Ok, that makes sense, would work better I think if I had an include file
similar to the users file in a sense, which I assume I can do but not tried in
the middle of a section, I could then ditch the users file. Problem is "users"
is kind of nice, plus it's marginally easier to read for the less
Hi,
>Any ideas?
why not just put the required stuff into the post-auth - either still using
the files entries or using unlang eg something like
if("%{User-Name}% =~ /[frankdsa|everdstons|kirddksa|kefls]/ && NAS-IP-Address
=~ /192\.168\.104\./ ){
I recently setup two FreeRADIUS servers and have them set as primary/secondary
on Cisco WiSM2 wireless controllers. On one of the two FreeRADIUS servers
everything's going great and I see the logins flying by in the logs, however on
the other FreeRADIUS server I keep seeing the following in the
Hi
I have a seemingly simple thing I need to do, however it doesn't
seem to be working. In the users file I do a quick match to see if a
user is in the regex list I put in (this is for overrides of an ldap
group, determining higher privileges, but still basic access for the
group users), an
No, those are still missing the reply: bit
alan
--
This smartphone uses free WiFi around the world with eduroam, now that's what I
call smart.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello guys,
A quick question, can we have different Huntgroup's with similar NAS ip
address? for e.g.
OTA NAS-IP-Address == 11.1.200.49
Device NAS-IP-Address == 11.1.200.49
NetworkArchitecture NAS-IP-Address == 11.1.3.252
-
List info/subscribe/unsubscribe? See http://www.free
Yes i was editing the right file but i've found strange characters in the
file. I did some cleaning. Now, the update coa is sending every attributes
correctly. It seems that i only have the expand ok in the section where i
did configure the "update coa" (not ok in pre-proxy), see below :
rad_recv:
On 29/08/12 17:53, Chocoflex Mamba wrote:
file. Below my update coa section :
update coa {
User-Name = "%{User-Name}"
Acct-Session-Id= "%{Acct-Session-Id}"
NAS-IP-Address = "%{NAS-IP-Address}"
Framed-IP-Address = "%{F
I dit not write "%{:Attribute-Name}" in my conf file. What i've
understood from the document is that i can write for example :
%{request:User-Name}
%{reply:Alc-Subsc-Prof-Str} => i have this information in the reply(see
below)
And like i said in my previous post, that's what i wrote in my con
On 29/08/12 16:00, Daniel Finger wrote:
If I have searched correctly it should work if I rewrite the Attribute with
\28 for ( and \29 for ) (as ascii string, not escaped :-))
Shouldn't that be %28 and %29? Relevant docs here are RFC 4516 section
2.1, which references RFC 3986 section 2.1.
Chocoflex Mamba wrote:
> It's not a typo, it's just the format in unlang documentation:
>
> "Attribute lists may be referenced via the following syntax
>
> " %{:Attribute-Name}
Don't be ridiculous. There's no attribute named "Attribute-Name".
Some amount of independent
It's not a typo, it's just the format in unlang documentation:
"Attribute lists may be referenced via the following syntax
" %{:Attribute-Name}
This is what i have in my update coa :
update coa {
User-Name = "%{User-Name}"
Acct-Sess
On Wed, Aug 29, 2012 at 9:54 PM, Chocoflex Mamba wrote:
> tried the syntax %Attribute-Name but it's still empty.
Of course it's empty. The syntax is wrong. Where did you read that? Or
is it a typo?
> [chocoldap] looking for reply items in directory...
> [chocoldap] AlcSLAProfStr -> Alc-SLA-Pr
Hi!
I have a Problem using the ldap Module to search in the ldap Tree for a
specific Attribute Containing a (.
I am using FreeRadius (2.1.12) for 802.1X Authentification (EAP-TLS) which
is working fine. After successful EAP Authentication, I want to check if the
User has an Entry in the LDAP:
Du
On Wed, Aug 29, 2012 at 9:10 PM, Antonio Modesto
wrote:
> Hi,
>
> Today I'm rotating my log files with a script that runs every night, the
> problem is that it must stop the radiusd process, rename the file, create a
> new one then start radiusd again. Is there a way to do that transparently?
