645 loaded > > on > > both units as well as the key "secret". I'm thinking I'm still missing > > something in the radiusd.conf file. > > Thanks, > > Greetings, > Did you specify port 1645 on your FreeRadius daemon? By default it uses > port 1812 for authentication. > > > -- > > ·William Ragsdale ·http://www.netonecom.net > ·Server Administrator ·Office Hours ·NetOne Communications, Inc. > ·Work: 231-734-2917 10AM - 7PM ·2186 US 10 > ·FAX: 231-734-6395 ·Sears, MI 49679 > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd.conf
On Mon, 09 Dec 2002 17:01:05 -0600 Bill <[EMAIL PROTECTED]> wrote: > Hello! > Can someone send me a radiusd.conf example that would show a connection > for > an AS5200 or similar? I have FreeRadius running on Suse 8.0. I'm > currently > a wireless provider going to dial-up also. When I try to connect, the > Cisco > box says that it can't find the Radius server. I have port 1645 loaded > on > both units as well as the key "secret". I'm thinking I'm still missing > something in the radiusd.conf file. > Thanks, Greetings, Did you specify port 1645 on your FreeRadius daemon? By default it uses port 1812 for authentication. -- ·William Ragsdale ·http://www.netonecom.net ·Server Administrator ·Office Hours ·NetOne Communications, Inc. ·Work: 231-734-2917 10AM - 7PM ·2186 US 10 ·FAX: 231-734-6395 ·Sears, MI 49679 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radiusd.conf
This doesn't exactly answer your question, but I found it helpful. Goto www.dialways.com and download radping. It is a win client to test radius servers. Once you get that working, then worry about your cisco box. Tim > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Bill > Sent: Monday, December 09, 2002 5:01 PM > To: [EMAIL PROTECTED] > Subject: radiusd.conf > > > Hello! > Can someone send me a radiusd.conf example that would show a > connection for > an AS5200 or similar? I have FreeRadius running on Suse 8.0. I'm > currently > a wireless provider going to dial-up also. When I try to connect, > the Cisco > box says that it can't find the Radius server. I have port 1645 loaded on > both units as well as the key "secret". I'm thinking I'm still missing > something in the radiusd.conf file. > Thanks, > Bill > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radiusd.conf
Hello! Can someone send me a radiusd.conf example that would show a connection for an AS5200 or similar? I have FreeRadius running on Suse 8.0. I'm currently a wireless provider going to dial-up also. When I try to connect, the Cisco box says that it can't find the Radius server. I have port 1645 loaded on both units as well as the key "secret". I'm thinking I'm still missing something in the radiusd.conf file. Thanks, Bill - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
also, how to call a external program from Accounting section in radiusd.conf
Raymond
Re: Enable EAP/TLS on radiusd.conf
hi > On radiusd.conf, there are two configuration "dh_file" > and "random_file". Where comes from these two files? > What should I do to get them? If I ignore these two > configuration, the error messages will show: random file is really RANDOM. just copy some bytes from your /dev/random to some file and use it. the right dh_file can be found in the openSSL distribution, look for it in the openSSL directories, in my case in the ./apps and ./crypto/dh directories. ciao artur -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Enable EAP/TLS on radiusd.conf
Hi everybody, Maybe this is not FreeRadius's problem but OpenSSL! On radiusd.conf, there are two configuration "dh_file" and "random_file". Where comes from these two files? What should I do to get them? If I ignore these two configuration, the error messages will show: rlm_eap_tls: Error loading randomness rlm_eap: Failed to initialize the type tls radiusd.conf[454]: eap: Module instantiation failed. Thanks for your help. Jason.
checkrad param in radiusd.conf
Hi,
in radiusd.conf there is the parameter checkrad with the location of this
program that isn't read at startup time by the server. I need it because I
have many servers that run on the same machine (on different port) and each
one use a different checkrad (in the checkrad there are the directory
locations, and any process had a different location).
I wrote a little patch (apply to 0.7 and to the latest CVS) that read this
parameter and use it in session.c when checkrad is call.
I'm not a professional programmer but I hope this is usefull.
Andrea
--- src/main/radiusd.c.orig 2002-08-14 14:28:53.040002000 +0200
+++ src/main/radiusd.c 2002-08-14 14:54:49.490002000 +0200
@@ -203,6 +203,7 @@
{ "lower_pass", PW_TYPE_STRING_PTR, 0, &mainconfig.do_lower_pass, "no" },
{ "nospace_user", PW_TYPE_STRING_PTR, 0, &mainconfig.do_nospace_user, "no" },
{ "nospace_pass", PW_TYPE_STRING_PTR, 0, &mainconfig.do_nospace_pass, "no" },
+ { "checkrad", PW_TYPE_STRING_PTR, 0, &mainconfig.checkrad,
"${sbindir}/checkrad" },
{ "proxy_requests", PW_TYPE_BOOLEAN, 0, &proxy_requests, "yes" },
{ "proxy", PW_TYPE_SUBSECTION, 0, proxy_config, NULL },
{ "security", PW_TYPE_SUBSECTION, 0, security_config, NULL },
--- src/main/session.c.orig 2002-08-14 14:58:15.400056000 +0200
+++ src/main/session.c 2002-08-14 15:01:43.320003000 +0200
@@ -254,10 +254,10 @@
execl(getenv("COMSPEC"), "", "/C","checkrad",nas->nastype, address, port,
user, session_id, NULL);
#else
- execl(CHECKRAD, "checkrad",nas->nastype, address, port,
+ execl(mainconfig.checkrad, "checkrad",nas->nastype, address, port,
user, session_id, NULL);
#endif
- radlog(L_ERR, "Check-TS: exec %s: %s", CHECKRAD, strerror(errno));
+ radlog(L_ERR, "Check-TS: exec %s: %s", mainconfig.checkrad, strerror(errno));
/*
* Exit - 2 means "some error occured".
