Re: filtering attributes in proxy

Have you tried with pre-proxy and attr_rewrite? I?m trying but attr_rewrite module is not called (/usr/sbin/freeradius -x). I don?t know why. No I haven't. use -X instead -x, it'll show lot of things and have u included that in the preproxy section in radiusd.conf Sergio. but when I

RE: filtering attributes in proxy

: miércoles, 10 de diciembre de 2003 7:37 Para: [EMAIL PROTECTED] Asunto: Re: filtering attributes in proxy Have you tried with pre-proxy and attr_rewrite? I?m trying but attr_rewrite module is not called (/usr/sbin/freeradius -x). I don?t know why. No I haven't. use -X instead -x, it'll show

unknown proxy ?

Hello, Collegues! I'm using freeradius-0.7.1. I'm trying to configure this freeradius as proxy server to remote. -- rad_recv: Access-Reject packet from host 195.123.5.10:1288, id=1, length=48 Ignoring request from unknown proxy 195.123.5.10:1288 -- Host 195.123.5.10 was configured

Re: unknown proxy ?

Hi Alex, did u check clients.conf ? Thomas . Alex Radetsky wrote: Hello, Collegues! I'm using freeradius-0.7.1. I'm trying to configure this freeradius as proxy server to remote. -- rad_recv: Access-Reject packet from host 195.123.5.10:1288, id=1, length=48 Ignoring request from unknown

Re: unknown proxy ?

On Wed, Dec 10, 2003 at 03:56:45PM +0200, Alex Radetsky wrote: Hello, Collegues! I'm using freeradius-0.7.1. I'm trying to configure this freeradius as proxy server to remote. -- rad_recv: Access-Reject packet from host 195.123.5.10:1288, id=1, length=48 Ignoring request from

Re: unknown proxy ?

On Wed, Dec 10, 2003 at 03:11:42PM +0100, Thomas MARCHESSEAU wrote: Hi Alex, did u check clients.conf ? [EMAIL PROTECTED] bin]# grep 195.123.5.10 /usr/local/radius-proxy/etc/raddb/* clients: 195.123.5.10 123 clients.conf: client 195.123.5.10 { proxy.conf: authhost

Re: unknown proxy ?

On Wed, Dec 10, 2003 at 04:18:30PM +0200, Alexey Balabushevich wrote: I'm using freeradius-0.7.1. I'm trying to configure this freeradius as proxy server to remote. -- rad_recv: Access-Reject packet from host 195.123.5.10:1288, id=1, length=48 Ignoring request from unknown proxy

unknown proxy ? part 2

it mean? Does some one proxy exist between my and remote radius? Is it correct? PS. I can rewrite this code to create workaround. But I do not know, may be it will not correct. -- Alex Radetsky AR2657-RIPE RAD-UANIC - List info/subscribe/unsubscribe? See http

Re: unknown proxy ?

: On Wed, Dec 10, 2003 at 03:11:42PM +0100, Thomas MARCHESSEAU wrote: Hi Alex, did u check clients.conf ? [EMAIL PROTECTED] bin]# grep 195.123.5.10 /usr/local/radius-proxy/etc/raddb/* clients: 195.123.5.10 123 clients.conf: client 195.123.5.10 { proxy.conf: authhost = 195.123.5.10:1812 proxy.conf

Re: unknown proxy ?

Alex Radetsky [EMAIL PROTECTED] wrote: I'm using freeradius-0.7.1. I'm trying to configure this freeradius as proxy server to remote. Upgrade to 0.9.3. Please. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: unknown proxy ? part 2

Alex Radetsky [EMAIL PROTECTED] wrote: So, if radius got packet from remote server with configured source_ip and port, radiusd marks it as active. But in my case, radius got packet from configured source_ip, but another port. What does it mean? It means that the server you're

Re: filtering attributes in proxy

At 11:59 PM 12/8/2003, denz wrote: but when I start the server I get this message ant the end, and server exits. Module: Instantiated attr_filter (attr_filter) radiusd.conf: attr_filter modules aren't allowed in 'pre-proxy' sections -- they have no such method. shrug Edit

RE: filtering attributes in proxy

Have you tried with pre-proxy and attr_rewrite? I?m trying but attr_rewrite module is not called (/usr/sbin/freeradius -x). I don?t know why. Sergio. -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nombre de Chris Parker Enviado el: martes, 09 de diciembre de 2003

Re: filtering attributes in proxy

but when I start the server I get this message ant the end, and server exits. Module: Instantiated attr_filter (attr_filter) radiusd.conf: attr_filter modules aren't allowed in 'pre-proxy' sections -- they have no such method. shrug Edit the source code for attr_filter

Re: Automatically proxy?

