Noel Kelly [EMAIL PROTECTED] wrote:
I am particularly interested in the LEAP authentication and have got
that working. The question I have is whether FreeRadius can act as a
LEAP proxy? From what I can see in the configuration file, it looks
like it can but it would be good to have someone
When Cisco clients roam between APs they are required to LEAP
reauthenticate and I have instances where, if the WAN link is a little
congested, the client's LAN connection drops out for 20secs or so if the
ACS does not respond quickly enough.
I'm not sure how you'd solve this by
that is a great solution and working really fine, many thanks dustin :)
but isn't it possible to proxy accounting data to 2 servers at the same
time?? instead of proxiying to 1 server and using radrely for the other??
thanks for your great help,
ossama
Dustin Doris wrote:
You could use
You could use radrelay to forward the accounting data to the other server.
http://www.freeradius.org/radiusd/doc/radrelay
On Sun, 8 Jun 2003, Ossama Suleiman wrote:
hi all,
is it possible to proxy the data to more than 1 server??
proxying from server-a to server-b is working just
Le Jeudi 6 Février 2003 15:40, Alan DeKok a écrit :
++---+---+---+--+
| 6 | internix | No-Such-Attribute | | := |
What the heck is that line for?
It's an ugly kludge done because some people here found
« counter-intuitive » that groups would
Jacques Caruso [EMAIL PROTECTED] wrote:
OK. I still haven't managed to get the damn solution working, even with
the helpful hints from Chris and Alan, and even after trying very hard I
still get proxy calls (and subsequent Access-Reject) for people who
shouldn't trigger them. Here is what I
Without repeating what Alan and Chris said:
On Thu, 6 Feb 2003, Jacques Caruso wrote:
The proxy.conf has only one realm :
alien {
type= radius
Shouldn't that be:
realm alien {
type= radius
just wondrin',
Jim
-
List info/subscribe/unsubscribe? See
Roy Wills [EMAIL PROTECTED] wrote:
I am trying to proxy from one radius server to a remote radius
server. What is needed to set this up. I have read the proxying
pages and cannot figure out what goes on the remote server and what
is on the local server. Any help will be appreciated.
Set up
kenw [EMAIL PROTECTED] wrote:
Is it possible with FreeRadius to proxy based on Called-Station-Id
instead of realm. A large section of our users do not use realms as part
of the username, but dial-in to different numbers.
Sure.
DEFAULT Called-Station-Id == foo, Proxy-To-Realm := bar
Thanks Alan,
Which file would I put this, proxy.conf?
Thanks,
Ken
Alan DeKok wrote:
kenw [EMAIL PROTECTED] wrote:
Is it possible with FreeRadius to proxy based on Called-Station-Id
instead of realm. A large section of our users do not use realms as part
of the username, but dial-in to
Ah, on a closer look the user file I expect...
Thanks again,
Ken
kenw wrote:
Thanks Alan,
Which file would I put this, proxy.conf?
Thanks,
Ken
Alan DeKok wrote:
kenw [EMAIL PROTECTED] wrote:
Is it possible with FreeRadius to proxy based on Called-Station-Id
instead of realm. A large
Hi Alan,
I've got this to work, but only the access request is proxied. How would
I go about getting the accounting to proxy aswell?
All the best and thanks again,
Ken
Alan DeKok wrote:
kenw [EMAIL PROTECTED] wrote:
Is it possible with FreeRadius to proxy based on Called-Station-Id
instead
At 05:32 PM 11/22/2002 +, kenw wrote:
Hi Alan,
I've got this to work, but only the access request is proxied. How would I
go about getting the accounting to proxy aswell?
Add the same to 'acct_users'.
-Chris
--
\\\|||/// \ StarNet Inc. \ Chris Parker
\ ~ ~ /
Thanks for that...
Ken
- Original Message -
From: Chris Parker [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, November 22, 2002 5:36 PM
Subject: Re: proxying on Called-Station-Id instead of realm
At 05:32 PM 11/22/2002 +, kenw wrote:
Hi Alan,
I've got this to work
I set the nostrip option in the config for that realm under proxy.conf but
when the request made it to the server for the realm joe.con the username
had been stripped.
