OK, cool, thanks.
Chris
- Original Message -
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, December 13, 2002 1:55 PM
Subject: Re: Script to run if user fails authentication
> "Chris A. Kalin" <[EMAIL PROTECTED]>
?
If I'm not making sense, feel free to point that out. :)
Thanks again for the help so far.
Chris
- Original Message -
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, December 13, 2002 1:42 PM
Subject: Re: Script to run if user fa
lt;[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, December 13, 2002 1:18 PM
Subject: Re: Script to run if user fails authentication
> "Chris A. Kalin" <[EMAIL PROTECTED]> wrote:
> > I've looked over the documentation, but I can't seem to find how to ru
I've looked over the documentation, but I can't seem to find how to run a
script if the user fails authentication.
Basically, for a variety of goofy reasons, I need the following
functionality:
If a user dials in with a correct username/password, everything works
normally.
If a user dials in and
I took the liberty of unsubscribing the list from the newsletter. Figured
it would curb discussion about it and keep the noise down. :)
Chris Kalin
- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, October 31, 2002 10:17 PM
Subject: blackmusic.ch mai
- Original Message -
From: "Chris Parker" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 28, 2002 12:00 PM
Subject: Re: Ascend-Data-Filters problem with 0.7
"Chris Parker" <[EMAIL PROTECTED]> wrote:
> At 12:56 PM 8/28/2002 -0400, Alan DeKok wrote:
> >"David C. Troy"
_sql.c and sql.c fixes for Simultaneous-Use
> On Mon, 26 Aug 2002, Chris A. Kalin wrote:
>
> > OK, I'll buy that. :)
> >
> > The problem is when it calls rad_check_ts, _that_ function seems to be
> > checking a radutmp file - whether or not I'm using radutm
- Original Message -
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, August 26, 2002 4:50 PM
Subject: Re: rlm_sql.c and sql.c fixes for Simultaneous-Use
> "Chris A. Kalin" <[EMAIL PROTECTED]> wrote:
> > Should be
> Chris Parker wrote:
>
> > At 03:51 PM 8/26/2002 -0500, Chris A. Kalin wrote:
> >I've discovered a few little quirks in rlm_sql.c and sql.c that prevent
> >Simultaneous-Use from starting "radcheck" in a standard FreeRADIUS
install.
> >Without these
I've discovered a few little quirks in rlm_sql.c and sql.c that prevent
Simultaneous-Use from starting "radcheck" in a standard FreeRADIUS install.
Without these fixes, Simultaneous-Use will still work in a "trust the SQL
server" context, but it's unable to verify the information using radcheck -
I've found a small but rather nasty typo in the usrhiper routine in the
checkrad Perl script.
At line 924 and 925:
$oid = 1257 + 256*int(($args{'ttq'}-1) / $hiper_density) +
(($args{'ttq'}-1) % $hiper_density);
Both occurrences of "ttq" should be "tty".
Why did this fix get removed from the June 4th CVS snapshot? auth.c is
version 1.103 in those snapshots.
Chris
- Original Message -
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, May 31, 2002 12:06 PM
Subject: Re: Removal of Proxy-State
> "eric " <[EMAIL
Damn, I was minutes away from posting about the exact same problem. :)
I await the fix eagerly.
Chris Kalin
- Original Message -
From: "Chris Parker" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, May 31, 2002 09:06 AM
Subject: Re: Removal of Proxy-State
> At 12:36 AM 5/31
Is there a reason why the NASPortId field in the sql.conf file is keyed off
of NAS-Port-Id as opposed to NAS-Port? I only ask because I have 3com HiPER
ARCs, Cisco AS5200s, Lucent MAX TNTs, and Livingston PM3s, and they all send
"NAS-Port" rather than "NAS-Port-Id". Of course, changing the varia
OK, well, thanks to Randy and others, the Simultaneous-Use in MySQL is
working like a charm - except for one thing. Under no circumstances can I
seem to get the checkrad script to automatically run. I can run it manually
and get the results I expect, but RADIUS cannot seem to run it. I've tripl
> I'm not sure if you can define your check item in the users file because
> there is an initialization order problem. Your new check item attribute
> will not be defined before your users file is parsed resulting in an
> error. If anyone knows a work around here, please let me know.
My workaro
ay 06, 2002 09:31 AM
> Subject: Re: GID (group) not working in post-0.5 CVS?
>
>
> > "Chris A. Kalin" <[EMAIL PROTECTED]> wrote:
> > > > You could also try using rlm_passwd, that may do what you want.
> > >
> > > These both sound like g
>
To: <[EMAIL PROTECTED]>
Sent: Monday, May 06, 2002 09:31 AM
Subject: Re: GID (group) not working in post-0.5 CVS?