Gary Algier [EMAIL PROTECTED] wrote: I am trying to figure out how to automatically proxy based upon criteri in the users file. Use the Proxy-To-Realm attribute: bob Proxy-To-Realm := realm I can see how I can check the NAS-IP-Address, but then I don't know how to control where

synchronous proxy and fail-over

Hello, I have found that the backup server of my client is never used when the his main server is down. Another strange behaviour is that the reject is not answered on a timeout but on receipt of the next authentication request, even if it comes one hour after ! To solve the problem I have

Proxy Setup

I want any username like [EMAIL PROTECTED] to be proxied to an existing radius server. I have added realm mydomain.net { type = radius authhost = 192.168.69.10:1645 accthost = 192.168.69.10:1646 secret = ascend } to my proxy.conf file. It still tries to authenticate

Re: Proxy Setup

Anson Rinesmith [EMAIL PROTECTED] wrote: to my proxy.conf file. It still tries to authenticate locally. I was told not to put anything in my realms file. What am I missing? Read the output of radiusd -X. It will tell you WHY it is, or is not, proxying. Alan DeKok. - List

Automatically proxy?

Hi: I am trying to figure out how to automatically proxy based upon criteri in the users file. For example: I have a user gary who logs in on a particular NAS (let us say on IP 192.168.1.1). When he does so, his authentication should be passed off to the radius server at 192.168.2.1

Re: filtering attributes in proxy

denz [EMAIL PROTECTED] wrote: but when I start the server I get this message ant the end, and server exits. Module: Instantiated attr_filter (attr_filter) radiusd.conf: attr_filter modules aren't allowed in 'pre-proxy' sections -- they have no such method. shrug Edit the source code

Re: filtering attributes in proxy

At 10:43 AM 12/4/2003, Alan DeKok wrote: denz [EMAIL PROTECTED] wrote: but when I start the server I get this message ant the end, and server exits. Module: Instantiated attr_filter (attr_filter) radiusd.conf: attr_filter modules aren't allowed in 'pre-proxy' sections -- they have

strip user name for proxy

For example of proxy configuration... let say login as [EMAIL PROTECTED], Is it possible for Freeradius to strip the username (user1) and proxied to other radius server using "abc.com.my" only... thanks.. --haizam

proxy

I have put my realm in the realms file: bigrivertel.net 192.168.69.10 When I run radiusd X, I get the following error: /usr/local/etc/raddb/realms[28]: Cannot find 'clients' file entry of remote server 209.16.220.10 for realm bigrivertel.net Errors reading realms Errors reading

Re: proxy

Anson Rinesmith [EMAIL PROTECTED] wrote: I have put my realm in the realms file: bigrivertel.net 192.168.69.10 You've also got to list it in the 'clients' file, OR use the proxy.conf file. /usr/local/etc/raddb/realms[28]: Cannot find 'clients' file entry of remote server 209.16.220.10 for

RE: proxy

PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Wednesday, December 03, 2003 2:56 PM To: [EMAIL PROTECTED] Subject: Re: proxy Anson Rinesmith [EMAIL PROTECTED] wrote: I have put my realm in the realms file: bigrivertel.net 192.168.69.10 You've also got to list

RE: proxy

When I remove the realms entry, it tries to authenticate locally, when watching 'radiusd -X' -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Wednesday, December 03, 2003 3:38 PM To: [EMAIL PROTECTED] Subject: Re: proxy Anson Rinesmith

Re: filtering attributes in proxy

I need to remove the attribute Calling-Station-Id = xxx from the requests before passing it to the remote radius server. Use rlm_attr_filter in pre-proxy. I modified the radiusd.conf as suggested, pre-proxy { attr_filter # If you want to have a log

0.5 to 0.9.3 upgrade breaks auth-proxy

Hi there, I'm doing testing in preparation to upgrade a server from 0.5 to 0.9.3, and I've run into an issue with Cisco's auth-proxy feature. Under 0.5, it's been working. Upon successful authentication, the radius server sends back the proper Cisco-AVpairs for a temporary ACL. I have a debug

