Radius Access PB
Hi I have freeradius launched and working great on my server, for ADSL authentication, with one NAS, but I am trying to use the same radius with another RAS configured on another DSP, I'm getting always this message: RADIUS, Accounting Request With no reply from my server, even though, in the same time, everything is working great with the other DSP, and if I make radtest locally, I can get on my radius (using radiusd -x) the access request and the reply. I tried to do the same configuration with the other DSP, ignoring the postgresql Flags, and still getting the request but no reply from my side. Any idea?? Thanks Best regards, Elie Hani - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Wrong behaviour of rlm_ldap module + users file
On Fri, 2007-07-27 at 13:25 +0200, inverse wrote:
Hi,
I tried the suggestion and it didn't work, here are the involved
radiusd.conf sections.
Ok. I quick glance at the code shows that the Ldap-Group compare
function will do an LDAP search to find the users LDAP DN. You can set
it, and it should skip the search - however, the attribute needs to go
in the request pairs (grr) so put these lines in hints
DEFAULT
Ldap-UserDn = `cn=%{User-Name},ou=whatever,...`
Note that the DN need not be real
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius Juniper
Hi, small question I know my version is old but I didn't had any problem until recently ! I'm using freeradius 0.9.3 (mandrake 10) to authenticate pppoe users ! When a juniper equipment try to authenticate it fails! (most other brand succed) They told me the field order are not send in the good order... Here is the detail reason juniper gave me : Root cause found, it is caused by that peer side modifies the options order in REJ packet. RFC1661 requires we keep the order so we think the REJ packet is invalid and drop it. So PPP can not be brought UP. Could we contact the ISP to check how they software work? sending order : [DNS_S]--[NBNS_P]--[NBNS_S] : SEND DECODE:(ethernet0/0) ***[IPCP ConfReq ID=0x1 ADDR 0.0.0.0 DNS_P 0.0.0.0 DNS_S 0.0.0.0 NBNS_P 0.0.0.0 NBNS_S 0.0.0.0]*** --- Receiving order, [NBNS_P]--[DNS_S]--[NBNS_S] RECV DECODE:(ethernet0/0) ***[IPCP ConfRej ID=0x1 NBNS_P 0.0.0.0 DNS_S 0.0.0.0 NBNS_S 0.0.0.0]*** Can I do something about this rapidely Thanks for your help _ Soyez parmi les premiers à essayer Windows Live Mail. http://ideas.live.com/programpage.aspx?versionId=5d21c51a-b161-4314-9b0e-4911fb2b2e6d- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius Juniper
Hi! I'm using freeradius 0.9.3 (mandrake 10) to authenticate pppoe users ! When a juniper equipment try to authenticate it fails! (most other brand succed) They told me the field order are not send in the good order... First of all, I have no idea what you are doing from your explanation... you are authenticating the PPPoE users, so I would think that you are the ISP yourself. - What is the role of the Juniper device? (The device that is requesting the connection? The device that is receiving the connection?) - Exactly what kind of equipment is on the other end of the line? - Which device is communicating with FreeRADIUS? : SEND DECODE:(ethernet0/0) ***[IPCP ConfReq ID=0x1 ADDR 0.0.0.0 DNS_P 0.0.0.0 DNS_S 0.0.0.0 NBNS_P 0.0.0.0 NBNS_S 0.0.0.0]*** RECV DECODE:(ethernet0/0) ***[IPCP ConfRej ID=0x1 NBNS_P 0.0.0.0 DNS_S 0.0.0.0 NBNS_S 0.0.0.0]*** Can I do something about this rapidely This does not look like a RADIUS problem. One of your PPP peers (the one on the other end of the line) is mangling its responses and the device from which you posted the logs is not accepting that (as it should, like you already indicated yourself). This is a PPPoE problem. Gtnx Marcel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Wrong behaviour of rlm_ldap module + users file
Hi,
I tried the suggestion and it didn't work, here are the involved
radiusd.conf sections.
You will also notice mschap and similars, that's because we also have
dialup users who need an ldap lookup for their belonging to a dialup
group and the password. I also need to check if chap still works with
this configuration...
instantiate {
exec
ldap
files
expr
}
authorize {
preprocess
auth_log
chap
mschap
suffix
eap
files
pap
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
eap
}
And this is the users file line:
[EMAIL PROTECTED] Cleartext-Password := a, Ldap-Group == wifi
I also used this one:
[EMAIL PROTECTED] Ldap-Group == wifi
with EAP-TLS.
No way. Both first perform a user-existence check in the ldap_groupcmp() call.