> Vi
Access-Accept of id 62 to 127.0.0.1 port 43501
Alc-SLA-Prof-Str = "sla-profile2"
Alc-Subsc-Prof-Str = "sub-profile1"
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/wol
+- entering group pre-proxy {...}
[pre_proxy_log] expand:
/var/log/freeradius
On 29 Aug 2012, at 15:10, Antonio Modesto wrote:
> Hi,
>
> Today I'm rotating my log files with a script that runs every night, the
> problem is that it must stop the radiusd process, rename the file, create a
> new one then start radiusd again. Is there a way to do that transparently?
> Via
Hi,
Today I'm rotating my log files with a script that runs every night, the
problem is that it must stop the radiusd process, rename the file, create a
new one then start radiusd again. Is there a way to do that transparently?
Via syslog or something else?
Regards.
-
List info/subscribe/unsubsc
Zakrocki, Robert wrote:
> Our freeradius setup works perfect with Aerohive hardware but
> unfortunately it doesn't work with Nortel.
As always, see the FAQ for "it doesn't work".
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dear list,
We have rather strange problem with Nortel hardware and freeradius.
We run freeradius-2.1.12-3 on Red Hat 6 in our organization. Our setup is as
follows:
We have two type of wireless hardware Nortel and Aerohive.
We have two radius servers. Windows Radius which is connected to AD a
Le 29/08/2012 11:58, BILLOT a écrit :
Le 29/08/2012 11:16, Fajar A. Nugraha a écrit :
Here is an extract of data sent to radius
NAS-IP-Address = 172.21.175.129
NAS-Identifier = "hello"
NAS-Port = 0
Called-Station-Id = "2C-B0-5D-A4-52-52:WIFI-ELEVES"
Calli
On 29 Aug 2012, at 10:58, BILLOT wrote:
> Le 29/08/2012 11:16, Fajar A. Nugraha a écrit :
>> On Wed, Aug 29, 2012 at 3:22 PM, BILLOT
>> wrote:
>>> Hi,
>>>
>>> Is there any way to use virtual servs depending on client VLAN ?
>>> I mean :
>>>
>>> If packet arrive with VLAN1 then use virtual ser
Le 29/08/2012 11:16, Fajar A. Nugraha a écrit :
On Wed, Aug 29, 2012 at 3:22 PM, BILLOT
wrote:
Hi,
Is there any way to use virtual servs depending on client VLAN ?
I mean :
If packet arrive with VLAN1 then use virtual server 1
If packet arrive with VLAN2 then use virtual server 2
Just to cla
On Wed, Aug 29, 2012 at 3:22 PM, BILLOT
wrote:
> Hi,
>
> Is there any way to use virtual servs depending on client VLAN ?
> I mean :
>
> If packet arrive with VLAN1 then use virtual server 1
> If packet arrive with VLAN2 then use virtual server 2
Just to clarify: by "client" here do you mean "NAS
On Wed, Aug 29, 2012 at 3:46 PM, BILLOT
wrote:
>> (2) If the request is plain PAP/MSCHAP, you should be able to tell the
>> default virtual server to proxy it to another virtual server using
>> unlang and Proxy-To-Realm
>
> It is. (EAP/TTLS with PAP) I can't see what you mean here.
proxy.conf sa
Le 29/08/2012 10:58, Alan DeKok a écrit :
BILLOT wrote:
Is there any way to use virtual servs depending on client VLAN ?
RADIUS is IP based, not VLAN based. Packets don't arrive on different
VLANs. They arrive on different IPs.
Thanks. I can also use different ports, i only need NAS that c
Le 29/08/2012 10:36, Fajar A. Nugraha a écrit :
(3) use the same virtual server, but do selective processing (with
unlang) based on some attributes that the NAS sends. e.g. if an
attribute has value A, call module sql1, while if the value is B, call
module sql2.