Re: 0.5 to 0.9.3 upgrade breaks auth-proxy

Ben Hockenhull [EMAIL PROTECTED] wrote: Under 0.9.3, only the first AVPair is sent back. I'm not sure why. Read the 'man' page for the 'users' file. I think it's also in the FAQ. Try '+=', instead of '='. Alan DeKok. - List info/subscribe/unsubscribe? See

Re: 0.5 to 0.9.3 upgrade breaks auth-proxy

Make sure when you install the new server you get the new man pages as well. Alan DeKok wrote: Ben Hockenhull [EMAIL PROTECTED] wrote: Under 0.9.3, only the first AVPair is sent back. I'm not sure why. Read the 'man' page for the 'users' file. I think it's also in the FAQ. Try '+=',

freeradius in proxy mode

hi everyone! The Curent problem : I've got a radius sever(some Old radius server) configured with a NAS. I want to pass MSISDN from NAS to radius. But the problem is when I pass that attribute, the Authentication process stops. Solution I'm thinking of running a freeradius in proxy

Re: freeradius in proxy mode

denz [EMAIL PROTECTED] wrote: I've got a radius sever(some Old radius server) configured with a NAS. I want to pass MSISDN from NAS to radius. But the problem is when I pass that attribute, the Authentication process stops. I doubt that very much. Read the FAQ about posting questions

proxy sending extra info

Hi, Radius Server 1 -- Free Radius -- Radius Server 2 I control the Free Radius server, which serves as a proxy. I need to modify a radius attribute value that is incoming from Radius Server 1 before it is being send to Radius Server 2. How can I do that? I'm using rlm_perl, so if it can

Limiting access at a proxy server based on Called-Station-ID

I've been asked if the following is possible. We operate a pair of radius servers that proxy several realms to their respective home servers. We need to limit their users access based on Called-Station-ID. When the Auth request comes in from the NAS, I need to be able to consult a (possibly

Re: Limiting access at a proxy server based on Called-Station-ID

Mark Moody [EMAIL PROTECTED] wrote: We need to limit their users access based on Called-Station-ID. When the Auth request comes in from the NAS, I need to be able to consult a (possibly large) list of access numbers and determine if the user called an approved number, if so allow the request

Re: Limiting access at a proxy server based on Called-Station-ID

access at a proxy server based on Called-Station-ID Mark Moody [EMAIL PROTECTED] wrote: We need to limit their users access based on Called-Station-ID. When the Auth request comes in from the NAS, I need to be able to consult a (possibly large) list of access numbers and determine if the user

RE: How to insert an attribuite into a proxy-reply packet ?

I am not sure how to achieve this using rlm_attr_rewrite (probably others can help), but you can write your own post-proxy method. Add that module in the post-proxy section of radius.conf, so that your post-proxy method is called whenever the Radius server receives a reply for the proxied request

Re: How to insert an attribuite into a proxy-reply packet ?

Sorry, I don't know how to make it work. Could you tell me more about it ? I use freeradius to be a proxy server. A === MySite = B I want each Auth-Reply to be one of below cases. 1. If the Session-Timeout is defined and the value is great than 0, proxy the reply-packet without

strip both prefix and suffix with proxy

, but there is special group of users which want duplicate his accounting info to non local server, but authorize locally. i create prefix for this group and i add it into proxy configuration with two accthost entries. now i need strip suffix for this special group before authorization, because i don't want store

How to insert an attribuite into a proxy-reply packet ?

Hello~ May I addan attribute "session-time" into a proxy-replypacketif the value of "session-timeout" is not assigned before I reply it to another radiusd server ? Thanks a lot ~

Re: How to insert an attribuite into a proxy-reply packet ?

rlm_attr_filters may work? Liyan Tan [EMAIL PROTECTED]2003-11-13

Re: Proxy doesn't send acct packets to other radius (correct proxy.conf)

Artur I made a mistake editing that mail last night. 200.193.87.129 has no relation to problem related. It's another server for tests. my problem is: the proxy server doesn't send acct (accounting) packets to 200.180.55.65 server. Justo know: 200.180.22.15 is the RAS that consult only

Re: Proxy doesn't send acct packets to other radius (correct proxy.conf)

ok looking at your radiusd.conf file, i wonder if you have to add a preacct section with a suffix module in it in order to look up the realms. otherwise it seems ok to me. ciao artur I made a mistake editing that mail last night. realm dimapel.com.br { type= radius

