Re: Device specific Access-Accept attributes and granular user group control
Matt Hite wrote: - Different brands of gear should get different VSAs and/or general attributes returned in Access-Accept messages. For example, if I log in from a Cisco device, I should get a different RADIUS attribute sent back than when logging in from a F5 or a NetScreen. It's not well known, but the configuration files can be used as a simple database. Any well formed text will be accepted, and can be lookup up later. e.g.: client foo { ipaddr = ... secret = ... myfield = cisco .. } Then when processing a packet: if (%{client:myfield} == cisco) { ... } You can define your own data, and put each device into it's own group, simply by adding a field to each client entry. Then, return the appropriate attributes for each type of client. - Some users can log into certain groups of devices, others should not be able to Use the same thing, but also using groups for the users. client foo { ... class = foo } Then in a processing section (authorize, etc.) if ((Group == limited) (%{client:class} != foo)) { reject } If you don't want unix groups, see man rlm_passwd. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Add timestamp with milliseconds in Radius Log
Hi list! I need to add timestamp with milliseconds in radius log. I've hust try radiusd -xX but it's nont enough (adding x doesn't resolv problem). Thx all Ema - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
eap.conf timer_expire
Hi list which is the measure unit of this parameter, seconds or milliseconds or dec seconds. Thx all. E.B. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Add timestamp with milliseconds in Radius Log
Bello, Emmanuele wrote: Hi list! I need to add timestamp with milliseconds in radius log. I've hust try radiusd -xX but it's nont enough (adding x doesn't resolv problem). Edit the source code. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: eap.conf timer_expire
Bello, Emmanuele wrote: Hi list which is the measure unit of this parameter, seconds or milliseconds or dec seconds. Seconds. The default value of 60 should hint that it's not milliseconds, at least. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ldap Deprecated conditional expansion
Hi All, I keep seeing this in the logs: [ldap] WARNING: Deprecated conditional expansion :-. See man unlang for details I assume it's from this filter: [ldap] expand: ((uid=%{Stripped-User-Name:-%{User-Name}})(!(inetCOS=802.1x_disabled))) - ((uid=hh52)(!(inetCOS=802.1x_disabled))) but I'm not sure what uid=%{Stripped-User-Name:-%{User-Name} should be set to instead. Any ideas? Cheers, Harry - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ldap Deprecated conditional expansion
Hi, I keep seeing this in the logs: [ldap] WARNING: Deprecated conditional expansion :-. See man unlang for details I assume it's from this filter: [ldap] expand: ((uid=%{Stripped-User-Name:-%{User-Name}})(!(inetCOS=802.1x_disabled))) - ((uid=hh52)(!(inetCOS=802.1x_disabled))) but I'm not sure what uid=%{Stripped-User-Name:-%{User-Name} should be set to instead. Any ideas? check the mailing archives or read the ldap module in the latest 2.1.8 release of FreeRADIUS filter = (uid=%{%{Stripped-User-Name}:-%{User-Name}}) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Upgrade from 1.3 to 2.0
Hello, We just upgraded one of our FreeRadius servers from 1.3 to 2.0 (part of a debian upgrade from Etch to Lenny). Anyway one of the problems I'm having is updating the proxy.conf file. It states that one should move away from the realm entry to the home_server entry. So I have changed this entry in the proxy.conf file: realm somedomain.net { type= radius authhost= wendy.somedomain.net:1645 accthost= LOCAL secret = ItsSecret nostrip } to: home_server somedomain.net { type = auth virtual_server = wendy.somedomain.net port = 1645 secret = ItsSecret response_window= 7 zombie_period = 40 status_check = status-server check_interval = 20 num_answers_to_alive = 3 } I had tried the ipaddr = command as well. Anyway the authentication request to the wendy.somedomain.net server is not getting through using this new home_server entry. What am I doing wrong Thanks, Ken - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problem with freeradius daemon start
Hi friends , I'm trying to install freeradius in Debian Lenny for using WPAEnterprise in a Trendnet AP. I downloaded the latest stable version (2.1.8),created the packages with dpkg-buildpackage -b -uc. that created the following modules der freeradius-dialupadmin_2.1.8+git_all.deb freeradius-postgresql_2.1.8+git_i386.deb p12 freeradius_2.1.8+git_i386.changes freeradius-iodbc_2.1.8+git_i386.deb freeradius-server-2.1.8 pass freeradius_2.1.8+git_i386.deb freeradius-krb5_2.1.8+git_i386.deb freeradius-utils_2.1.8+git_i386.deb pem freeradius-common_2.1.8+git_all.deb freeradius-ldap_2.1.8+git_i386.deb libfreeradius2_2.1.8+git_i386.deb freeradius-dbg_2.1.8+git_i386.deb freeradius-mysql_2.1.8+git_i386.deb libfreeradius-dev_2.1.8+git_i386.deb I installed the .deb files with dpkg -i but when tried to start freeradius with /usr/sbin/freeradius -X to debug the process I receive the following message: Please If anyone could shed any light on this.It would be appreciated Thanks in advance. nas1:/usr/src# /usr/sbin/freeradius -X FreeRADIUS Version 2.1.8, for host i486-pc-linux-gnu, built on Feb 5 2010 at 16:17:03 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/modules/ including configuration file /etc/freeradius/modules/inner-eap including configuration file /etc/freeradius/modules/exec including configuration file /etc/freeradius/modules/otp including configuration file /etc/freeradius/modules/preprocess including configuration file /etc/freeradius/modules/detail including configuration file /etc/freeradius/modules/chap including configuration file /etc/freeradius/modules/sql_log including configuration file /etc/freeradius/modules/passwd including configuration file /etc/freeradius/modules/pap including configuration file /etc/freeradius/modules/realm including configuration file /etc/freeradius/modules/perl including configuration file /etc/freeradius/modules/detail.log including configuration file /etc/freeradius/modules/expiration including configuration file /etc/freeradius/modules/etc_group including configuration file /etc/freeradius/modules/attr_rewrite including configuration file /etc/freeradius/modules/mschap including configuration file /etc/freeradius/modules/counter including configuration file /etc/freeradius/modules/logintime including configuration file /etc/freeradius/modules/checkval including configuration file /etc/freeradius/modules/pam including configuration file /etc/freeradius/modules/acct_unique including configuration file /etc/freeradius/modules/linelog including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login including configuration file /etc/freeradius/modules/sradutmp including configuration file /etc/freeradius/modules/files including configuration file /etc/freeradius/modules/always including configuration file /etc/freeradius/modules/mac2vlan including configuration file /etc/freeradius/modules/radutmp including configuration file /etc/freeradius/modules/ippool including configuration file /etc/freeradius/modules/wimax including configuration file /etc/freeradius/modules/cui including configuration file /etc/freeradius/modules/smbpasswd including configuration file /etc/freeradius/modules/smsotp including configuration file /etc/freeradius/modules/digest including configuration file /etc/freeradius/modules/krb5 including configuration file /etc/freeradius/modules/attr_filter including configuration file /etc/freeradius/modules/unix including configuration file /etc/freeradius/modules/ntlm_auth including configuration file /etc/freeradius/modules/mac2ip including configuration file /etc/freeradius/modules/policy including configuration file /etc/freeradius/modules/detail.example.com including configuration file /etc/freeradius/modules/expr including configuration file /etc/freeradius/modules/echo including configuration file /etc/freeradius/modules/ldap including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/default including configuration file /etc/freeradius/sites-enabled/inner-tunnel main { user = freerad group = freerad allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main {