Re: update NAS-Identifier in Access-Request before proxying to other radius server

2012-06-04 Thread Alan DeKok
C.F. Yeung wrote: > I want to update NAS-Identifier in Access-Request before proxying to > other radius server. Tried adding the following lines in default but in > vain. WHERE? Just some random place? Or did you READ the file, and look for "proxy". If you had done that, the solution would

update NAS-Identifier in Access-Request before proxying to other radius server

2012-06-04 Thread C.F. Yeung
I want to update NAS-Identifier in Access-Request before proxying to other radius server. Tried adding the following lines in default but in vain. So, where should I put the following unlang? update request { NAS-Identifier = "new-nas-identifier" } - List info/subsc

Re: PAP followed by smsotp authentication [WAS: Re: MSCHAPv2 followed by a smsotp authentication]

2012-06-04 Thread Alan DeKok
Thomas Glanzmann wrote: > Hello everyone, > here is a c implementation of the smsotpd. > > http://thomas.glanzmann.de/smsotpd.2012-06-04.tar.bz2 The tar file seems strange. There's a smsotpd.2012-06-04c directory, but most of the files seem to have a "smsotpd.2012-06-04" prefix. *Without* the

Re: accounting in syslog

2012-06-04 Thread Luo, Frank Y.F. Mr.
oops, yes it is described in the config file - thanks anyway On Jun 4, 2012, at 10:10 AM, Jens Weibler wrote: > On 06/04/2012 04:02 PM, Luo, Frank Y.F. Mr. wrote: >> thanks. will do some research. But I guess I can not send this as syslog >> entry to a syslog server, right? > > yes, you can - j

Re: How to configure Solaris 10 Radius Authentication client.

2012-06-04 Thread Michael Hocke
-BEGIN PGP SIGNED MESSAGE- On Jun 4, 2012, at 2:06 PM, Alek Barsky wrote: > I need to configure bunch of Solaris servers to use RADIUS PAM for > Authentication/Authorization. PAM only does authentication. After all, it stands for Pluggable Authentication Modules. > I followed instruc

Re: How to configure Solaris 10 Radius Authentication client.

2012-06-04 Thread Alan DeKok
Alek Barsky wrote: > There is one problem – the only way I can receive login shell on this > box – if user already exists. That's how PAM works. It makes PAM rather a lot less useful. But that's PAM for you. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list

How to configure Solaris 10 Radius Authentication client.

2012-06-04 Thread Alek Barsky
Hi Guys, I need to configure bunch of Solaris servers to use RADIUS PAM for Authentication/Authorization. I followed instructions in http://freeradius.org/pam_radius_auth/ and was able to configure Authentication portion of this task. There is one problem - the only way I can receive login shell

Re: PAP followed by smsotp authentication [WAS: Re: MSCHAPv2 followed by a smsotp authentication]

2012-06-04 Thread Timmy
Dear Thomas, You are the Ger Man. I like software. Thank You very much. Yours Faithfully, Timmy Hello everyone, here is a c implementation of the smsotpd. http://thomas.glanzmann.de/smsotpd.2012-06-04.tar.bz2 Cheers, Thomas - List info/subscribe/unsubscribe? See http://www.freera

Re: PAP followed by smsotp authentication [WAS: Re: MSCHAPv2 followed by a smsotp authentication]

2012-06-04 Thread Thomas Glanzmann
Hello everyone, here is a c implementation of the smsotpd. http://thomas.glanzmann.de/smsotpd.2012-06-04.tar.bz2 Cheers, Thomas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: "Invalid password" on OS-X

2012-06-04 Thread Alan DeKok
Jens W. Skov - JS Consult wrote: > I’m trying to set up external authentication from our router to a > OSX-server. > > I have it working fine if the user is an admin-user on the mac, but if I > try with a normal user I get: > > Auth: rim_opendirectory: User is authorized. > Auth: rim_opendirecto

Re: Problems with Huntgroup

2012-06-04 Thread Alan DeKok
Sergio Belkin wrote: > 2012/6/4 Alan DeKok : >> The debug for the "inner-tunnel" *clearly* shows NOT using the "files" >> module. > > So, sorry for the stupid questions but how can I do that If it's in the file, it's used. > It's true what you say about debug output, but I "files" is in > inn