Re: Proxy doesn't send acct packets to other radius

=?ISO-8859-1?Q?Jefferson_D=FCmes?= [EMAIL PROTECTED] wrote: Freeradius 0.8 doesn't send account packet's to other freeradius. It does if you've configured it correctly. No erros in log files. Someone give me an idea. Since you haven't followed the directions in the FAQ for problem

Re: Proxy doesn't send acct packets to other radius

Hi Alan Would you show me where is some kind of reference of the problem I reported ??? I'm not an radius expert, but I already used a cistron (patched to log in mysql) and icradius. In this two server, I just say to do proxy to some server and it does it (auth ant acct). I agree

Re: Proxy doesn't send acct packets to other radius

=?ISO-8859-1?Q?Jefferson_D=FCmes?= [EMAIL PROTECTED] wrote: I'm not an radius expert, but I already used a cistron (patched to log in mysql) and icradius. In this two server, I just say to do proxy to some server and it does it (auth ant acct). FreeRADIUS does that, too. I'm looking

Re: Proxy doesn't send acct packets to other radius

- radiusd.conf - console out of radiusd -X (of proxy server) Obs.: I didn't put radiusd -X console out of realm server. Because I used iptraf -i on the realm server and theres's no acct packet comming from proxy server. $ cat proxy.conf | grep -v # $$$ proxy server

proxy help question

(B (B (BIs it possible to haveONE radius (Bserver query TWO databases in the same server for requests for different (Brealms? (B (BFor example if I hadtwo (Brealms (B (B (Bdialup.someisp.net (Badsl.someisp.net (B (Band both realms came into the same radius (Bserver, and I had

Re: proxy help question

On Fri, 24 Oct 2003, CW wrote: Is it possible to have ONE radius server query TWO databases in the same server for requests for different realms? For example if I had two realms dialup.someisp.net adsl.someisp.net and both realms came into the same radius server, and I had two mysql

Proxy setup

the radtest to our windows radius server it goes through ok so I know it works. I setup the proxy, but two questions. Do I have the hotspot send auth and acct to the default port of 1814? Or 1812 and 1813? Also, My error I get in the radius log is Wed Oct 22 14:39:22 2003 : Error: Ignoring request

Re: Problem with Proxy

Thanks for your advise. It works for Authentication, but Accounting. If I want to proxy accounting packets with these rulers, what should I do ? 1.proxy accounting packets which realm ends with .us to serverATus. 2. proxy accounting packets which realm ends with .jp to serverATjp. Thanks a lot

Re: Proxy fail-over

At 09:58 PM 10/15/2003, you wrote: I tried to set the Radius server (0.9.1 on Red Hat 9) so it can do proxy. I use the sql module for authentication (mysql). I have two users, [EMAIL PROTECTED]' and 'alex_chen'. in the DB. I setup the proxy.conf like the followings so that if the proxy server

Proxy and No such realm NULL

I have a proxy server configured to proxy to the NULL realm. This has worked fine until recently when it has started to silently drop RADIUS requests rather than forward them. The NAS does not recieve any response and so rejects users. My hypothesis is that the RADIUS server it is proxying

Re: Proxy and No such realm NULL

at least help you test your hypothesis. HTH, Chris At 10:57 AM 10/16/2003, you wrote: I have a proxy server configured to proxy to the NULL realm. This has worked fine until recently when it has started to silently drop RADIUS requests rather than forward them. The NAS does not recieve any response

Proxy fail-over

I tried to set the Radius server (0.9.1 on Red Hat 9) so it can do proxy. I use the sql module for authentication (mysql). I have two users, [EMAIL PROTECTED]' and 'alex_chen'. in the DB. I setup the proxy.conf like the followings so that if the proxy server 192.168.1.12 fails, it will try

Proxy to Radius Servers Cluster

Dear All: I have 2 Radius Servers, R1, R2, and each server maintains its own user data. I hope to use the realm "@myrealm" for each user. I built a proxy server with freeradiusd 0.9.0 to be a dispatcher. The trouble is I can't identify a user is belong to R1or R2.

Proxy where a single server is marked dead?

