Fajar A. Nugraha-2 wrote
... and then on authorize section add something like this (just for check)
if ( (request:User-Name == 00:12:23:56:78:9A)
(control:Agent-Circuit-ID != %{request:Agent-Circuit-ID}) ) {
update control {
Auth-Type := Reject
}
}
then use debug mode
Alan DeKok-2 wrote
IVB wrote:
But I don't see in debug output what exactly was returned in SQL query.
Have you tried running the SQL queries from an SQL client on the
command line?
That's why they're printed out in debugging mode: so you can see them,
and re-run them yourself.
Hi Alan,
thanks for your support.
Finally I have my freeradius server working fine, but there are a new issue
with the windows clients.
If a windows client first enter his credentials erroneous the Ferraris send
a error message, next if the user enter the correct credentials the radius
server
IVB wrote:
Yes, I run queries by hand and see results as strings, non-printable chars
not printed, but attribute itself has non-zero length.
You can't put binary data into an ASCII string field.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok-2 wrote
You can't put binary data into an ASCII string field.
But that was my question!
FreeRADIUS offers following schema for radcheck table:
CREATE TABLE radcheck (
id int(11) unsigned NOT NULL auto_increment,
username varchar(64) NOT NULL default '',
attribute
IVB wrote:
But that was my question!
...
How I can put Opt82 attributes (which contains non-printable bytes) into
database to offer it later for FreeRADIUS using SELECT statement?
You don't.
The database is intended for ASCII data.
You could also edit the dictionaries to make the data
Ricardo89 wrote:
If a windows client first enter his credentials erroneous the Ferraris send
a error message, next if the user enter the correct credentials the radius
server doesn't authenticate the client.
No.
Checking the source code, in the file run_eap_mschapv2, when the client
sends
Hello Alan,
Monday, April 2, 2012, 1:59:03 PM, you wrote:
AD IVB wrote:
But that was my question!
AD ...
How I can put Opt82 attributes (which contains non-printable bytes) into
database to offer it later for FreeRADIUS using SELECT statement?
AD You don't.
Are you kidding?
AD The
Igor Belikov wrote:
AD You don't.
Are you kidding?
If you insist on going down that path, you'll be unsubscribed and
banned. I'm tried of people who can't read the documentation, and who
use that ignorance to put me down.
Do you mean that FreeRADIUS can't accept non-ASCII data from
Thanks for the quick answer.
Yes, the RADIUS secret was what I meant.
Since we want to use a freeRADIUS proxy in our DMZ and because a secure
connection from our customers to our application is important, that seems to
be a problem. Are there maybe some best practices for a case like that, or
35.243.68.36/detail-20120402
[detail] /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src
-IPv6-Address}}/detail-%Y%m%d expands to /var/log/radius/radacct/135.243
Hello Alan,
Monday, April 2, 2012, 2:53:15 PM, you wrote:
AD2vF Igor Belikov wrote:
AD You don't.
Are you kidding?
AD2vF If you insist on going down that path, you'll be unsubscribed and
AD2vF banned. I'm tried of people who can't read the documentation, and who
AD2vF use that
IVB wrote:
Hello Alan,
Yes, I will be very happy to read how to represent 'octets' data in
DB. And I ask about this several times. I don't find this info in
documentation, sorry.
Please give me link to right place.
I gave you a hint, and you deleted it.
Good luck.
Alan DeKok.
-
mimir wrote:
But when I tried it I got segmentation fault.
...
[eap] No pre-existing handler found
Segmentation fault
See doc/bugs
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Heilz wrote:
Thanks for the quick answer.
Yes, the RADIUS secret was what I meant.
Since we want to use a freeRADIUS proxy in our DMZ and because a secure
connection from our customers to our application is important, that seems to
be a problem. Are there maybe some best practices for a
This is incorrect:
IVB wrote
INSERT INTO
`radcheck` ( `UserName`, `Attribute`, `Value`, `op` )
VALUES
( '00:12:23:56:78:9A', 'Cleartext-Password', 'Redback', ':=' ),
( '00:12:23:56:78:9A', 'Agent-Circuit-ID', x'000403fc0001', '==' ),
( '00:12:23:56:78:9A', 'Agent-Remote-ID',
Hi,
i just wonder if it is possible to move included conf files from
radiusd.conf to virtualhosts ?
I mean , is it possible to place the client.conf and sql.conf into a
virtual host instead of radiusd.conf... And so to have a diferent one
pending on called virtualhost ..
-
List
Hello,
(c) use IPSec for connectivity
or if you don't like the complexity that comes with ipsec, use OpenVPN
or any other VPN software.
Cheers,
Thomas
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Mon, Apr 2, 2012 at 7:56 PM, yzy-oui-fi yzy-oui...@hotmail.fr wrote:
Hi,
i just wonder if it is possible to move included conf files from
radiusd.conf to virtualhosts ?
I don't think so.
I mean , is it possible to place the client.conf and sql.conf into a
virtual host instead of
Can you please share docs links? I only check configuration files comments.
I could not find any detailed docs for configurations, or my account do not
have access?
--
View this message in context:
Quoting Alan DeKok al...@deployingradius.com:
...
i.e. the Windows box is caching the *wrong* password.
Go fix it. Ask Microsoft how this is done.
In Windows 7, connection setup, there is a check box for remembering
credentials, clear it.
That gives you some manual control over
Hi!
I've a setup where it is possible to deny a request at various places for
different reasons. I use sql_log in post-auth to log the replies. It would now
be nice to add a comment variable which I fill at the various stations, that
can deny a request, so I know why a request was denied. How
Hello.
I've been following the this tread for quite a while.
I also had this problem of windows 7 prompting for credential several times
without showning any error message.
The problem was gone once i updated 2.1.10(debian) to 2.1.12.
Now, if the user enters wrong credentials, windows prompts for
One more question.. is it possible to replicate to virtual hosts?
I tried but get following error:
[replicate] ERROR: Failed opening socket: cannot open socket: Address family
My aim is first replicate the acct packets to virtual hosts then proxy it.
--
View this message in context:
What the hell are you talking about ? :)
is it a reply to my question ? if yes i don't understand a penny what
you are talking about...
Le lundi 02 avril 2012 à 06:19 -0700, mimir a écrit :
Can you please share docs links? I only check configuration files comments.
I could not find any
25 matches
Mail list logo