Re: Support for check_cert_subjectAltName?

2012-01-08 Thread Phil Mayers
On 01/08/2012 08:28 PM, Alan DeKok wrote: Turned out the patch to implement this was simple, for freeradius-server-master: I'd prefer a patch which creates an attribute, just like the TLS-Cert-* attributes. The reason is that policies can be created by the administrator. A hard-coded chec

Re: How to subsiture an user password

2012-01-08 Thread ste...@martolvan.is
Thank you very much, you surely pointed me in the right direction. All that was needed is this one line in the users file: DEFAULT Auth-Type := Accept I had read this but wad afraid that it would send every thin an accept, but it does not. I'm finally done thanks to you Alan -- View this mes

Re: Support for check_cert_subjectAltName?

2012-01-08 Thread Alan DeKok
Graham Leggett wrote: > That wasn't quite what I was after, but rather a generic way to ensure the > User-Name matches either dnsName or rfc822Name in the subjectAltName, > depending on whether the peer was a host or a person. > > Turned out the patch to implement this was simple, for > freerad

Re: How to subsiture an user password

2012-01-08 Thread Alan Buxey
Hi, > I have WiFi NAS tat sends me the mac address in both username and password, > but my ldap has all mac addresses as uid with the same fixed password, where > and how could I subsitute the password ? just use the uid as the User-Password. so you are almost there, however > [/etc/raddb/us

Re: How to subsiture an user password

2012-01-08 Thread Alan DeKok
ste...@martolvan.is wrote: > I have WiFi NAS tat sends me the mac address in both username and password, > but my ldap has all mac addresses as uid with the same fixed password, where > and how could I subsitute the password ? Don't. Change the LDAP module so that it doesn't set Auth-Type. Inst

How to subsiture an user password

2012-01-08 Thread ste...@martolvan.is
I have WiFi NAS tat sends me the mac address in both username and password, but my ldap has all mac addresses as uid with the same fixed password, where and how could I subsitute the password ? This is my radiusd -X output: FreeRADIUS Version 2.1.1, for host i686-suse-linux-gnu, built on Sep 27 20

Re: Support for check_cert_subjectAltName?

2012-01-08 Thread Graham Leggett
On 08 Jan 2012, at 5:01 PM, Alan DeKok wrote: >> When using client certificates in EAP-TLS, the check_cert_cn option exists >> that allows you to check that the username matches the CN. Is there a >> corresponding option somewhere that will allow you to verify the User-Name >> against the subje

Re: Support for check_cert_subjectAltName?

2012-01-08 Thread Alan DeKok
Graham Leggett wrote: > When using client certificates in EAP-TLS, the check_cert_cn option exists > that allows you to check that the username matches the CN. Is there a > corresponding option somewhere that will allow you to verify the User-Name > against the subjectAltName instead? In the

RE: Need to autorize access after an successful ldap search

2012-01-08 Thread ste...@martolvan.is
Kveðja - Regards Stefán B. Jónsson sími/tel +354-478-1300, GSM/Mobile +354-894-6541, fax +354-478-2393 Skype name: stefan.martolvan.is Trúnaður /Disclosure http://www.martolvan.is/tunadur-tolvuposts.html From: ste...@martolvan.is [via FreeRadius]

Support for check_cert_subjectAltName?

2012-01-08 Thread Graham Leggett
Hi all, When using client certificates in EAP-TLS, the check_cert_cn option exists that allows you to check that the username matches the CN. Is there a corresponding option somewhere that will allow you to verify the User-Name against the subjectAltName instead? Regards, Graham -- smime.p7

Re: Dynamic specify the outbound GW within source code

2012-01-08 Thread fieldpeak
thanks for reminding... 2012/1/8 Alan DeKok > fieldpeak wrote: > > i have FS for PSTN outbound call using below dial plan, > > You have the wrong mailing list. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Regards, Charles - Li

Re: Dynamic specify the outbound GW within source code

2012-01-08 Thread Alan DeKok
fieldpeak wrote: > i have FS for PSTN outbound call using below dial plan, You have the wrong mailing list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Dynamic specify the outbound GW within source code

2012-01-08 Thread fieldpeak
Dear friends, i have FS for PSTN outbound call using below dial plan, While, now i need dynamically specify the outbound GW’s IP address according to the return result of the external command before routing in the source code , e.g. if the external command return FS the IP addr