Can someone please briefly indicate the expected behaviour of FreeRADIUS where a realm has a single instance of a {auth|acct}host is specified, but this server has been marked dead owing to inactivity? My reading of the source suggests to me that it will get dropped silently, but I would

Re: Proxy where a single server is marked dead?

that it will get dropped silently, but I would appreciate an educated opinion! By it I mean a RADIUS packet that the proxy FreeRADIUS server has recieved. josh. -- --- Josh Howlett, Networking Digital Communications, Information Systems

Re: Proxy where a single server is marked dead?

Josh Howlett [EMAIL PROTECTED] wrote: My reading of the source suggests to me that it will get dropped silently, but I would appreciate an educated opinion! Pretty much. Sending a reject request may be friendlier, though. Alan DeKok. - List info/subscribe/unsubscribe? See

Re: Proxy where a single server is marked dead?

On Tue, 2003-10-14 at 15:22, Alan DeKok wrote: Josh Howlett [EMAIL PROTECTED] wrote: My reading of the source suggests to me that it will get dropped silently, but I would appreciate an educated opinion! Pretty much. Sending a reject request may be friendlier, though. Yes. It would be

RE: Problems with proxy if TTLS is used

methods that can be deployed on whatever legacy RADIUS server and use of FREERADIUS as a proxy to take advantage about security in shared media environments. Pleas comment. Regards Roman -Puvodní zpráva- Od: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] uživatele Alan DeKok Odesláno: 8

Re: Problems with proxy if TTLS is used

Roman Janos [EMAIL PROTECTED] wrote: Actually the question is other. Are there any plans to implement (or it is already implemented?) proxying functionality for EAP-TTLS tunneled authentication method (e.g. EAP-MD5,PAP,…) ? No. If not the TTLS implementation makes no sense. I disagree.

Re: Problems with proxy if TTLS is used

Hello, Is there any plans to implement proxying for EAP/TTLS in near future? Sergio Alan DeKok wrote: Roman Janos [EMAIL PROTECTED] wrote: I try to make TTLS authentication. This is gone with PAP/EAP-MD5 in tunneled mode but only if the PAP/EAP-MD5 credentials were on the same maschine. If

Re: Proxy with PAP?

proxy.c. The server can proxy any authentication method used by the NAS. Thank you again. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Accounting trouble + proxy

Hi all, I would like to know if there is a special tricks to have accthost working on freeradius 0.9.1 in proxy mode : My accounting request are not forwarded by the proxy to my radius server . --- proxy.conf (working fine on 0.8.1) realm myrealm.net { type

Re: Accounting trouble + proxy

At 08:18 AM 10/8/2003, Thomas MARCHESSEAU wrote: Hi all, I would like to know if there is a special tricks to have accthost working on freeradius 0.9.1 in proxy mode : My accounting request are not forwarded by the proxy to my radius server . What modules do you have enabled in the 'preacct

Re: Accounting trouble + proxy

Hi Chris, Chris Parker wrote: At 08:18 AM 10/8/2003, Thomas MARCHESSEAU wrote: Hi all, I would like to know if there is a special tricks to have accthost working on freeradius 0.9.1 in proxy mode : My accounting request are not forwarded by the proxy to my radius server . What modules do

Re: Problems with proxy if TTLS is used

fastbyte [EMAIL PROTECTED] wrote: Is there any plans to implement proxying for EAP/TTLS in near future? No. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem with Proxy

Allen, You could try to put the following in the users file: DEFAULT Realm =~ \.us$, Proxy-To-Realm += us DEFAULT Realm =~ \.jp$, Proxy-To-Realm += jp In proxy.conf you can put something like: realm us { type= radius authhost= 123.123.234.234:1812

Re: Proxy with PAP?

only CHAP protocol(But i have no confidence). I have no clue how you decided that from reading proxy.c. The server can proxy any authentication method used by the NAS. Q. Does FreeRadius support proxy setting with PAP authentication? Yes, if the NAS sends RADIUS requests with PAP passwords

Problems with proxy if TTLS is used

freeradius server and try to make proxing it don't go any more. There seems be a problem with proxing becouse no proxy request isn't send to other radius server. Below is useful listing (end part with eror and proxy setting). On other second RADIUS server is TTLS radius server configured as client

Re: Problems with proxy if TTLS is used

Roman Janos [EMAIL PROTECTED] wrote: I try to make TTLS authentication. This is gone with PAP/EAP-MD5 in tunneled mode but only if the PAP/EAP-MD5 credentials were on the same maschine. If I try to put the user credentials on other freeradius server and try to make proxing it don't go any

Proxy with PAP?