--- src/include/radiusd.h.orig 2002-08-14 14:33:41.090063000 +0200
+++ src/include/radiusd.h 2002-08-14 14:56:44.44000 +0200
@@ -132,6 +132,7 @@
char*do_nospace_user;
char*do_nospace_pass;
char*nospace_time;
+ char*checkrad;
} MAIN_CONFIG_T;
#define DEBUG if(debug_flag)log_debug
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to put more than 1 counters in radiusd.conf
Rubby <[EMAIL PROTECTED]> wrote:
> I want to load 3 counter modules in freeradius, one for daily,one
> for monthly,and one for never, how can I configure radiusd.conf? I
> tried several ways,but doesnot work.
Give the instance a second name
counter counter_daily {
...
}
counter counter_monthly {
...
}
counter counter_never {
...
}
And then refer to 'counter_daily', etc. in the authorize/whatever
section, instead of 'counter'.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to put more than 1 counters in radiusd.conf
Hi,all, I want to load 3 counter modules in freeradius, one for daily,one for monthly,and one for never, how can I configure radiusd.conf? I tried several ways,but doesnot work. I searched the mailing list,donot find my answer,but Alan ever said yes in mailing list. Please give some help. Thanks in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radwho doesn't read /etc/raddb/radiusd.conf for location of rad(u/w)tmp
(Here is a copy of a bug I filed for the debian package, #134539) Package: radiusd-freeradius Version: 0.4-1 The default directory for the radutmp and radwtmp files is /var/log/radiusd-freeradius/ However, we have specified a different directory (/var/log/) to store these files in /etc/raddb/radiusd.conf The radwho program still looks in /var/log/radiusd-freeradius/ for the rad(u/w)tmp files, as indicated by a "strace radwho". A quick fix has been to create symbolic links to the real location of the rad(u/w)tmp files: bugs:/var/log/radiusd-freeradius# ls -al total 7 drwxr-xr-x3 root freerad 1024 Feb 18 16:46 . drwxr-xr-x 15 root root 5120 Feb 18 06:41 .. drwxr-xr-x2 freerad freerad 1024 Dec 14 02:38 radacct lrwxrwxrwx1 root root 10 Feb 18 16:46 radutmp -> ../radutmp lrwxrwxrwx1 root root 10 Feb 18 16:45 radwtmp -> ../radwtmp Andrew Tait System Administrator Country NetLink Pty, Ltd E-Mail: [EMAIL PROTECTED] WWW: http://www.cnl.com.au 30 Bank St Cobram, VIC 3644, Australia Ph: +61 (03) 58 711 000 Fax: +61 (03) 58 711 874 "It's the smell! If there is such a thing." Agent Smith - The Matrix - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd.conf and Useable Variables
Simon Allard <[EMAIL PROTECTED]> wrote: > There is a very useful list in xlat.c for alot of variables that can be > used though. Would be very handy to have on the faq or something. It's in doc/rlm_detail, I think. Yes, that isn't a very obvious place for it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd.conf and Useable Variables
Ignore this :)
I thought about it and now understand what you ment.
There is a very useful list in xlat.c for alot of variables that can be
used though. Would be very handy to have on the faq or something.
- Si
> > > What I am trying to do is this.
> > >
> > > groupmembership_filter = "(loginName=%u)(nasAccess=%{Huntgroup-Name})
> > >
> > > %{Huntgroup-Name} does not get expanded to be the configued Huntgroup
> > > though.
> >
> > Run it in debugging mode. See where/when rlm_preprocess adds in the
> > huntgroup name.
> >
> > If it isn't added, then it can't be used.
>
> Don't quite get what you mean.
>
> This is what my debug for the preeproccess module sayes.
>
> Module: Loaded preprocess
> preprocess: huntgroups = "/etc/raddb/huntgroups"
> preprocess: hints = "/etc/raddb/hints"
> preprocess: with_ascend_hack = no
> preprocess: ascend_channels_per_line = 23
> preprocess: with_ntdomain_hack = no
> preprocess: with_specialix_jetstream_hack = no
> preprocess: with_cisco_vsa_hack = no
> Module: Instantiated preprocess (preprocess)
>
>
> This is in my /etc/raddb/huntgroups
>
> MAINLINE NAS-IP-Address == 10.10.10.10
>
>
> It doesn't seem to expand, but I am unsure if its cause I am using the
> wrong name and if its supported. If its not supported, is it possible to
> add, I don't mind doing the code for it, but just want to make sure its
> possible before tearing into the code.
