stripping av pairs
hi, i want strip an AV pair only from my proxy-reply. If I use rlm_attr_filter, I have to list all the AV pairs good. Any idea? -- Massimiliano Liccardo (maX) [EMAIL PROTECTED] jid:[EMAIL PROTECTED] sip:[EMAIL PROTECTED] GnuPG public key available on wwwkeys.eu.pgp.net Key ID: D01F1CAD Key fingerprint: 992D 91B7 9682 9735 12C9 402D AD3F E4BB D01F 1CAD la velocità induce all'oblio, la lentezza al ricordo pgpLtEyX5ti6y.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
request-proxy request-proxy_reply
hi folks, I should write a module that strips/modifies AV pairs from a proxy reply according to the AV pairs prior sent into the originated request. My doubt is: the AV request-proxy are still valid during post-proxy stage of a rlm_module? -- Massimiliano Liccardo (maX) [EMAIL PROTECTED] jid:[EMAIL PROTECTED] sip:[EMAIL PROTECTED] GnuPG public key available on wwwkeys.eu.pgp.net Key ID: D01F1CAD Key fingerprint: 992D 91B7 9682 9735 12C9 402D AD3F E4BB D01F 1CAD la velocità induce all'oblio, la lentezza al ricordo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
remove AV pairs from proxy request ?
hi all, I need to remove in a configurable manner some AV pairs from my proxy request, in order to send to a home server just a secure AV pairs subset. It looks very close to the rlm_attr_filter but in the opposite pathany idea? thanx! -- Massimiliano Liccardo (maX) [EMAIL PROTECTED] jid:[EMAIL PROTECTED] GnuPG public key available on wwwkeys.eu.pgp.net Key ID: D01F1CAD Key fingerprint: 992D 91B7 9682 9735 12C9 402D AD3F E4BB D01F 1CAD la velocità induce all'oblio, la lentezza al ricordo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Pre-Proxy-Type, Post-Proxy-Type
Alle 15:17, domenica 13 febbraio 2005, Nicolas Baradakis ha scritto: Post-Proxy-Type is a check item, therefore I think you can set it in the first pass of authorization, then the server remember it when it receives the reply from the realm server. good I noticed the freeRADIUS 1.0.2 release without your patch...what a pity :( -- Massimiliano Liccardo (maX) [EMAIL PROTECTED] jid:[EMAIL PROTECTED] GnuPG public key available on wwwkeys.eu.pgp.net Key ID: D01F1CAD Key fingerprint: 992D 91B7 9682 9735 12C9 402D AD3F E4BB D01F 1CAD la velocità induce all'oblio, la lentezza al ricordo pgp7ks9hnnVlk.pgp Description: PGP signature
Re: Pre-Proxy-Type, Post-Proxy-Type
Alle 22:21, sabato 12 febbraio 2005, Nicolas Baradakis ha scritto:
I know you're busy with other things (1.0.2 release, rlm_policy...),
that's why, if you agree with that, I'll look at this issue more
closely and try to provide a patch in a few days.
great !!
Maybe cuold be useful to patch the rlm_files in order to provide a prost_proxy
file as the pre_proxy one? Could be useful for setting the Post-Proxy-Type
without re-passing the authorize section and using rlm_files directy into
Post-Proxy, i.e.
modules {
..
# Livingston-style 'users' file
#
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
preproxy_usersfile =${confdir}/pre_proxyusers
postproxy_usersfile =${confdir}/post_proxyusers
# If you want to use the old Cistron 'users' file
# with FreeRADIUS, you should change the next line
# to 'compat = cistron'. You can the copy your 'users'
# file from Cistron.
compat = no
}
}
post-proxy{
files # provide Prost-Proxy-Type
Post-Proxy-Type foo{
foo1
foo2
}
Post-Proxy-Type bar{
bar1
bar2
}
The patch is very silly, could submit if useful.
--
Massimiliano Liccardo (maX) [EMAIL PROTECTED]
jid:[EMAIL PROTECTED]
GnuPG public key available on wwwkeys.eu.pgp.net
Key ID: D01F1CAD
Key fingerprint: 992D 91B7 9682 9735 12C9 402D AD3F E4BB D01F 1CAD
la velocità induce all'oblio,
la lentezza al ricordo
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Pre-Proxy-Type, Post-Proxy-Type
Alle 11:15, giovedì 10 febbraio 2005, Nicolas Baradakis ha scritto:
Alan DeKok wrote:
Massimiliano Liccardo [EMAIL PROTECTED] wrote:
At the moment pre-proxy/post-proxy only work for all the realms.no
possibility to differentiate like autorize/authentication..
Maybe I'm wrong?
It works, it's just not well documented.
Alan, I didn't manage to execute modules in {Pre,Post}-Proxy-Type
stanzas either. I reported this as bug #199 a few weeks ago.
Looking at src/main/modules.c, the functions module_pre_proxy /
module_post_proxy (and the function module_preacct, too) don't have a
supplementary argument for the subcomponent name.
right, I noticed that argument as 0 (zero)If I remember, it worked in
freeRADIUS 0.9.1..
Looking at http://www.freeradius.org/cgi-bin/cvsweb.cgi/radiusd/doc/Autz-Type
it seems to be removed
Revision 1.9 / (download) - annotate - [select for diffs], Fri Sep 19 04:01:30
2003 UTC (16 months, 3 weeks ago) by phampson
Branch: MAIN
CVS Tags: release_1_0_2, release_1_0_1, release_1_0_0_pre3,
release_1_0_0_pre2, release_1_0_0_pre1, release_1_0_0, release_1_0, HEAD
Changes since 1.8: +2 -3 lines
Diff to previous 1.8 (colored)
Remove last vestiges of Pre-Acct/Pre-Proxy/Post-Proxy-Type.