Hello all. I have some problem with Freeradius-0.9.1 with proxy setting. I have some company who provide AccessPoint's each other by roaming setting. Almost of company is pretty good working, But only one is problem. This Admin says his radius server is little old and it only suppory with PAP

Problem with Proxy

Hello~ I have a question about Proxy. I would like to 1.proxy realms which end with ".us" to serverATus. 2. proxy realm which end with".jp" to serverATjp. What should I define in the proxy.conf ? Thanks a lot ...

works with a ppphint, but how to insert this into my proxy for someone?

I am proxying auth from my server (freeradius, .8.1) to another server (cistron radius) and when running radtest, I can only get correct answers if I add the '1' to radtest to turn the Framed-Protocol = PPP on How do I insert that into a auth request on the regular proxy? Or, should I just have

Re: Proxy Issue

Ivan Meic [EMAIL PROTECTED] wrote: I'm not using a 'round robin' method, so I really was expecting that it will send accounting packets to all servers specified in the list. That isn't the way it's intended to work. Ok, I can understand how to use radrelay, but than I have another problem.

RE: Proxy Issue

that it will send accounting packets to all servers specified in the list. In this case it works fine, but if I want to proxy it to one additional server it doesn't work. The proxy only sends the accounting data to the first server on the list and leaves one copy for itself. See 'radrelay'. It's

Proxy Issue

Hi, I'm using FreeRADIUS v0.8.1 on RedHat 7.1. I'm using it strictly for accounting purposes with MySQL running in the background. Also I'm using proxy features to be able to send the accounting data to one more server, just to have another copy. --- proxy.conf --- proxy server { synchronous

Re: Proxy Issue

Ivan Meic [EMAIL PROTECTED] wrote: Also I'm using proxy features to be able to send the accounting data to one more server, just to have another copy. Ok.. realm NULL { type= radius authhost= 80.253.170.52:1812 accthost= 80.253.170.52:1813

Proxy based on NAS-IP-Address / Client-IP-Address or NAS-Identifier

Currently using freeradius-0.9.1 running over Freebsd v4.8. Is it possible to do proxy authentication and accounting based on NAS-IP-Address / Client-IP-Address or NAS-Identifier instead or realms? Regards

Combining proxy and remote radius

Can I use a combination of a (local) radius proxy and a (remote) radius server? Whenever a client tries to authenticate himself: = I first want to check against a local radius-server = if that failed, I want to check with a remote radius server instead. I am not looking for local caching

Proxy (accounting) based on any attribute!!

I read in the freradius specification that it is capable of doing proxy authentication and/or accounting forwarding based on any attribute. Traditionally, Proxy was only applicable through Realms/Suffixes. Suppose I want to do accounting forwarding based on NAS-IP address, how I would do

Proxy Auth

Hello, I would like freeradius to accept both user [EMAIL PROTECTED] for valid authentication via an access server. I have tried to do this via proxy realms, but cannot seem to get it working. I get the following error: Thread 5 handling request 4, (1 handled so far) NAS-IP-Address

Re: proxy/realm stripping question

I am going to get the following data from a user: [EMAIL PROTECTED] I need to parse off bar.com and have Freeradius pass [EMAIL PROTECTED] to the proper radius server for auth. Well, I don't much about proxying yet, but maybe you can accomplish to let the username change in [EMAIL

proxy/realm stripping question

I'm running .8 on Redhat 7.3, on a machine that is essentially acting as a radius server traffic cop. I am going to get the following data from a user: [EMAIL PROTECTED] I need to parse off bar.com and have Freeradius pass [EMAIL PROTECTED] to the proper radius server for auth. I've fiddled

RE: proxy/realm stripping question

From: Erik Denny Sent: Saturday, 23 August 2003 2:24 PM I'm running .8 on Redhat 7.3, on a machine that is essentially acting as a radius server traffic cop. I am going to get the following data from a user: [EMAIL PROTECTED] I need to parse off bar.com and have Freeradius pass

FR 0.8.1 Radius Proxy

Hi, I have one FR 0.8.1 runing as Radius Proxy (radius A). I got 3 kind of auth packet from one NAS (1) userid (2) abc/[EMAIL PROTECTED] (3) [EMAIL PROTECTED] I would like auth case (1) locally(radius A) , case (2) should be fwd to radius B case (3) should be fwd to radius C So I config

Re: Pre-proxy attr_filter?

