Re: ..::Restrict local users::..

2011-06-23 Thread Fajar A. Nugraha
2011/6/24 Alfonso Alejandro Reyes Jiménez : > Hi Everyone. > > we would like to know if there's a way to reject access to the local users, > that's because we discover that if you have a system account you may login > on the radius server. > IIRC that's the default setup on most system. > I have

RE: :Restrict local users::..

2011-06-23 Thread Tim Sylvester
Is the "unix" module uncommented in the authorize section of your configuration? If so, then FreeRADIUS is authenticating the users in the /etc/password file. # # Pull crypt'd passwords from /etc/passwd or /etc/shadow, # using the system API's to get the password. If yo

..::Restrict local users::..

2011-06-23 Thread Alfonso Alejandro Reyes Jiménez
Hi Everyone. we would like to know if there's a way to reject access to the local users, that's because we discover that if you have a system account you may login on the radius server. I have the teory that if we use the rlm_passwd module we can reject the access to the "local group", I sea

Re: Version 2.1.11 has been released

2011-06-23 Thread John Dennis
On 06/23/2011 03:11 AM, Fajar A. Nugraha wrote: On Thu, Jun 23, 2011 at 12:48 AM, John Dennis wrote: freeradius-2.1.11 RPM packages for Fedora 14 and Fedora 15 have been pushed into their respective *testing* repos. It may take a while for them to hit the mirrors. To upgrade via yum you will n

Re: Dynamic Clients IP Best practice?

2011-06-23 Thread Phil Mayers
On 06/23/2011 08:24 PM, Brent Wilkinson wrote: I unfortunately have a large amount of hotspots that are behind dynamic ip’s. We have tried to get as many of them onto statics as possible but are having issues with that. After having read through a few dozen different threads and readmes does free

Re: Dynamic Clients IP Best practice?

2011-06-23 Thread Arran Cudbard-Bell
On Jun 23, 2011, at 9:24 PM, Brent Wilkinson wrote: > I unfortunately have a large amount of hotspots that are behind dynamic ip’s. > We have tried to get as many of them onto statics as possible but are having > issues with that. After having read through a few dozen different threads and > r

Dynamic Clients IP Best practice?

2011-06-23 Thread Brent Wilkinson
I unfortunately have a large amount of hotspots that are behind dynamic ip's. We have tried to get as many of them onto statics as possible but are having issues with that. After having read through a few dozen different threads and readmes does freeradius have something that has been put into plac

Re: Problem with Rlm_Perl and Digest-Attributes Translation

2011-06-23 Thread marvin
subscribe done -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problem-with-Rlm-Perl-and-Digest-Attributes-Translation-tp4517972p4517990.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.o

Re: Version 2.1.11 has been released

2011-06-23 Thread Alan Buxey
Hi, > On Thu, Jun 23, 2011 at 12:48 AM, John Dennis wrote: > > freeradius-2.1.11 RPM packages for Fedora 14 and Fedora 15 have been pushed > > into their respective *testing* repos. It may take a while for them to hit > > the mirrors. > > > > To upgrade via yum you will need to enable the testing

Re: Credentials format in Windows suplicant

2011-06-23 Thread Phil Mayers
On 23/06/11 14:28, joanroldan wrote: However, using users from another realms which have to be proxied do not. In debug mode the request is proxied: I assume you're using eduroam? Sending Access-Request of id 113 to 84.88.0.19 port 1812 User-Name = "proves_i...@cesca.cat" C

Re: Credentials format in Windows suplicant

2011-06-23 Thread Alan Buxey
Hi, > However, using users from another realms which have to be proxied do not. In > debug mode the request is proxied: so, issue with remote proxy. you say that the admin of the remote proxy says that he can see your requests...but you dont answer he stuff that gets sent back? in this case, che

Re: Credentials format in Windows suplicant

2011-06-23 Thread joanroldan
Hi everybody, I have successfully authenticated a user by adding this portion authorize { if (User-Name =~ /^([^@]*)@(.+)$/) { update request { Stripped-User-Name := "%{1}" Realm := "%{toupper:%{2}}" } } else { reject } that Phil provide me. The intern

Re: Unable to find module....

2011-06-23 Thread Fajar A. Nugraha
On Thu, Jun 23, 2011 at 3:49 PM, Jerome wrote: > I have the same problem with "attr_rewrite" module, in Freeradius 2.1.10. > Have you found an answer ? You're replying to a very old thread (April 2009), without including the debug output or details about what your environment is. It's unlikely t

Re: Unable to find module....

2011-06-23 Thread Jerome
I have the same problem with "attr_rewrite" module, in Freeradius 2.1.10. Have you found an answer ? Thanks Jerome -- View this message in context: http://freeradius.1045715.n5.nabble.com/Unable-to-find-module-tp2781809p4516775.html Sent from the FreeRadius - User mailing list archive at Nabbl

Re: pairfind segmentation fault

2011-06-23 Thread Alan DeKok
Juan Pablo L. wrote: > Hi, i m writing a module2 for freeradius 2.1.10 on linux 2.6.18-194.el5PAE. > this is the code: ... > I have no idea what the problem is. See doc/bugs This list isn't the place to discuss debugging code you write. > What is the different between pairmake and radius_pai

Re: 2.1.x 34c68ba8: freebsd 7.x: segfault/internal error in select()

2011-06-23 Thread Russell Jackson
On 06/21/2011 12:07 AM, Alan DeKok wrote: Russell Jackson wrote: I'm getting a segfault on exit after logging this to syslog: ... I suspected that tv_usec needs to be< USEC, so I kluged the code to subtract 1 from when.tv_usec if it's>= USEC. So far, I haven't had any more crashes. Commit d8

Re: Version 2.1.11 has been released

2011-06-23 Thread Fajar A. Nugraha
On Thu, Jun 23, 2011 at 12:48 AM, John Dennis wrote: > freeradius-2.1.11 RPM packages for Fedora 14 and Fedora 15 have been pushed > into their respective *testing* repos. It may take a while for them to hit > the mirrors. > > To upgrade via yum you will need to enable the testing repo, e.g. > > y