Hello everyone.
I've been going a bit mad on this subject for a while. I am receiving
proxied requests from my upstream provider and I am also doing
authentication locally. The issue I've been experiencing has to do with
this error handed to me from my upstream provider :
Tue Jan 2
Date: Thu, 28 Dec 2006 08:44:22 -0800
From: [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Subject: Re: problem with NT-Password and LDAP
Ana Gallardo Gómez wrote:
Well, I can not modify the LDAP server, I only can use it,
ian, just review your radiusd.conf (authenticate and authorize sections)
because you sql IS going ok.
modcall[authorize]: module sql returns ok for request 0
but your unix IS not
modcall[authenticate]: module unix returns notfound for request 0
just leave sql in your auth section if you
Etienne Pretorius wrote:
BTW is there a way to specify an OR / AND operator below for acct_users?
So that I can say something like
DEFAULT [ Client-IP-Address == XXX.XXX.XXX.XXX ||
Client-IP-Address == YYY.YYY.YYY.YYY ||
Ellis, Scott 1 (N-Comptel Inc.) wrote:
I am using PAM for Auth-Type.
I want to be able to either 1) restrict the devices the user has access
to (admins,operators, etc) by username and/or 2) preferably carve into
groups my network gear/NAS devices and then assign users to groups.
See man
It's January, so the book obviously hasn't met my target of being
finished by December. The good news is that I have over 100 pages of
content, and I recently entered an agreement with a partner that will
give me access to additional networking equipment, which should help
expand the content to
Hi all. I would like to know where can I find a list of the parameters
used by radiusd. I looked all over the wiki FAQ and the documentation
under /usr/share/doc/freeradius-1.0.1 and couldn't find any mention to
it.
Attentiously,
--
Eduardo Costa Lisboa
-
List info/subscribe/unsubscribe? See
on 01/02/2007 05:22 PM Eduardo Costa Lisboa said the following:
Hi all. I would like to know where can I find a list of the parameters
used by radiusd. I looked all over the wiki FAQ and the documentation
under /usr/share/doc/freeradius-1.0.1 and couldn't find any mention to
it.
Do you mean:
I have looked it over, but I am still not clear. I was thinking that I
could use huntgroups to map devices to specific groups, but then I am
not clear on how to restrict users ('users' file) to those groups. I
know this has probably been done most everywhere in one form or another.
Any examples
On 1/2/07, Gaurav Sabharwal [EMAIL PROTECTED] wrote:
radiusd -h and man radiusd ?
Yes! Actually, I've tried man radiusd, but it said that there was no
manual entry for it. And, unfortunately, I forgot to use -h.
--
Eduardo Costa Lisboa
-
List info/subscribe/unsubscribe? See
I am using PAM for auth-type in my users file. Is there a simple way to
say that user 'x' can only login to IP addr 'y' and /or 'z'? I have
groups of engrs, admins, and operators and need to discriminate who can
access which device
Scott
-Original Message-
From: Ellis, Scott 1
On Tue, 2007-01-02 at 09:37 -0300, Hernan Antolini wrote:
ian, just review your radiusd.conf (authenticate and authorize
sections) because you sql IS going ok.
modcall[authorize]: module sql returns ok for request 0
but your unix IS not
modcall[authenticate]: module unix
Back on October 18th, we had a conversation about threading issues.
In the message it was said:
The issues is bad record mac, not failed in system call. The
second error message is a result of the first.
I suspect threading issues. Try running the server in non-threaded
mode. If that
On Tue, 2007-01-02 at 09:37 -0300, Hernan Antolini wrote:
ian, just review your radiusd.conf (authenticate and authorize
sections) because you sql IS going ok.
modcall[authorize]: module sql returns ok for request 0
but your unix IS not
modcall[authenticate]: module unix
Ian Truelsen wrote:
BTW, I just noticed that while there is a section in authorize for sql,
there is not one in authenticate. Is that correct?
Yes, radius does authentication. MySQL stores the password for radius.
-Dennis
-
List info/subscribe/unsubscribe? See
Alan:
Just to say to you that if you need my help, please let me know what
you need and, if possible, I will help you.
Regards
On 1/2/07, Alan DeKok [EMAIL PROTECTED] wrote:
It's January, so the book obviously hasn't met my target of being
finished by December. The good news is that I have
ian
sql goes in authorize section and accounting only; leave preprocess,
auth_log, suffix and sql uncommented there to start.
what about your ian entry in your users file ?...and delete that strange
entry in your radcheck (id 1).
Ian Truelsen [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
Ian Truelsen wrote:
BTW, I just noticed that while there is a section in authorize for sql,
there is not one in authenticate. Is that correct?
Yes. SQL servers are databases, not authentication servers. RADIUS
servers are authentication servers, not databases.
Alan DeKok.
--
King, Michael wrote:
I suspect threading issues. Try running the server in non-threaded
mode. If that works, then the SSL locking code should be back-ported
from the CVS head (src/main/threads.c)
I was wondering if anything had come of this?
Did anyone run the server in non-threaded
Ellis, Scott 1 (N-Comptel Inc.) wrote:
I have looked it over, but I am still not clear.
What *exactly* about the documentation is not clear? You can use
rlm_passwd to make a group of anything you want.
I was thinking that I
could use huntgroups to map devices to specific groups, but then I
Well here is where I am.
I am using PAM.
All I need to pull all the pieces together is one simple example of what
has to be done to do the following: user1 and user2 can access devices
10.1.1.1, 10.1.1.2, and user3 can access only 10.1.1.3.
*
Here is where I am. To turn on
21 matches
Mail list logo