; +char*realmname; + + /* + * It's not a proxy reply, so return NOOP + */ + + if( request-proxy == NULL ) { + return( RLM_MODULE_NOOP ); + } + + request_pairs = request-packet-vps; + reply_items = request-proxy_reply-vps

Re: Pre-proxy attr_filter?

doesn't work. Don't use it. Use Proxy-To-Realm. Ok. I followed the example in raddb/acct_users. The problem is equal. I found out that I only need attr-filter during preproxy authorize, not for accounting. Is it possible to simply detect in rlm_attr_filter if it was called from the authorize section

Re: Pre-proxy attr_filter?

*realmpair; +REALM *realm; +char*realmname; + + /* +* It's not a proxy reply, so return NOOP +*/ + + if( request-proxy == NULL ) { + return( RLM_MODULE_NOOP ); + } + + request_pairs = request-packet-vps

Re: Pre-proxy attr_filter?

On Mon, 2003-08-11 at 16:45, Chris Brotsos wrote: Another strange thing, if I dialin without a realm, that realm is added after the files section (Proxy-To-Realm =+ realmname). This works for authentication, but not for accounting. With pre-proxy an accounting packet the attr_filter returns

RE: Sample config on Redhat with proxy

on Redhat with proxy Hi All, I'm frist time try the radius server. May I ask who can post the freeradius on redhat here? Or where can I find the details study manuel? Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Pre-proxy attr_filter?

At 09:15 AM 8/8/2003, you wrote: On Fri, 2003-08-08 at 15:48, Alan DeKok wrote: Chris van Meerendonk [EMAIL PROTECTED] wrote: Is it possible to filter attributes that are sent by using radius proxy to the home-server? Something like attr_filter in the pre-proxy stage? If attr_filter

Re: Pre-proxy attr_filter?

check item, but maybe you need to use Proxy-To-Realm := realmname. I don't remember how the two VPs are handled differently, nor am I sure if you want the functionality of Proxy-To-Realm, but give that a try and see if you don't get what you want. It looks to me it's behaving the same

Re: Pre-proxy attr_filter?

At 09:34 AM 8/11/2003, you wrote: I sent the post-proxy patch...you probably hadn't received it by the time you sent this. Yes, I guess I was a little impatient, a bad attitude of me... I included a patch this time with the post-proxy() and accounting() functions. Pay attention

Re: Pre-proxy attr_filter?

At 03:58 AM 8/12/2003, you wrote: On Mon, 2003-08-11 at 16:45, Chris Brotsos wrote: Another strange thing, if I dialin without a realm, that realm is added after the files section (Proxy-To-Realm =+ realmname). This works for authentication, but not for accounting. With pre-proxy an accounting

Re: Pre-proxy attr_filter?

Chris van Meerendonk [EMAIL PROTECTED] wrote: As far as I can see now the problem is that in the acct_users I've got the following: DEFAULT Huntgroup-Name == huntgroup, Replicate-To-Realm := realmname Replicate-To-Realm doesn't work. Don't use it. Use Proxy-To-Realm. Alan DeKok

Re: Pre-proxy attr_filter?

At 08:06 AM 8/11/2003, you wrote: On Fri, 2003-08-08 at 15:48, Alan DeKok wrote: Chris van Meerendonk [EMAIL PROTECTED] wrote: Is it possible to filter attributes that are sent by using radius proxy to the home-server? Something like attr_filter in the pre-proxy stage? If attr_filter

FR 0.8.1 Radius Proxy

I have one FR 0.8.1 runing as Radius Proxy (radius A). I got 3 kind of auth packet from one NAS (1) userid (2) abc/[EMAIL PROTECTED] (3) [EMAIL PROTECTED] I would like auth case (1) locally(radius A) , case (2) should be fwd to radius B case (3) should be fwd to radius C So I config my

Re: Pre-proxy attr_filter?

-08 at 15:48, Alan DeKok wrote: Chris van Meerendonk [EMAIL PROTECTED] wrote: Is it possible to filter attributes that are sent by using radius proxy to the home-server? Something like attr_filter in the pre-proxy stage? If attr_filter doesn't already have a pre-proxy stage

  1   2   3   4   5   >