Actually i'm not sure that all
On 29 Aug 2012, at 09:22, BILLOT wrote:
> Hi,
>
> Is there any way to use virtual servs depending on client VLAN ?
> I mean :
>
> If packet arrive with VLAN1 then use virtual server 1
> If packet arrive with VLAN2 then use virtual server 2
Yes, bind the virtual servers to IP interfaces on tho
BILLOT wrote:
> Is there any way to use virtual servs depending on client VLAN ?
RADIUS is IP based, not VLAN based. Packets don't arrive on different
VLANs. They arrive on different IPs.
> I mean :
>
> If packet arrive with VLAN1 then use virtual server 1
> If packet arrive with VLAN2 then
Hi,
Thanks for reply.
Depends.
One of the following should be applicable
(1) If the NAS is different (i.e. each VLAN has its own NAS), you can
take a look at raddb/sites-available/dynamic-clients. Basically it can
choose a virtual server based on Packet-Src-IP-Address attribute (i.e.
the NAS
On Wed, Aug 29, 2012 at 3:22 PM, BILLOT
wrote:
> Hi,
>
> Is there any way to use virtual servs depending on client VLAN ?
> I mean :
>
> If packet arrive with VLAN1 then use virtual server 1
> If packet arrive with VLAN2 then use virtual server 2
Depends.
One of the following should be applicabl
On 08/28/2012 05:26 PM, Matthias Nagel wrote:
is incomplete, i.e. it only has as start time. The latter never will
be completed, because the stop message has already been processed and
acknowledged to the authenticator.
Aside from anything else - you need to handle this case. Accounting is
UD
Hi,
Is there any way to use virtual servs depending on client VLAN ?
I mean :
If packet arrive with VLAN1 then use virtual server 1
If packet arrive with VLAN2 then use virtual server 2
BR,
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
George Innocent wrote:
> I have this set
No, you don't.
The problem here is not the server. The server produces messages any
reasonable person will understand. The problem here is not the
documentation. The documentation describes clearly how to solve the
problems you see. The problem her
On Wed, Aug 29, 2012 at 2:38 PM, George Innocent
wrote:
> The errors are for the NAS i have; i also have servers that are
> authenticated by the radius
(sigh)
are you REALLY interested in solving your problem?
If yes, then please read the wiki link. It's unlikely anyone will be
able to help you
The errors are for the NAS i have; i also have servers that are
authenticated by the radius
Rgds
On Wed, Aug 29, 2012 at 10:24 AM, Fajar A. Nugraha wrote:
> On Wed, Aug 29, 2012 at 2:09 PM, George Innocent
> wrote:
> > Hi:
> >
> > I'm able to Log in to the servers but on the Nodes with failure
On Wed, Aug 29, 2012 at 2:23 PM, George Innocent
wrote:
> I have this set
http://wiki.freeradius.org/FAQ#It-still-doesn%27t-work%21
--
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Wed, Aug 29, 2012 at 2:09 PM, George Innocent
wrote:
> Hi:
>
> I'm able to Log in to the servers but on the Nodes with failure i have i get
> the following logs.
What does that mean? Do you have centralized authentication with
pam_radius or similar?
>
> +[logintime] returns noop
> [pap] WARNI
I have this set
On Wed, Aug 29, 2012 at 10:15 AM, Arran Cudbard-Bell <
a.cudba...@freeradius.org> wrote:
>
> On 29 Aug 2012, at 08:09, George Innocent
> wrote:
>
> > Hi:
> >
> > I'm able to Log in to the servers but on the Nodes with failure i have i
> get the following logs.
> >
> > +[logintime
On 29 Aug 2012, at 08:09, George Innocent wrote:
> Hi:
>
> I'm able to Log in to the servers but on the Nodes with failure i have i get
> the following logs.
>
> +[logintime] returns noop
> [pap] WARNING! No "known good" password found for the user. Authentication
> may fail because of this
40 matches
Mail list logo
