Locked account

[Maurice James]

How do I get freeradius to deny access based on the ldap attribute
nsAccountLock = true?

 

 

 

 

 

 

 

 

 

  Description: pc_Lt Lotz

 

 

 

 

<>-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problems with my radrelay configuration?

[tonimanel]

Thank you for your answer Alan. 

You have reason. I was probing some definitions inside of configuration, for
this reason appears identity... Also I was very lost. I hope to gradually
understanding the freeradius configuration because it's very difficult.

Now, I am going to probe it with my configuration files and then I will
write the output.

Thanks again.

--
View this message in context: 
http://freeradius.1045715.n5.nabble.com/Problems-with-my-radrelay-configuration-tp4876089p4892232.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: From inner to outer

[Phil Mayers]

On 11/10/11 16:08, Roland Hedberg wrote:

Hi!

I have the following problem. A module I have written uses the inner tunnel 
User-Name to find information about the user from an outside source.
This user information must be returned in the outer tunnel.
Is this doable ?


Sure.

Set a variable in the inner-tunnel reply, then set "use_tunneled_reply = 
yes" on the peap/ttls EAP config.


inner-tunnel:

post-auth {
  update reply {
Some-Variable := "%{sql:...}"
  }
}

default:

post-auth {
  if (reply:Some-Variable) {
...
  }
}

N.B. If you are using Fast Session resumption, you probably need to 
store this info in the Cached-Session-Policy variable.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: From inner to outer

[Alan DeKok]

Roland Hedberg wrote:
> I have the following problem. A module I have written uses the inner tunnel 
> User-Name to find information about the user from an outside source.
> This user information must be returned in the outer tunnel.
> Is this doable ?

  Yes.

> I can think of two ways of doing this:

  Edit eap.conf, change:

  "use_tunneled_reply = yes"

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

From inner to outer

[Roland Hedberg]

Hi!

I have the following problem. A module I have written uses the inner tunnel 
User-Name to find information about the user from an outside source.
This user information must be returned in the outer tunnel.
Is this doable ?
I can think of two ways of doing this:

1) The module while running in the inner tunnel context puts the inner 
User-Name somewhere where the module when running in the outer tunnel context 
can pick it up and do the external source lookup.
2) Do the external source lookup in the inner tunnel context and then put the 
found information somewhere where the module while running in the outer tunnel 
context can find it.

I'd prefer the later.

-- Roland
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: [?? Probable Spam] Re: Local Auth if Proxy Auth fails ---OR--- Proxy Auth if Local Authfails

[Alan DeKok]

Яцко Эллад Геннадьевич (ngs) wrote:
> Would you explain how will it work? I really need to understand
> what is happening, cause I want to do any thing sensibly.

  My original message explained what was going on.

> Suppose I have perform all your recommendations. Cisco sends
> Access-Acepts to RADIUS, It receives a packet and...
> What is further? How does RADIUS proceed it?

  See the "doc" directory for documentation on how the server works.
I'm not going to cut & paste it here.

> Or simply point me to some articles with examples somewhere  in
> Internet.

  See the Wiki.  Use google.  This isn't hard.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problems with my radrelay configuration?

[Alan DeKok]

tonimanel wrote:
> Now, I have configured radiusd.conf with this code:
...

  That should read from the detail file...

> And radrelay.conf with this code:
> 
> listen {
...
> identity = radrelay

  What's "identity" ?

  I *always* get worried when people do things which aren't necessary.
It means that they haven't followed the existing documentation, or
understood it.  It means that they're likely making random changes
without a clear understanding as to what's going on.

> #  See also raddb/sites-available/copy-acct-to-home-server
> #  for additional description.
> #
> preacct {
> #
> #  Proxy the packet using the given realm.
> #  Note that we do not use the realm for anything else such
> #  as prefix/suffix stripping or comparisons.
> #
> update control {
> Proxy-To-Realm := "radrelay"
> }

  OK... radrelay is supposed to proxy the packets.

> I get this output and server continueing without to write the detail file:

  Uh... the configuration you showed above is for radrelay.  You did
*not* tell the main radius server to use the "radrelay-detail" module.

  Edit raddb/sites-available/default.  Look for "accounting".  In it,
look for "detail".  Replace that with "radrelay-detail".