I've spotted the same behaviour, looking into it right now... It
appears to somehow leave the realm off:
This was a problem in v.3 and v.4 for which I submitted a patch which was,
apparently, applied. Perhaps you would like to verify this. Here are the details:
In searching the list, I see that this was a reported problem for v0.3 and that
there is a patch... so, after taking a look at v0.4 I
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of
Chris Parker
Sent: Thursday, March 28, 2002 8:33 AM
To: [EMAIL PROTECTED]
Subject: RE: Proxying
At 09:46 AM 3/28/2002 -0600, Chris Parker wrote:
At 05:15 PM 3/27/2002 -0800, Justin Ainsworth wrote:
What does debug say
Also, are you sure it is proxying based on your 'prefix'
definition, and not your suffix definition?
Well, I know that it is proxying to the IPASS radius server that is
defined in the proxy.conf. And if I enter just the [EMAIL PROTECTED] it
proxies correctly to the correct radius server,
At 01:55 PM 3/27/2002 -0800, Justin Ainsworth wrote:
Also, are you sure it is proxying based on your 'prefix'
definition, and not your suffix definition?
Well, I know that it is proxying to the IPASS radius server that is
defined in the proxy.conf. And if I enter just the [EMAIL
This part looks fine, though I'd recommend not using the
actual realm names for the module instances.
Ok. I changed the names. We now have:
sunset.net - suffix
IPASS -prefix
authorize {
preprocess
sunset.net
IPASS
And this tells it to look for
At 04:44 PM 3/27/2002 -0800, Justin Ainsworth wrote:
This part looks fine, though I'd recommend not using the
actual realm names for the module instances.
Ok. I changed the names. We now have:
sunset.net - suffix
IPASS -prefix
That's more logical. You are defining how realms
PROTECTED]
Subject: RE: Proxying
At 04:44 PM 3/27/2002 -0800, Justin Ainsworth wrote:
This part looks fine, though I'd recommend not using the actual
realm names for the module instances.
Ok. I changed the names. We now have:
sunset.net - suffix
IPASS -prefix
That's
Justin Ainsworth [EMAIL PROTECTED] wrote:
modcall: entering group authorize
modcall[authorize]: module preprocess returns ok
rlm_realm: Proxying request from user [EMAIL PROTECTED] to realm IPASS
modcall[authorize]: module prefix returns updated
rlm_realm: Proxying request from user
Eric Dean [EMAIL PROTECTED] wrote:
However, if I try to modify the reply attributes to add certain attributes
within the users file by specifying
DEFAULT Suffix==foo.bar.com
Session-Timeout = 28800,
Idle-Timeout = 900
The it stops authenticating. Debug shows that
Eric Dean [EMAIL PROTECTED] wrote:
Anyway, I wound up
googling my way into a solution that looks something like:
DEFAULT Suffix = foo.com, Strip-User-Name = No
Hint = foo,
Why not use Realm?
The 'Suffix' attribute matches a suffix, AND strips it off.
..and leaves the @
, September 27, 2001 1:01 AM
To: [EMAIL PROTECTED]
Subject: Re: Proxying to Cistron
Cistron does send the ack packet correctly, but FreeRADIUS
remains oblivious to it and keeps on sending the acc start and
stop packets for nearly 20 times.
--
Mojahed
System Administrator
Agni Systems Limited
I'm
On Thu, Sep 27, 2001 at 10:12:58AM +0600, Mojahedul Hoque Abul Hasanat wrote:
On Wed, Sep 26, 2001 at 09:49:50PM +, Miquel van Smoorenburg wrote:
radius.log. For any request that came to it from the FreeRADIUS
Holly Shit! I prayed then installed a recent snapshot
(20010924). It
Mustafa N. Deeb [EMAIL PROTECTED] wrote:
Accounting through proxy does not work
You have to the changes below and recompile, I hope FreeRadius
programmers will add this in next releases
I don't recall seeing that patch, and it's for an *old* version of
the source.
All patches should be
Cistron does send the ack packet correctly, but FreeRADIUS
remains oblivious to it and keeps on sending the acc start and
stop packets for nearly 20 times.
--
Mojahed
System Administrator
Agni Systems Limited
I'm currently using Steel-Belted and I had this similar experience recently
29 matches
Mail list logo