I was thinking it will not work for that reason, but perhaps I am
mistaken.
--
Massimiliano Liccardo (maX) [EMAIL PROTECTED]
jid:[EMAIL PROTECTED]
GnuPG public key available on wwwkeys.eu.pgp.net
Key ID: D01F1CAD
Key fingerprint: 992D 91B7 9682 9735 12C9 402D AD3F E4BB D01F 1CAD
la velocità induce all'oblio,
la lentezza al ricordo
pgpVOu6mNfean.pgp
Description: PGP signature
Re: Pre-Proxy-Type, Post-Proxy-Type
Nicolas,
thanks a lot for your tip...maybe could became a FAQ :)
My problem is that I'm developing rml_modules on my own and if I use
Autz-Type , I should write the pre/post-proxy code into the authorization
callback of any module instead of pre-proxy/post-proxy (yes, pre-proxy is
just another name of authorization )
Alle 12:11, giovedì 10 febbraio 2005, Nicolas Baradakis ha scritto:
I need exactly the same thing as you, and I found a workaround which
doesn't use {Pre,Post}-Proxy-Type.
Put post_proxy_authorize = yes in your proxy.conf file. This will
make the request run the authorize section twice: one time when the
request comes from the NAS, and one more time when the request comes
from the realm server.
In the authorize section, it's very important that you execute the
rlm_files module *before* rlm_realm.
authorize {
preprocess
files
realm
Autz-Type pre-proxy.foo.net {
...
}
Autz-Type post-proxy.foo.net{
...
}
Autz-Type pre-proxy.bar.com {
...
}
Autz-Type pre-proxy.bar.com {
...
}
...
}
In the users file, you know if the you handle the request coming from
the NAS (pre-proxy) or the realm server (post-proxy) by testing the
variable Realm. The order of the lines is important there, too.
DEFAULT Realm == foo.net, Autz-Type := post-proxy.foo.net
DEFAULT User-Name =~ @foo\\.net, Autz-Type := pre-proxy.foo.net
...
You should manage to handle your setup like this, but it is nothing
more that a workaround.
it works - it's good!
The configuration is error prone, and the
post_proxy_authorize is a deprecated option.
I agree.
--
Massimiliano Liccardo (maX) [EMAIL PROTECTED]
jid:[EMAIL PROTECTED]
GnuPG public key available on wwwkeys.eu.pgp.net
Key ID: D01F1CAD
Key fingerprint: 992D 91B7 9682 9735 12C9 402D AD3F E4BB D01F 1CAD
la velocità induce all'oblio,
la lentezza al ricordo
pgptQNB9r9bXM.pgp
Description: PGP signature
Re: Pre-Proxy-Type, Post-Proxy-Type
Alle 12:34, giovedì 10 febbraio 2005, Massimiliano Liccardo ha scritto: My problem is that I'm developing rml_modules on my own and if I use Autz-Type , I should write the pre/post-proxy code into the authorization callback of any module instead of pre-proxy/post-proxy (yes, pre-proxy is just another name of authorization ) and I should differentiate pre-proxy from post-proxy (how?) or develop two rlm_modules doing pre-proxy (first) and post-proxy (second) as authorization :( -- Massimiliano Liccardo (maX) [EMAIL PROTECTED] jid:[EMAIL PROTECTED] GnuPG public key available on wwwkeys.eu.pgp.net Key ID: D01F1CAD Key fingerprint: 992D 91B7 9682 9735 12C9 402D AD3F E4BB D01F 1CAD la velocità induce all'oblio, la lentezza al ricordo pgpC04zRXwO1D.pgp Description: PGP signature
Re: Pre-Proxy-Type, Post-Proxy-Type
Alle 18:44, giovedì 10 febbraio 2005, Alan DeKok ha scritto: Please do not put pre-proxy code into the authorize section of a module. It's just a temporary workaround. We will fix the server. fine! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Massimiliano Liccardo (maX) [EMAIL PROTECTED] jid:[EMAIL PROTECTED] GnuPG public key available on wwwkeys.eu.pgp.net Key ID: D01F1CAD Key fingerprint: 992D 91B7 9682 9735 12C9 402D AD3F E4BB D01F 1CAD la velocità induce all'oblio, la lentezza al ricordo pgpS7FOIbGmpO.pgp Description: PGP signature
Pre-Proxy-Type, Post-Proxy-Type
Hi,
I'm using a freeRADIUS to proxy different realm to home servers.
I need to use different rlm_modules for each realm during pre-proxy and
post-proxy but I cannot realize how to set something like Autz-Type..i.e It
could be perfect If
users:
DEFAULT Realm== foo , Pre-Proxy-Type := foo
DEFAULT Realm== bar , Pre-Proxy-Type := bar
and
radiusd.conf:
pre-proxy{
Pre-Proxy-Type foo{
rlm_foo1
rlm_foo2
}
Pre-Proxy-Type bar{
rlm_bar1
rlm_bar2
}
}
At the moment pre-proxy/post-proxy only work for all the realms.no
possibility to differentiate like autorize/authentication..
Maybe I'm wrong?
--
Massimiliano Liccardo (maX) [EMAIL PROTECTED]
jid:[EMAIL PROTECTED]
GnuPG public key available on wwwkeys.eu.pgp.net
Key ID: D01F1CAD
Key fingerprint: 992D 91B7 9682 9735 12C9 402D AD3F E4BB D01F 1CAD
la velocità induce all'oblio,
la lentezza al ricordo
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