> root@debian:/etc/freeradius# clear; freeradius -X -n radrelay

  Once again, radrelay *reads* the detail file.

  Your comment above is that the server doesn't *write* the detail file.

  Send accounting packets to the main FreeRADIUS server.  It should
write them to the detail file.  radrelay will read them from the detail
file.

  I really don't know how to make that any simpler.  I've said it a
number of times.  You need to read the previous paragraph until you
understand it.

> The same output! What's happening?

  The server is doing exactly what you told it to do, and exactly what I
said it would do.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: RES: Trying to solve a Simultaneous-Use problem

[Arran Cudbard-Bell]

On 11 Oct 2011, at 13:34, Nataniel Klug wrote:

> Arran,
>  
> Thanks for your answer. So to test the NAS what should I use? 
> A ping packet in a shell script?

Yes. Or an SNMP request.

Arran Cudbard-Bell
a.cudba...@freeradius.org

Betelwiki, Betelwiki, Betelwiki http://wiki.freeradius.org/ !

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RES: Trying to solve a Simultaneous-Use problem

[Nataniel Klug]

Marinko,

I didn't know how to ask for "stalled sessions" and I searched for
Sim-Use and found nothing useful... So, if you do not want to help, do not
answer...

--


> -Mensagem original-
> De: freeradius-users-bounces+listas.nata=cnett.com...@lists.freeradius.org
> [mailto:freeradius-users-
> bounces+listas.nata=cnett.com...@lists.freeradius.org] Em nome de
> Marinko Tarlac
> Enviada em: segunda-feira, 10 de outubro de 2011 17:59
> Para: FreeRadius users mailing list
> Assunto: Re: Trying to solve a Simultaneous-Use problem
> 
> We discuss at least once per week about stalled sessions... Search before
> you ask...
> 
> 
> 
> On 10/10/2011 10:49 PM, Arran Cudbard-Bell wrote:
> >
> >> So, my question is: how can I use Simultaneous-Use in
> >> this scenario? Should I make a script that test if the NAS is online
> >> every 10 seconds and if not list all clients connect and stop that
> >> connections? Should this work? Is there anyone with the same scenario
> >> that can share the solution for the problem?
> >
> > --, Yes, Yes, --
> >
> > You can use radclient to send fake accounting stop packets to clear up
> > the stale sessions.
> >
> > Arran Cudbard-Bell
> > a.cudba...@freeradius.org 
> >
> > Betelwiki, Betelwiki, Betelwikihttp://wiki.freeradius.org/ !
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problems with my radrelay configuration?

[tonimanel]

Thanks. 

Now, I have configured radiusd.conf with this code:

#Detail module instance
detail radrelay-detail {
  detailfile = ${radacctdir}/radacct/detail
  detailperm = 0600
  dirperm = 0755
  locking = yes
}

accounting {
  radrealay-detail
}

And radrelay.conf with this code:

listen {
type = detail

#
#  The "radacctdir" parameter below replaces the "-a" command-
#  line option in radrelay.  The "detail" parameter replaces
#  the "detailfile" command-line option in radrelay
#
filename = ${radacctdir}/radacct/detail
load_factor = 50
max_outstanding = 100
identity = radrelay
}

#
#  See also raddb/sites-available/copy-acct-to-home-server
#  for additional description.
#
preacct {
#
#  Proxy the packet using the given realm.
#  Note that we do not use the realm for anything else such
#  as prefix/suffix stripping or comparisons.
#
update control {
Proxy-To-Realm := "radrelay"
}
}

accounting {
#   sql
}

In accounting I have commented sql (you can see) and I have appended listen
instance.

I get this output and server continueing without to write the detail file:

root@debian:/etc/freeradius# clear; freeradius -X -n radrelay
FreeRADIUS Version 2.1.10, for host i486-pc-linux-gnu, built on Nov 14 2010
at 20:41:03
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radrelay.conf
including configuration file /etc/freeradius/modules/always
main {
allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
libdir = "@libdir@"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 65536
pidfile = "/var/run/radrelay/radrelay.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
 log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
 }
 security {
max_attributes = 200
reject_delay = 0
status_server = no
 }
}
radrelay:  Loading Realms and Home Servers 
 home_server radrelay {
ipaddr = 192.168.1.130
port = 1812
type = "acct"
secret = "testing123"
response_window = 30
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 300
status_check_timeout = 4
irt = 2
mrt = 16
mrc = 5
mrd = 30
 }
 home_server_pool radrelay {
type = fail-over
home_server = radrelay
 }
 realm radrelay {
acct_pool = radrelay
 }
radrelay:  Loading Clients 
radrelay:  Instantiating modules 
 instantiate {
 }
radrelay:  Loading Virtual Servers 
server { # from file /etc/freeradius/radrelay.conf
 modules {
 Module: Checking preacct {...} for more modules to load
 } # modules
} # server
radrelay:  Opening IP addresses and Ports 
listen {
type = "detail"
 listen {
filename = "/var/log/freeradius/radacct/radacct/detail"
load_factor = 50
poll_interval = 1
retry_interval = 30
 }
}
Listening on /var/log/freeradius/radacct/radacct/detail
Detail listener /var/log/freeradius/radacct/radacct/detail state unopened
signalled 0 waiting 1.00 sec
Listening on proxy address * port 1139
Waking up in 0.9 seconds.
Polling for detail file /var/log/freeradius/radacct/radacct/detail
Detail listener /var/log/freeradius/radacct/radacct/detail state unopened
signalled 0 waiting 0.843392 sec
Waking up in 0.8 seconds.
Polling for detail file /var/log/freeradius/radacct/radacct/detail
Detail listener /var/log/freeradius/radacct/radacct/detail state unopened
signalled 0 waiting 1.246242 sec
Waking up in 1.2 seconds.
Polling for detail file /var/log/freeradius/radacct/radacct/detail
Detail listener /var/log/freeradius/radacct/radacct/detail state unopened
signalled 0 waiting 1.052300 sec
Waking up in 1.0 seconds.
^C


The same output! What's happening?

Thank you for your help and aswers.




--
View this message in context: 
http://freeradius.1045715.n5.nabble.com/Problems-with-my-radrelay-configuration-tp4876089p4891338.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: [?? Probable Spam] Re: Local Auth if Proxy Auth fails ---OR--- Proxy Auth if Local Authfails

[Яцко Эллад Геннадьевич (ngs)]

Dear Alan!

I ask you to be more indulgent, I didn't want to anger you. :-)

Would you explain how will it work? I really need to understand
what is happening, cause I want to do any thing sensibly.

Suppose I have perform all your recommendations. Cisco sends
Access-Acepts to RADIUS, It receives a packet and...
What is further? How does RADIUS proceed it?

Or simply point me to some articles with examples somewhere  in
Internet.

Kind regards,
Ellad Yatsko


My original answer explained what to do. Follow instructions, or don't 
ask questions. 


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problems with my radrelay configuration?

[Alan DeKok]

tonimanel wrote:
> I supposed this too (detail file not exist), so read process fails.
> So, I should to configure in radiusd.conf the server to write to the detail
> file. Then in radrelay.conf, the configuration is correct? Now radrelay is
> configurated to read detail file, ok? I think that this is correct.

  Yes.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problems with my radrelay configuration?

[tonimanel]

Hi, 

Thank you for your answer Alan. 

I supposed this too (detail file not exist), so read process fails.
So, I should to configure in radiusd.conf the server to write to the detail
file. Then in radrelay.conf, the configuration is correct? Now radrelay is
configurated to read detail file, ok? I think that this is correct.

Thank you again.

--
View this message in context: 
http://freeradius.1045715.n5.nabble.com/Problems-with-my-radrelay-configuration-tp4876089p4891247.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problems with my radrelay configuration?

[Alan DeKok]

tonimanel wrote:

> After append inside modules section of radrelay.conf file this code:
...
> When I lunch freeradius -X -n radrelay appear this:
...
> Polling for detail file /var/log/freeradius/radacct/detail
> Detail listener /var/log/freeradius/radacct/detail state unopened signalled
> 0 waiting 1.185128 sec
> Waking up in 1.1 seconds.

  Yes.  That's what is supposed to happen.

  radrelay *reads* the detail file, and processes packets.  If there's
no detail file, what do you think it does?

> I think that is the same result. Do you know what can be happening? Is
> correct this change? I think that I'm very lost... But I will get! With your
> help!