Meaning these both work if user exists in the LDAP tree.
In the meanwhile I'm looking at the source code for this call... it
sounds like this search is hardcoded somewhere. Forgive my suckage.
T_T
Bye,
Inverse
On 7/26/07, inverse [EMAIL PROTECTED] wrote:
users file line:
[EMAIL PROTECTED] Auth-Type := EAP, User-Password == a, Ldap-Group ==
wifi
Totally wrong. You want:
[EMAIL PROTECTED] Cleartext-Password := a, Ldap-Group == wifi
Thanks, I owe you one
Bye,
Inverse.
--
In a sea of glass shards, I hear you screaming
--icchan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Adding a NAS via SQL
Hi all, I think I might be being a little dense but when I add a NAS to my SQL database, it doesn't appear to be enabled until I restart my radius server. Is there a way to automatically activate a new NAS device that I add to the SQL database? Kind regards, Paul. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius Juniper
Have you tested if the current version of FreeRADIUS solves your problem? (Maybe you can help me figure out why my copy of Windows 3.1 is not working properly with my new webcam...) -Peter On Fri 27 Jul 2007, J-P Raymond wrote: Hi, small question I know my version is old but I didn't had any problem until recently ! I'm using freeradius 0.9.3 (mandrake 10) to authenticate pppoe users ! When a juniper equipment try to authenticate it fails! (most other brand succed) They told me the field order are not send in the good order... Here is the detail reason juniper gave me : Root cause found, it is caused by that peer side modifies the options order in REJ packet. RFC1661 requires we keep the order so we think the REJ packet is invalid and drop it. So PPP can not be brought UP. Could we contact the ISP to check how they software work? sending order : [DNS_S]--[NBNS_P]--[NBNS_S] : SEND DECODE:(ethernet0/0) ***[IPCP ConfReq ID=0x1 ADDR 0.0.0.0 DNS_P 0.0.0.0 DNS_S 0.0.0.0 NBNS_P 0.0.0.0 NBNS_S 0.0.0.0]*** --- Receiving order, [NBNS_P]--[DNS_S]--[NBNS_S] RECV DECODE:(ethernet0/0) ***[IPCP ConfRej ID=0x1 NBNS_P 0.0.0.0 DNS_S 0.0.0.0 NBNS_S 0.0.0.0]*** Can I do something about this rapidely Thanks for your help _ Soyez parmi les premiers à essayer Windows Live Mail. http://ideas.live.com/programpage.aspx?versionId=5d21c51a-b161-4314-9b0e-4 911fb2b2e6d -- Peter Nixon http://peternixon.net/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Auth-Type in post-auth SQL insert
I'm pretty new to FreeRADIUS so I apologize if this is a really basic
question. I've searched around quite a bit and have been unable to
locate an answer.
I've successfully configured FreeRADIUS to use a SQL driver for
authentication checks as well as inserting records via the post-auth
query. Is there a runtime variable that I can reference to save the
Auth-Type used for authenticating the user during post-auth? I've
tried what I thought to be the obvious (e.g. %{Auth-Type}) but that
doesn't seem to be available (just inserts an empty string).
Essentially, I'd like to catalog the type of authentication that was
used for authorizing a user (assuming it was successful, of course).
For example, user Joe authenticated via PAP.
-brad
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Openldap - Freeradius - auto vlan
Alan, ok, sorry... i configured the radius to get the users from LDAP, but i have some problems in configure the users file, i never install freeradius, i need to configure freeradius to authentic users using the 802.1x and then assign a vlan to that user... i didnt find documentation about it... anybody has anything like this ? Regards, On 7/26/07, Alan DeKok [EMAIL PROTECTED] wrote: Fabio Silva wrote: Hi all, i need to configure a system that works with openldap + freeradius and that assign the vlan automatic to the users... does anybody has any howto to do it? Read your NAS documentation on what attributes it needs to assign a VLAN. Then, make FreeRADIUS send them. I read this one: http://www.freeradius.org/radiusd/doc/ldap_howto.txt but, the versions of the softwares is very old, and in some parts of the howto some options does not work. The server includes that document, along with doc/rlm_ldap. The comments in the radiusd.conf file document the configuration items, and are up to date. Do you have a *specific* question? i.e. Saying it doesn't work doesn't help. What did you do? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Fabio S. Silva Mail: [EMAIL PROTECTED] CCNA / LPIC-2 / MCP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Adding a NAS via SQL
On 7/27/07, Paul Lambert [EMAIL PROTECTED] wrote: Hi all, I think I might be being a little dense but when I add a NAS to my SQL database, it doesn't appear to be enabled until I restart my radius server. Is there a way to automatically activate a new NAS device that I add to the SQL database? NAS adding should be realtime i belive i dont think you need to restart radius for that ram - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SQL read_group patch - please apply!