Re: Problems with Huntgroup

2012-06-04 Thread Sergio Belkin
2012/6/4 Alan DeKok : >  The debug for the "inner-tunnel" *clearly* shows NOT using the "files" > module. So, sorry for the stupid questions but how can I do that It's true what you say about debug output, but I "files" is in inner-tunnel configuration, I tried putting "files" above of chap, but

Re: Freeraduis as accounting proxy

2012-06-04 Thread Alan DeKok
peterpz wrote: > Unfortunately I don't have the file: raddb/sites-available/default, because > it is the FreeRADIUS.net 1.1.7-r0.0.2 for Windows... I even don't have the > folder sites-available in the raddb folder, so I don't have this > documentation and am trying to configure it blind. See ra

Re: accounting in syslog

2012-06-04 Thread Jens Weibler
On 06/04/2012 04:02 PM, Luo, Frank Y.F. Mr. wrote: thanks. will do some research. But I guess I can not send this as syslog entry to a syslog server, right? yes, you can - just configure linelog to send the wanted variables to syslog.. -- Jens Weibler IT-Services Hochschule Darmstadt www.h

Re: accounting in syslog

2012-06-04 Thread Luo, Frank Y.F. Mr.
thanks. will do some research. But I guess I can not send this as syslog entry to a syslog server, right? Also about the username, you are right on the Mac address - I misread it - but I do see unreadable accounting log like this one in the packet. Is this something fixable at NAS? Frank rad_

Re: Freeraduis as accounting proxy

2012-06-04 Thread peterpz
Unfortunately I don't have the file: raddb/sites-available/default, because it is the FreeRADIUS.net 1.1.7-r0.0.2 for Windows... I even don't have the folder sites-available in the raddb folder, so I don't have this documentation and am trying to configure it blind. I had to put fail string in the

Re: Problems with Huntgroup

2012-06-04 Thread Alan DeKok
Sergio Belkin wrote: > I haven't deleted anything respect to configuration files per default: You can believe what you want, or you can believe the server output. > Did I missed something? The debug for the "inner-tunnel" *clearly* shows NOT using the "files" module. Go fix that. Ala

Re: Problems with Huntgroup

2012-06-04 Thread Sergio Belkin
2012/6/4 Alan DeKok : > Sergio Belkin wrote: >> I've appended something like to huntgroups file >> >> mb NAS-IP-Address == 10.129.189.1 >> mb NAS-IP-Address == 10.129.84.1 >> mb Called-Station-Id == 00-1B-7E-DC-AB-1A:UP-PVIII-I >> >> And in users files: >> >> pruebita  Huntgroup-Name == "mb",Cleart

Re: Problems with Huntgroup

2012-06-04 Thread Alan DeKok
Sergio Belkin wrote: > I've appended something like to huntgroups file > > mb NAS-IP-Address == 10.129.189.1 > mb NAS-IP-Address == 10.129.84.1 > mb Called-Station-Id == 00-1B-7E-DC-AB-1A:UP-PVIII-I > > And in users files: > > pruebita Huntgroup-Name == "mb",Cleartext-Password := "pruebon" > >

Re: Freeraduis as accounting proxy

2012-06-04 Thread Alan DeKok
peterpz wrote: > I'm trying to set up my freeradius to be an accounting proxy. No it only > receives acct packets and saves data in log files. The configuration is > below: > > radiusd.conf: > > accounting { > detail > fail > } Huh? You want it to *fail* accounting? > I added the

Freeraduis as accounting proxy

2012-06-04 Thread peterpz
Hello, I'm trying to set up my freeradius to be an accounting proxy. No it only receives acct packets and saves data in log files. The configuration is below: radiusd.conf: accounting { detail fail } detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detai

"Invalid password" on OS-X

2012-06-04 Thread Jens W. Skov - JS Consult
Hi I'm trying to set up external authentication from our router to a OSX-server. I have it working fine if the user is an admin-user on the mac, but if I try with a normal user I get: Auth: rim_opendirectory: User is authorized. Auth: rim_opendirectory: User [vpntest]: invalid password I have