  You need to configure the server to *write* to the detail file.  Do
this with the normal server.  It will write the detail file, and the
radrelay configuration will read it, and will do it's job.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Local Auth if Proxy Auth fails ---OR--- Proxy Auth if Local Auth fails

[Alan DeKok]

Яцко Эллад Геннадьевич (ngs) wrote:
> I've just asked some questions.. Maybe stupid (I repeat again I am
> beginner in RADIUS)..
> And I still out of knowledge what "to-do"... Or more exactly: how does
> it work?...

  My original answer explained what to do.

  Follow instructions, or don't ask questions.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Local Auth if Proxy Auth fails ---OR--- Proxy Auth if Local Auth fails

[Alan DeKok]

Sergio NNX wrote:
> Are we in a bad mood?

  Do you want to solve your problem?

  If so, read the answers on this list, and follow the instructions.

  If not, unsubscribe, as you're wasting everyones time.

  And yes, it *is* rude to ask questions, and then argue with the answers.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problems with my radrelay configuration?

[tonimanel]

I have changed the line detailfil that was wrong. I have written this:
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d

And the output is: 

root@debian:/etc/freeradius# freeradius -X -n radrelay
FreeRADIUS Version 2.1.10, for host i486-pc-linux-gnu, built on Nov 14 2010
at 20:41:03
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radrelay.conf
including configuration file /etc/freeradius/modules/always
main {
allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
libdir = "@libdir@"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 65536
pidfile = "/var/run/radrelay/radrelay.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
 log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
 }
 security {
max_attributes = 200
reject_delay = 0
status_server = no
 }
}
radrelay:  Loading Realms and Home Servers 
 home_server radrelay {
ipaddr = 192.168.1.130
port = 1812
type = "acct"
secret = "testing123"
response_window = 30
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 300
status_check_timeout = 4
irt = 2
mrt = 16
mrc = 5
mrd = 30
 }
 home_server_pool radrelay {
type = fail-over
home_server = radrelay
 }
 realm radrelay {
acct_pool = radrelay
 }
radrelay:  Loading Clients 
radrelay:  Instantiating modules 
 instantiate {
 }
radrelay:  Loading Virtual Servers 
server { # from file /etc/freeradius/radrelay.conf
 modules {
 Module: Checking preacct {...} for more modules to load
 Module: Checking accounting {...} for more modules to load
 Module: Linked to module rlm_detail
 Module: Instantiating module "detail" from file
/etc/freeradius/radrelay.conf
  detail {
detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
  }
 } # modules
} # server
radrelay:  Opening IP addresses and Ports 
listen {
type = "detail"
 listen {
filename = "/var/log/freeradius/radacct/detail"
load_factor = 50
poll_interval = 1
retry_interval = 30
 }
}
Listening on /var/log/freeradius/radacct/detail
Detail listener /var/log/freeradius/radacct/detail state unopened signalled
0 waiting 1.00 sec
Listening on proxy address * port 1377
Waking up in 0.9 seconds.
Polling for detail file /var/log/freeradius/radacct/detail
Detail listener /var/log/freeradius/radacct/detail state unopened signalled
0 waiting 0.813745 sec
Waking up in 0.8 seconds.
Polling for detail file /var/log/freeradius/radacct/detail
Detail listener /var/log/freeradius/radacct/detail state unopened signalled
0 waiting 1.131002 sec
Waking up in 1.1 seconds.
^C


Thanks.

--
View this message in context: 
http://freeradius.1045715.n5.nabble.com/Problems-with-my-radrelay-configuration-tp4876089p4891007.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Local Auth if Proxy Auth fails ---OR--- Proxy Auth if Local Auth fails

[Яцко Эллад Геннадьевич (ngs)]

Am I ?! :-)

I've just asked some questions.. Maybe stupid (I repeat again I am 
beginner in RADIUS)..
And I still out of knowledge what "to-do"... Or more exactly: how does 
it work?...


Kind regards,
Ellad Yatsko



Are we in a bad mood?


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problems with my radrelay configuration?