FOR THE SAKE OF MY SANITY!!! Please apply the patch from http://readlist.com/lists/lists.freeradius.org/freeradius-users/2/10462. html, which was posted 3 and a half months ago! PLEASE, pretty please, with sugar on top! Thanks, Roy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Authorize after checking an LDAP attribute value
Dear Freeradius users:
I am trying to set up my authentication to allow only users
with a particular value of a particular LDAP attribute to login.
I am using freeradius 1.1.7 and I have the authentication
going against Kerberos but I do not know how to have the
radius server check the value of the attribute before allow
access. If they are not in the group, it should send back the
reject packet. Does anyone know how to perform a check item
check against a particular LDAP attribute? Here is how I can
set an attribute to the value and it works correctly:
DEFAULT Auth-Type = Kerberos, NAS-IP-Address == 1.2.3.4, NAS-Port == 10
Connect-Info = %{ldap:ldap:///dc=test,dc=com?testValue?sub?uid=%u};
Any suggestions would be appreciated.
Regards,
Ken Marshall
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL read_group patch - please apply!
Roy Walker wrote: Please apply the patch from http://readlist.com/lists/lists.freeradius.org/freeradius-users/2/10462. html, which was posted 3 and a half months ago! This is a coincidence, but the read_groups patch was checked in CVS earlier today. You can run a cvs update or dowload a new snapshot from the website tomorrow. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
CalledStationID
I'm trying to solve a design issue and wonder if anyone has done something similar with hotspots. I would like to send back different values in the VSAs when a user logs in from one calledStationID vs another. For example. User joe logs in from hotspot1. the calledStationID is sent. FreeRADIUS takes that and sends back the local DNS server IP address (or whatever is specific to that region) instead of the one tied to, say, hotspot100. The goal is to allow me to setup different regions in FreeRADIUS with region-specific parameters. I had some things that I thought would work, but I'm wondering how others have solved this problem. Jeffrey - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius Juniper
I'm using freeradius 0.9.3 (mandrake 10) to authenticate pppoe users ! When a juniper equipment try to authenticate it fails! (most other brand succed) They told me the field order are not send in the good order... First of all, I have no idea what you are doing from your explanation... you are authenticating the PPPoE users, so I would think that you are the ISP yourself. As a mather of fact I'm working for an ISP ! - What is the role of the Juniper device? (The device that is requesting the connection? The device that is receiving the connection?) - Exactly what kind of equipment is on the other end of the line? - Which device is communicating with FreeRADIUS? Our equipment ISP is a Xedia router (Lucent AP) The authentication is done via Freeradius 0.9.3 running on mdk 10 The juniper equipment is on one of our client side, and it's the only equipment that won't authenticate at all In the radius users file we have the following: [EMAIL PROTECTED] Auth-Type := Local, User-Password == edc852 Service-Type = Login,Framed-Protocol = PPP,Framed-Address = 200.100.50.25,Xedia-DNS-Server = 175.200.225.250, XEDIA-PPP-ECHO-INTERVAL = 30 To answer the other question : No I didn't try with the latest version I'm having problems installing it (1.1.6) on this distribution (mdk 10) Thanks for your reply : SEND DECODE:(ethernet0/0) ***[IPCP ConfReq ID=0x1 ADDR 0.0.0.0 DNS_P 0.0.0.0 DNS_S 0.0.0.0 NBNS_P 0.0.0.0 NBNS_S 0.0.0.0]***RECV DECODE:(ethernet0/0) ***[IPCP ConfRej ID=0x1 NBNS_P 0.0.0.0 DNS_S 0.0.0.0 NBNS_S 0.0.0.0]***Can I do something about this rapidely This does not look like a RADIUS problem. One of your PPP peers (the one on the other end of the line) is mangling its responses and the device from which you posted the logs is not accepting that (as it should, like you already indicated yourself). This is a PPPoE problem. Gtnx Marcel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Soyez parmi les premiers à essayer Windows Live Mail. http://ideas.live.com/programpage.aspx?versionId=5d21c51a-b161-4314-9b0e-4911fb2b2e6d- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CalledStationID
