> But, how I said, I don't need proxy, Then I have commented the line proxy
> proxy_requests = no
> #$INCLUDE proxy.conf
... and broke the server (inner-tunnel processing). Well done! Now put it
back the way it was.
I read in the radiusd.conf
# The server has proxying turned on by default. If
LinkedIn
Nelson Acero Fino requested to add you as a connection on LinkedIn:
--
Glen,
I'd like to add you to my professional network on LinkedIn.
- Nelson
Accept invitation from Nelson Acero Fino
http://www.linkedin.com/e/ABSVWpZ1_sZ_yf9BG_W
Thanks Alan DeKok, but I have some questions.
> So, how I said in the last post,
> the HOW_TO about SQL is out-of-date. The tables has name/schema changed.
> But I will have success.
All of this is documented in the config files.
I search in the config files but I don't find nothing about this
Alexander Clouter wrote:
> Make sure you 'git cherry-pick' the patches related to:
>
> https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=15
> https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=21
>
> ...if you are using a vanilla 2.1.7.
Thanks for the heads up. I'm currently in a testing p
David Mitchell wrote:
>
> Alan DeKok wrote:
>
>> David Mitchell wrote:
>>> I was searching back in the archives, and in September there was a user
>>> who reported a problem with session resumption. I'm seeing the exact
>>> same symptoms I believe, also on Debian 5.0 with OpenSSL 0.9.8g. I never
>
Hello
I store the expiration date as a radius attribute inside the LDAP (radius
profile object class).
But where I check this value and where i call the script? in which module?
The think is clear i do not know where to configure it, in which file. For
example, the echo module is clear, if
> Ok, we can see that because ###if ( SQL-Group == my_pool ) ### - so,
> radius try to use new SQL query to sql DB.. But why? In this point
> radius knows that user had been found in group my_pool - see ###point
> 1###.
And what if user belongs to more than one group? What value should
SQL-Group h
> please i need to know how to call an external script one the users is
> expired.
> I got radius call an external script once the user is authenticated with
> success by using the echo module, but now I need to call another script
> when
> the user tries to connect after expiration date.
Where do
> We sell our time in Day, Week and Month
> increments, and the users are free to used the system as much as they want
> during their time. My Question is, do I really need to use
> Max-All-Session
> if all I really need is a hard expiration date for my users?
You don't need Max-All-Session then.
Don't use User-Password at all. See man rlm_pap.
Ivan Kalik
Kalik Informatika ISP
> user password i guess is same as System?
>
> On Mon, Oct 19, 2009 at 11:49 AM, Alan Buxey
> wrote:
>
>> Hi,
>>
>> > But I still got small problem, when i run in de debug mode i saw this
>> > warning. I'm not fully
Alan DeKok wrote:
> David Mitchell wrote:
>> I was searching back in the archives, and in September there was a user
>> who reported a problem with session resumption. I'm seeing the exact
>> same symptoms I believe, also on Debian 5.0 with OpenSSL 0.9.8g. I never
>> saw any follow up? Is there a f
hello,
please i need to know how to call an external script one the users is
expired.
I got radius call an external script once the user is authenticated with
success by using the echo module, but now I need to call another script when
the user tries to connect after expiration date.
Any idea
hello,
please i need to know how to call an external script one the users is
expired.
I got radius call an external script once the user is authenticated with
success by using the echo module, but now I need to call another script when
the user tries to connect after expiration date.
Any idea
I have a successful wifi captured portal system running with FreeRadius and
HP Procurve equipment. When I originally started learning how to build it,
I used WiFiGator as my first test case. When they set up that system, they
used both the Max-All-Session and the Expiration attributes for all use
user password i guess is same as System?
On Mon, Oct 19, 2009 at 11:49 AM, Alan Buxey wrote:
> Hi,
>
> > But I still got small problem, when i run in de debug mode i saw this
> > warning. I'm not fully sure what it asks me to do? Any advice on this?
>
> its fairly clear isnt it? the error is writ
Hello!
My user is inserted in group = my_pool in sql DB.
I try to use in my sites-enabled/default something like this
post-auth {
...
...
if ( SQL-Group == my_pool ) {
...
...
}
}
when my user comes I can see it :
Tue Oct 20 18:49:23 2009 : Info: [sqlauth] e
Doc Phillips wrote:
> I was thinking something along the lines of
> "--require-membership-of=domain\\ computers" &&
> "--require-membership-of=domain\\ users". You can only access the
> network if you're logging on from a valid machine with valid
> credentials. Does that make sense or am I totall
Just because RADIUS has an attribute defined, doesn't mean the NAS supports it for your use.