>
> - Si
>
>
> Simon Allard (Senior Tool Monkey)
> IHUG
> Ph (09) 358-5067 Email: [EMAIL PROTECTED]
>
> WARNING: Excessive alcohol may lead you to believe people
> are laughing WITH you.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
Simon Allard (Senior Tool Monkey)
IHUG
Ph (09) 358-5067 Email: [EMAIL PROTECTED]
WARNING: Excessive alcohol may lead you to believe people
are laughing WITH you.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd.conf and Useable Variables
> > What I am trying to do is this.
> >
> > groupmembership_filter = "(loginName=%u)(nasAccess=%{Huntgroup-Name})
> >
> > %{Huntgroup-Name} does not get expanded to be the configued Huntgroup
> > though.
>
> Run it in debugging mode. See where/when rlm_preprocess adds in the
> huntgroup name.
>
> If it isn't added, then it can't be used.
Don't quite get what you mean.
This is what my debug for the preeproccess module sayes.
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
This is in my /etc/raddb/huntgroups
MAINLINE NAS-IP-Address == 10.10.10.10
It doesn't seem to expand, but I am unsure if its cause I am using the
wrong name and if its supported. If its not supported, is it possible to
add, I don't mind doing the code for it, but just want to make sure its
possible before tearing into the code.
- Si
Simon Allard (Senior Tool Monkey)
IHUG
Ph (09) 358-5067 Email: [EMAIL PROTECTED]
WARNING: Excessive alcohol may lead you to believe people
are laughing WITH you.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd.conf and Useable Variables
Simon Allard <[EMAIL PROTECTED]> wrote:
> Is there a list of variables that can be used in radiusd.conf?
Not really, sorry.
> What I am trying to do is this.
>
> groupmembership_filter = "(loginName=%u)(nasAccess=%{Huntgroup-Name})
>
> %{Huntgroup-Name} does not get expanded to be the configued Huntgroup
> though.
Run it in debugging mode. See where/when rlm_preprocess adds in the
huntgroup name.
If it isn't added, then it can't be used.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radiusd.conf and Useable Variables
Is there a list of variables that can be used in radiusd.conf?
What I am trying to do is this.
groupmembership_filter = "(loginName=%u)(nasAccess=%{Huntgroup-Name})
%{Huntgroup-Name} does not get expanded to be the configued Huntgroup
though.
- Simon
Simon Allard (Senior Tool Monkey)
IHUG
Ph (09) 358-5067 Email: [EMAIL PROTECTED]
WARNING: Excessive alcohol may lead you to believe people
are laughing WITH you.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Is the order of modules in radiusd.conf important?
At 09:28 PM 10/4/2001 +0200, you wrote:
>Hello,
>
>Below is a fragment of my raddb/radiusd.conf.
>
>authorize {
> preprocess
> sql
> files
>}
>
>When I change the order of two modules in 'authorize' section like this
>
>authorize {
> preprocess
> files
> sql
>}
>
>'Add-Port-To-IP-Address' feature stops to work and every user gets the same
>IP address. I have a very small users file and try to store the most of
>check and reply items in a MySQL DB. For example, I have such record in my
>radgroupreply table
>
>DEFAULT | Add-Port-To-IP-Address | Yes
>
>and it works fine when 'files' is below 'sql'. Can someone explain me why it
>stops to work?
Run the server in debug mode ( radiusd -X ).
You'll most likely find that SQL is not being called at all, becuase,
yes, order does matter ( as do return values from the modules ). If
'files' returns success, then the server will not move on to call
SQL and your attributes will not be called.
You can authorize a user from only one module, it's difficult to have
modules build on each-other. I expect what you are trying to do is
something similar to a 'Module Fall-Through'.
If you feel daring, there is a document about how to do failover and
the like in the /doc directory. You may be able to get things
working the way you want by following the instructions in there to
modify the default behaviour on module return values.
-Chris
--
\\\|||/// \ Chris Parker-Manager, Development Engineering
\ ~ ~ / \ WX *is* Wireless!\ [EMAIL PROTECTED]
| @ @ |\ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\--
\ Without C we would have 'obol', 'basi', and 'pasal'
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Is the order of modules in radiusd.conf important?
Hello,
Below is a fragment of my raddb/radiusd.conf.
authenticate {
sql
}
authorize {
preprocess
sql
files
}
preacct {
files
preprocess
}
accounting {
detail
unix
radutmp
sql
}
session {
radutmp
}
When I change the order of two modules in 'authorize' section like this
authorize {
preprocess
files
sql
}
'Add-Port-To-IP-Address' feature stops to work and every user gets the same
IP address. I have a very small users file and try to store the most of
check and reply items in a MySQL DB. For example, I have such record in my
radgroupreply table
DEFAULT | Add-Port-To-IP-Address | Yes
and it works fine when 'files' is below 'sql'. Can someone explain me why it
stops to work?
With best regards,
Andrew
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