users file: DEFAULT Called-Station-Id == hotspot1 reply 1, reply 2, ... DEFAULT Called-Station-Id == hotspot100 reply 1, reply 2, ... Ivan Kalik Kalik Informatika ISP Dana 27/7/2007, Jeffrey Sewell [EMAIL PROTECTED] piše: I'm trying to solve a design issue and wonder if anyone has done something similar with hotspots. I would like to send back different values in the VSAs when a user logs in from one calledStationID vs another. For example. User joe logs in from hotspot1. the calledStationID is sent. FreeRADIUS takes that and sends back the local DNS server IP address (or whatever is specific to that region) instead of the one tied to, say, hotspot100. The goal is to allow me to setup different regions in FreeRADIUS with region-specific parameters. I had some things that I thought would work, but I'm wondering how others have solved this problem. Jeffrey - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius Juniper
IPCP (thing that's failing) is a part of PPP negotiation. It has absolutely nothing to do with radius authentication. Your radius server is not at fault here. Installing new one will not help. Don't bother looking at radius. Look into PPP negotiation between routers. Ivan Kalik Kalik Informatika ISP Dana 27/7/2007, J-P Raymond [EMAIL PROTECTED] piše: I'm using freeradius 0.9.3 (mandrake 10) to authenticate pppoe users ! When a juniper equipment try to authenticate it fails! (most other brand succed) They told me the field order are not send in the good order... First of all, I have no idea what you are doing from your explanation... you are authenticating the PPPoE users, so I would think that you are the ISP yourself. As a mather of fact I'm working for an ISP ! - What is the role of the Juniper device? (The device that is requesting the connection? The device that is receiving the connection?) - Exactly what kind of equipment is on the other end of the line? - Which device is communicating with FreeRADIUS? Our equipment ISP is a Xedia router (Lucent AP) The authentication is done via Freeradius 0.9.3 running on mdk 10 The juniper equipment is on one of our client side, and it's the only equipment that won't authenticate at all In the radius users file we have the following: [EMAIL PROTECTED] Auth-Type := Local, User-Password == edc852 Service-Type = Login,Framed-Protocol = PPP,Framed-Address = 200.100.50.25,Xedia-DNS-Server = 175.200.225.250, XEDIA-PPP-ECHO-INTERVAL = 30 To answer the other question : No I didn't try with the latest version I'm having problems installing it (1.1.6) on this distribution (mdk 10) Thanks for your reply : SEND DECODE:(ethernet0/0) ***[IPCP ConfReq ID=0x1 ADDR 0.0.0.0 DNS_P 0.0.0.0 DNS_S 0.0.0.0 NBNS_P 0.0.0.0 NBNS_S 0.0.0.0]***RECV DECODE:(ethernet0/0) ***[IPCP ConfRej ID=0x1 NBNS_P 0.0.0.0 DNS_S 0.0.0.0 NBNS_S 0.0.0.0]***Can I do something about this rapidely This does not look like a RADIUS problem One of your PPP peers (the one on the other end of the line) is mangling its responses and the device from which you posted the logs is not accepting that (as it should, like you already indicated yourself). This is a PPPoE problem. Gtnx Marcel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Soyez parmi les premiers ŕ essayer Windows Live Mail. http://ideas.live.com/programpage.aspx?versionId=5d21c51a-b161-4314-9b0e-4911fb2b2e6d - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CalledStationID
Could the same thing apply if I'm using MySQL instead of the users file? Maybe a separate sql query based on calledStationID? On 7/27/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: users file: DEFAULT Called-Station-Id == hotspot1 reply 1, reply 2, ... DEFAULT Called-Station-Id == hotspot100 reply 1, reply 2, ... Ivan Kalik Kalik Informatika ISP Dana 27/7/2007, Jeffrey Sewell [EMAIL PROTECTED] piše: I'm trying to solve a design issue and wonder if anyone has done something similar with hotspots. I would like to send back different values in the VSAs when a user logs in from one calledStationID vs another. For example. User joe logs in from hotspot1. the calledStationID is sent. FreeRADIUS takes that and sends back the local DNS server IP address (or whatever is specific to that region) instead of the one tied to, say, hotspot100. The goal is to allow me to setup different regions in FreeRADIUS with region-specific parameters. I had some things that I thought would work, but I'm wondering how others have solved this problem. Jeffrey - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CalledStationID
You could add CalledStationId field to the radgroupreply table and modify
authorize_group_reply_query to check that that field is equal to
%{Called-Station-Id}.
Ivan Kalik
Kalik Informatika ISP
Dana 27/7/2007, Jeffrey Sewell [EMAIL PROTECTED] piše:
Could the same thing apply if I'm using MySQL instead of the users
file? Maybe a separate sql query based on calledStationID?
