Hi All,
I was wondering if I could use rlm_attr_filter to filter out
attributes from LOCAL proxied domains.
e.g. in proxy.conf
realm EDPNET {
type= radius
authhost = LOCAL
accthost = LOCAL
}
I tried adding EDPNET to the attr file but the attr_filter returns noop
thank you for any
Thanks for your response. I tried this query:
authorize_check_query = SELECT id, UN, Attribute, Value, op \
FROM ${authcheck_table} \
WHERE UN = '%{SQL-User-Name}' \
ORDER BY id
In above query I changed Username to UN, but radius was still working, so I
think its
I do not know about mysql, but i have used stored procedures just fine
with postgresql.
it can look something along the lines of:
authorize_check_query = SELECT * FROM someproc('%{SQL-User-Name}',
'%{Client-IP-Address}') HAVING id IS NOT NULL
for the record, I have been using stored procedures
Is it possible to delete entire attributes with rlm_attr_rewrite?
Tomasz
--
Tomasz Wolniewicz
[EMAIL PROTECTED]http://www.uni.torun.pl/~twoln
Uczelniane Centrum Informatyczne InformationCommunication Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus
modcall[authorize]: module preprocess returns ok for request 0
radius_xlat: '/var/log/radius/radacct/dummy ip/auth-detail-20060208'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/dummy ip/auth-detail-20060208
modcall[authorize
I use rlm_ldap for authorization only in quite a specific way, but
here's a simple model/description of what I do:
# ldap.attrmap
replyItem Reply-Message rbPackage
###
LDAP attribute rbPackage can have multiple values (its type is
Hallo everyone,
I have a short question, Is it possible for other
protocol to integrate it with freeradius?
This protocol is run by a deamon and I want to send
the result of this process as access request (that
will forwarded by NAS to server)
this is what I thought, do you think it is possible?
I use freeradius-1.1.0 built from FreeBSD ports on FreeBSD.
There is the following comment in default raddb/dictionary.sample (this
file probably comes from the FreeBSD port):
#
# Place additional attributes or $INCLUDEs here. They will
# over-ride the definitions in the pre-defined
In 'Ralink Wireless Utility' -'802.1x
Setting'
I canchoose 'PEAP' andfoll 3 fields
(with my example values):
1. Identyty = myidentyty
2. Login = mylogin
3. Password = mypass
(I set protocol as EAP-MSCHAP v2)
in freeradius users file I can write:
myloginAuth-Type = EAP, User-Password :=
Is there a way to force a silent drop of a packet instead of sending
Access-Reject ?
I am interested in both doing this through configuration file(s) and
doing this from a module (e.g. with some special return code or attribute).
On a somewhat related note: is there way to make FreeRADIUS server
After exploring the web It came to know that I need to add a CLIENT_FLAG
mysql_real_connect(). Otherwise MySQL Stored Procedure will not work, I was
having same problem with PHP, then I added this parameter in mysql_connect()
mysql_connect($db_serv,$u_name,$u_pass, false,65536)
above 65536 could
On Tuesday 07 February 2006 16:51, [EMAIL PROTECTED] wrote:
I been told that I need to configure ascend-data-filters to pass ADF's
to make port 25 work for our dialup users. Does he mean something like
this?
Ascend-Data-Filter = ip in forward destport = 25
Renaming destport to dstport
Dear all,
I have setup a RADIUS server (freeradius of course) with an
authenticator (hostapd 0.4.7) and a supplicant (wpa_supplicant 0.4.7).
Both the last two use hostap-driver 0.4.7.
I am using EAP-TLS (client and server certificates generated by the
CA.all script included in freeradius)
On Monday 06 February 2006 16:25, Dennis Skinner wrote:
Guy Fraser wrote:
there. I looked into it briefly for Cisco 5248 and determined
that by setting the interface administratively down would boot
the user, then setting it back to up would allow it to accept
access again. The tricky
Andriy Gapon [EMAIL PROTECTED] wrote:
Errors reading dictionary: dict_init:
/usr/local/local/dictionary.mine[3]: dict_addattr: Duplicate attribute
name Digest-Response
Errors reading radiusd.conf
Shouldn't I be able to override name-number mapping for attributes ?
Yes, so long as the
Norbert Grochal [EMAIL PROTECTED] wrote:
in freeradius users file I can write:
mylogin Auth-Type = EAP, User-Password := mypassword
Please read eap.conf. Setting Auth-Type is NOT recommended.
So identity can by any word. I hope mylogin and mypassword is sent to
radius encrypted, not as
Andrea G Forte [EMAIL PROTECTED] wrote:
The problem is that it is taking too little time for the
authentication process to complete.
Why is that a problem?
In the attached file you can see one authentication process
captured using kismet and then parsed with Ethereal.
sigh Why is it
Alan,
thank you for the response.
Because my authentication time is *so much* different than anything else
I have ever read, I am worring that perhaps even though the
authentication is successful, I am doing something wrong with some
certificate or policy that might end up compromising the
John Metcalfe [EMAIL PROTECTED] wrote:
/usr/lib/freeradius/rlm_eap_tls-1.0.2.so: undefined symbol:
SSL_set_msg_callback
You have two versions of OpenSSL installed on your system. One that
you used to build FreeRADIUS, and another that your dynamic linker
finds at run-time. The versions are
Andrea G Forte [EMAIL PROTECTED] wrote:
Because my authentication time is *so much* different than anything else
I have ever read, I am worring that perhaps even though the
authentication is successful, I am doing something wrong with some
certificate or policy that might end up
Priscilla B [EMAIL PROTECTED] wrote:
This protocol is run by a deamon and I want to send
the result of this process as access request (that
will forwarded by NAS to server)
this is what I thought, do you think it is possible?
Is there any library that I can use to extend this
function?
I am currently running freeradius 1.0.4 I have the following line set
log_auth_goodpass = no
I am also using krb5 module under PAM.
The problem I am having is while I do not get the User-Password in the
NAS/auth-detail log, it does show up in the 127.0.0.1/auth-detail file.
I have tried
dear all,
im a newbie, i have configured freeradius + mysql, but i can't connect user from radcheck table.
please give me an advices,
etc/rc.d/rc.radiusd restartStarting FreeRADIUS:Thu Feb 9 10:51:54 2006 : Info: Starting - reading configuration files ...radiusd
[EMAIL PROTECTED] raddb]# tail -f
Radius User wrote:
I am totally a newbie at the world of freeradius.
Can any one give me a simple example clients,users and naslists file.
so simply..
regards
The tar comes with an extensively commented config for everything.
--
Lewis Bergman
Texas Communications
4309 Maple St.
Abilene, TX
Hi all,i've installed freeradius with experimental modules enabled under debian sarge... after i run the program by typinghotspot:# radiusd -x Starting - reading configuration files ... Using deprecated naslist file. Support for this will go away soon. Module: Loaded exec rlm_exec:
25 matches
Mail list logo