In general, the IP address assignment attributes are intended for use with NAS's that are point-to-point access routers where the address will be for an "unnumbered" connection, where the link level under
Oops, just a typo :)
Anyway I have tested it with one domains, (I will have more in the future)
but in theory it should work and my testing using RADNTPING and RADIUS -X
shows that it should.
Thanks
Bob
On Tue, Oct 20, 2009 at 12:36 PM, Alan Buxey wrote:
> Hi,
>
> > if ( User-Name =~
On Tue, Oct 20, 2009 at 2:46 AM, Alan DeKok wrote:
> Doc Phillips wrote:
> > I'm trying to prevent rogue devices from connecting to production and
> > obviously only allow valid users & devices. The current setup states
> > members of domain computers or domain users are allowed to auth against
>
Divyank Rastogi wrote:
> I was going through FreeRadius1.1.8 code when i saw that unlike the SRC
> code which is LGPL, EAP code is under GPL.
You need to read the licenses to the source code you are using. In
this case, you haven't read them carefully enough.
The src/lib directory is LGPL.
Hi,
I was going through FreeRadius1.1.8 code when i saw that unlike the SRC code
which is LGPL, EAP code is under GPL.
As per my understanding LGPL (and not GPL) is applicable to be freely
distributes as statically linked libraries and the files in ‘module’ folder
are protected by GPL as against
Radius 2.1.7 disponible for freebsd?
--
Att.
Alisson F. Gonçalves
Sistemas de Informação - UFGD
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
INACIO ALVES wrote:
> I think that lack documentation to work with freeRADIUS. The new version
> 2.x is very different from early 1.x.
And it contains a lot more documentation than 1.x.
> So, how I said in the last post,
> the HOW_TO about SQL is out-of-date. The tables has name/schema changed.
Thanks Santiago and Ivan,
The schema of the database is in the source of instalation and I have create my
database in MySQL.
I think that lack documentation to work with freeRADIUS. The new version 2.x is
very different from early 1.x. So, how I said in the last post, the HOW_TO
about SQL is o
> Subject: RE: Ldap search and AD operations error
>
> Leighton,
>
> Try using ldapsearch in verbose mode (and debug mode) to get
> more info from AD.
>
> ldapsearch -v -h -D "cn= dc=ad,
> dc=hud, dc=ac, dc=uk" -w -x -b "dc=ad, dc=hud,
> dc=ac, dc=uk"
> "(sAMAccountName=mytestusername)"
>
> >Fr
Hi,
> if ( User-Name =~ /^host\//i ) {
> if ( User-Name =~ /\\.first\\.domain$/i ) {
> update control {
> Proxy-To-Realm := "first.domain"
> }
> }
> if ( User-Name =~ /\\.second\\.domain$/i ) {
> update control {
>
Okay, just to update everyone and for others that might search this
mail-listing:
I have finally gotten it, using the code below in the authorize section I
can send host authentication to multiple proxies based on domain name
if ( User-Name =~ /^host\//i ) {
if ( User-Name =~ /\\.firs
> Alan Thanks for the quick reply.
> I would like to have one more clarification.
> Can we use IP addrss as Attribute value pair so that the RADIUS server
> throws IPs dynamically to users after authentication.
Did you actually read the reply?
> For WiFi authentication, you need a DHCP server.
Great I'll try the update control..
As for Realms file, I did try using prefix instead of suffix, but in the
case of username.domain.name, it says that the Realm is username and the
Stripped User name is domain.name
Thanks
Bob
On Tue, Oct 20, 2009 at 10:21 AM, Ivan Kalik wrote:
> > 1. Is there
Alan Thanks for the quick reply.
I would like to have one more clarification.
Can we use IP addrss as Attribute value pair so that the RADIUS server
throws IPs dynamically to users after authentication.
Regards
Anoop
Anoop C wrote:
> Hi
> We are running EAP-TLS authentication for office users
> 1. Is there a way to "manually" specify a proxy or Realm in the authorize
> section?
Yes.
update control {
Proxy-To-Realm := "some_realm"
}
> 2. Is there a way to modify the Realms file to find a realm find the realm
> domain.name in from within user.domain.name. Whenever I try I only ge
Hi,
> Okay, perfect that was part of the answer I needed, Thanks!
>
> I guess I now have two more questions:
>
> 1. Is there a way to "manually" specify a proxy or Realm in the authorize
> section?
>
> 2. Is there a way to modify the Realms file to find a realm find the realm
> domain.name in fr
Okay, perfect that was part of the answer I needed, Thanks!
I guess I now have two more questions:
1. Is there a way to "manually" specify a proxy or Realm in the authorize
section?
2. Is there a way to modify the Realms file to find a realm find the realm
domain.name in from within user.domain.
34 matches
Mail list logo