On 7/27/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
users file:
DEFAULT Called-Station-Id == hotspot1
reply 1,
reply 2,
...
DEFAULT Called-Station-Id == hotspot100
reply 1,
reply 2,
...
Ivan Kalik
Kalik Informatika ISP
Dana 27/7/2007, Jeffrey Sewell [EMAIL PROTECTED] pi#65533;e:
I'm trying to solve a design issue and wonder if anyone has done
something similar with hotspots. I would like to send back different
values in the VSAs when a user logs in from one calledStationID vs
another.
For example. User joe logs in from hotspot1. the calledStationID is
sent. FreeRADIUS takes that and sends back the local DNS server IP
address (or whatever is specific to that region) instead of the one
tied to, say, hotspot100.
The goal is to allow me to setup different regions in FreeRADIUS with
region-specific parameters.
I had some things that I thought would work, but I'm wondering how
others have solved this problem.
Jeffrey
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/usershtml
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EXEC question w/ LDAP Attributes
Hello all,
I have a question regarding returning attributes from LDAP with freeRadius.
I need to do some logic comparing and the only way I have been able to get
close is to use the post-auth section, enable 'exec' and push out some data
to an external program were I can do some patter matching.
Now I have this working just fine with LDAP, the DN and search filter is
fine etc. What I want to do is return other attributes from LDAP to be
included in the radius reply.
I have added the following to dictionary_mapping =
${raddbdir}/ldap.attrmap
checkItem employeeTypeemployeeType
When I run the server in debug mode, I see that it is in fact returning the
value of the employeeType from LDAP. The question revolves around how to
pass that out to my test program for validation?
I have been able to pass out everything that is in the initial radius
request, but nothing else.
I have tried to modify the program line below to also send out
%{employeeType}
%{check:employeeType}
%{request:employeeType}
%{reply:employeeType}
None of those work. I have even tried along the lines of
%{modules.ldap.checkval}
I can't seem to get it to work.
Any help would be appreciated.
Blow is a snip of the radius configuration file, and the little program I
have seen in the user groups to echo out the responses that I am using to
test.
I have verified that if I return a '0' the request is accepted, and a '1'
will reject the request... That part works fine. Also below is parts of the
debug dump.
I don't have the actual connection portion of the log as I am at a remote
site currently, I can send that along also if people think it will be of
benefit.
Thanks for any assistance!
- Reynold
radius.conf
---
exec {
wait = yes
input_pairs = request
program = '${raddbdir}/test.sh %u %{Called-Station-Id}'
}
test.sh
---
#!/bin/bash
echo A: $1
echo B: $2
echo C: $3
exit 0
radiusd -X
--
Module: Loaded exec
exec: wait = yes
exec: program = /etc/raddb/test.sh %u %{Called-Station-Id}
exec: input_pairs = request
exec: output_pairs = (null)
exec: packet_type = (null)
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Loaded LDAP
ldap: server = ldapserver
ldap: port = 389
ldap: net_timeout = 1
ldap: timeout = 4
ldap: timelimit = 3
ldap: identity = admin
ldap: tls_mode = no
ldap: start_tls = no
ldap: tls_cacertfile = (null)
ldap: tls_cacertdir = (null)
ldap: tls_certfile = (null)
ldap: tls_keyfile = (null)
ldap: tls_randfile = (null)
ldap: tls_require_cert = allow
ldap: password = pwd
ldap: basedn = base-dn
ldap: filter = (uid=%{Stripped-User-Name:-%{User-Name}})
ldap: base_filter = (objectClass=user)
ldap: default_profile = (null)
ldap: profile_attribute = (null)
ldap: password_header = (null)
ldap: password_attribute = userpassword
ldap: access_attr = (null)
ldap: groupname_attribute = cn
ldap: groupmembership_filter =
(|((objectClass=GroupOfNames)(member=%{Ldap-UserDn}))((objectClass=GroupO
fUniqueNames)(uniquemember=%{Ldap-UserDn})))
ldap: groupmembership_attribute = (null)
ldap: dictionary_mapping = /etc/raddb/ldap.attrmap
ldap: ldap_debug = 0
ldap: ldap_connections_number = 5
ldap: compare_check_items = no
ldap: access_attr_used_for_allow = yes
ldap: do_xlat = yes
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap
rlm_ldap: reading ldap-radius mappings from file /etc/raddb/ldap.attrmap
rlm_ldap: LDAP employeeType mapped to RADIUS employeeType
conns: 0x8115218
Module: Instantiated ldap (ldap)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