> "Chris A. Kalin" <[EMAIL PROTECTED]> wrote:
> > > You could also try using rlm_passwd, that may do what you want.
> >
> > These both
[snip]
> The simplest thing may be to grab the 0.4 AND 0.5 distributions (or
> the CVS head) , and replace rlm_unix in the 0.5 with the one from 0.4.
>
> I'll try to see what's going on in the Unix module.
>
> You could also try using rlm_passwd, that may do what you want.
These both sou
> Part of the problem may be that the "Group" attribute is
> overloaded. If you're using groups from multiple sources, under the
> same name, it's difficult to do the Right Thing.
> The "Group" attribute should probably be removed, and replaced with
> Unix-Group, LDAP-Group, etc.
Well, I'm c
I'm trying to set certain attributes based on my users' GIDs in the
/etc/passwd file.
For example:
DEFAULTGroup == "nologin", Auth-Type := Reject
Should (and used to) prevent any users in my "nologin" group from logging
in. I upgraded to 0.5 from 0.3-ish CVS on this particular server,
list
> sometime last year.
>
> Franklin
>
> On Sun, 5 May 2002, Chris A. Kalin wrote:
> >
> > OK, I'm dealing with a UUNet reseller who apparently requires me to
return
> > the Proxy-State attribute he sends me in either an Access-Accept or
> > Access-R
OK, I'm dealing with a UUNet reseller who apparently requires me to return
the Proxy-State attribute he sends me in either an Access-Accept or
Access-Reject situation. The Proxy-State attribute is returned just fine
when the username and password works correctly (Access-Accept). However,
when th
Is the list down?
Sorry for the noise.
Chris Kalin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I'm trying to set certain attributes based on my users' GIDs in the
/etc/passwd file.
For example:
DEFAULTGroup == "nologin", Auth-Type := Reject
Should (and used to) prevent any users in my "nologin" group from logging
in. I upgraded to 0.5 from 0.3-ish CVS on this particular server,
>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, April 30, 2002 06:01 PM
Subject: Re: Latest batch of CVS snapshots not building many modules?
> At 12:11 PM 4/29/2002 -0500, Chris A. Kalin wrote:
> >I was just curious if there's a way I can tell configure to build all
> >av
I was just curious if there's a way I can tell configure to build all
available modules dynamically and place them into the $blah/lib directory.
With 0.5 and previous, I could type ./configure --with-pam --with-mysql and
get most of the reasonable modules along for the ride, such as rlm_detail
an
FWIW, I just tried it again on that same RADIUS server . I changed my
DEFAULT entry in my users file from:
DEFAULT Auth-Type := PAM
to
Simultaneous-Use := 1, Auth-Type := PAM
and POOF...for any particular RAS I'd get three valid packets, than a bogus
one, then another two or three goo
I actually saw this same problem way back in the post 0.3 CVS days (and
before), and I wasn't even involving checkrad. I would turn on
Simultaneous-Use, and I would immediately begin to get completely bogus
Client-Ip-Addresses in my accounting packets...IPs that had nothing to do
with my network
I've notice in the past few CVS versions I've tried (haven't installed last
night's yet), the "radius.log" file doesn't have any timestamps. Events log
just fine, everything else works, just no times.
Has anyone else seen this, or is it just me? I don't see anything in the
configuration that wo
Well, if we're supposed to be reporting bugs:
(I've encountered this problem from 0.2 all the way up to the most recent
CVS)
I have proxying configured and working, but the accounting is kind of
strange.
The accounting packets are propery proxied to the end server, but the copies
that are writt
To do something similar, I changed my detailfile line in radiusd.conf to
something like:
detailfile = ${radacctdir}/%{Client-IP-Address}/detail.%Y.%m.%d
Now, I don't get a "detail" file anymore, but all the files are nice and
neat, organized by day, no weird rollover times.
Chris Kalin
---
I'll do the GDB that Chris suggested, but I just wanted to put in a "me
too"...I'm getting zapped on this occasionally on the pre-0.4 snapshots and
on .4 itself, and all I'm doing is accounting to MySQL, no authentication
whatsoever. I've even tried blowing away the rlm* files, doesn't seem to
f
; as yet to date.
>
> Please see message dated: 11/29/01 Re: Realm accounting...
>
>
> - copy of message
> At 10:42 AM 11/10/2001 -0500, you wrote:
> "Chris A. Kalin" <[EMAIL PROTECTED]> wrote:
> > > Have you looked at the configuration o
OK, I'm stumped on this one, so I'm posting here...
I've got FreeRADIUS 0.3 doing my RADIUS accounting. It's taking accounting
packets just fine from the RASs and even forwarding them out to where they
are supposed to go (client's remote RADIUS server). The problem seems to be
that the accounti
35 matches
Mail list logo