[tonimanel]

Hi, 

After append inside modules section of radrelay.conf file this code:

detail {
detailfile = /var/log/freeradius/radacct/detail
detailperm = 0600
dirperm = 0755
locking = no
}

When I lunch freeradius -X -n radrelay appear this:

root@debian:/etc/freeradius# freeradius -X -n radrelay
FreeRADIUS Version 2.1.10, for host i486-pc-linux-gnu, built on Nov 14 2010
at 20:41:03
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radrelay.conf
including configuration file /etc/freeradius/modules/always
main {
allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
libdir = "@libdir@"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 65536
pidfile = "/var/run/radrelay/radrelay.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
 log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
 }
 security {
max_attributes = 200
reject_delay = 0
status_server = no
 }
}
radrelay:  Loading Realms and Home Servers 
 home_server radrelay {
ipaddr = 192.168.1.130
port = 1812
type = "acct"
secret = "testing123"
response_window = 30
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 300
status_check_timeout = 4
irt = 2
mrt = 16
mrc = 5
mrd = 30
 }
 home_server_pool radrelay {
type = fail-over
home_server = radrelay
 }
 realm radrelay {
acct_pool = radrelay
 }
radrelay:  Loading Clients 
radrelay:  Instantiating modules 
 instantiate {
 }
radrelay:  Loading Virtual Servers 
server { # from file /etc/freeradius/radrelay.conf
 modules {
 Module: Checking preacct {...} for more modules to load
 Module: Checking accounting {...} for more modules to load
 Module: Linked to module rlm_detail
 Module: Instantiating module "detail" from file
/etc/freeradius/radrelay.conf
  detail {
detailfile = "/var/log/freeradius/radacct/detail"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
  }
 } # modules
} # server
radrelay:  Opening IP addresses and Ports 
listen {
type = "detail"
 listen {
filename = "/var/log/freeradius/radacct/detail"
load_factor = 50
poll_interval = 1
retry_interval = 30
 }
}
Listening on /var/log/freeradius/radacct/detail
Detail listener /var/log/freeradius/radacct/detail state unopened signalled
0 waiting 1.00 sec
Listening on proxy address * port 1187
Waking up in 0.9 seconds.
Polling for detail file /var/log/freeradius/radacct/detail
Detail listener /var/log/freeradius/radacct/detail state unopened signalled
0 waiting 1.085288 sec
Waking up in 1.0 seconds.
Polling for detail file /var/log/freeradius/radacct/detail
Detail listener /var/log/freeradius/radacct/detail state unopened signalled
0 waiting 0.914222 sec
Waking up in 0.9 seconds.
Polling for detail file /var/log/freeradius/radacct/detail
Detail listener /var/log/freeradius/radacct/detail state unopened signalled
0 waiting 1.185128 sec
Waking up in 1.1 seconds.
^C


I think that is the same result. Do you know what can be happening? Is
correct this change? I think that I'm very lost... But I will get! With your
help!

Regards and thank you for your help.

--
View this message in context: 
http://freeradius.1045715.n5.nabble.com/Problems-with-my-radrelay-configuration-tp4876089p4890956.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Local Auth if Proxy Auth fails ---OR--- Proxy Auth if Local Auth fails

[Sergio NNX]

Are we in a bad mood?

> Date: Tue, 11 Oct 2011 08:46:28 +0200
> From: al...@deployingradius.com
> To: freeradius-users@lists.freeradius.org
> Subject: Re: Local Auth if Proxy Auth fails ---OR--- Proxy Auth if Local Auth 
> fails
> 
> Яцко Эллад Геннадьевич (ngs) wrote:
> > I am beginner in RADIUS. I guessed you talked about 
> > "sites-available/default"
> > because Cisco does not use any realms when sends its packets to the RADIUS.
> 
>   I talked about realms because I wanted to talk about realms.
> 
> > I think it's needed "expanding of my task boundaries" :-) I want to make
> > Cisco
> > devices authenticate users when ther enter the device via telnet/ssh. It
> > would
> > be three-stage procedure:
> > - Windows DC if IAS (Microsoft RADIUS) is accessible;
> > - if no - RADIUS local DB if it is accessible;
> > - if no - Cisco's local DB (NAS local authentication).
> > 
> > So If I correctly understood I need to use "authenticate" section.
> 
>   No.  My example was correct.
> 
> > But what is further I don't clearly imagine. I guess when Access-Request
> > is incoming,
> > RADIUS in accordance with suggested scheme must change realm of request and
> > continue process packet with new conditions, is it right?
> 
>   No.  My example was correct.
> 
> > I must define new realm, for example "ias", and I must define
> > home-server for it,
> > do I?
> 
>   That's the only thing you got right.
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
  -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html