Update: I tried connection from an XP laptop and got the message:
Windows was unable to find a certificate to log you on to the network
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi again.
Has anyone found a solution to this (always sending Access-Reject to
users not matching any group)?
Thanks!
Pe 15.01.2013 13:37, Bogdan Enache a scris:
Hi list,
I have managed to solve the last problem by replacing Group with
SQL-Group, like so:
DEFAULT SQL-Group == disabled,
Hi,
Update: I tried connection from an XP laptop and got the message:
Windows was unable to find a certificate to log you on to the network
Windows is telling you that its needing a certificate or doesnt know
the certificate. have you installed the CA certificate that your RADIUS
server is
Hi,
We want to force Session-Timeout for all our users. Authorization and
authentication are made by LDAP.
Is it possible to add Session-Timeout in a file or config file to apply
it to all our users ?
BR,
--
Emmanuel BILLOT
CATEL - Dpt. Système et Réseaux
Rectorat - Académie d'Orléans-Tours
Yes. You could do it simply with users file, use unlang in post-auth or add it
to LDAP as 3 places to start with (just one way is enough!) And you'll need to
ensure tour NAS kit follow/honours the value you provide. If you are proxying a
la eduroam then the remote site providing the service
Le 18/01/2013 12:26, Emmanuel BILLOT a écrit :
Hi,
We want to force Session-Timeout for all our users. Authorization
and authentication are made by LDAP.
Is it possible to add Session-Timeout in a file or config file to
apply it to all our users ?
BR,
More question about it :
I saw that
On 18.01.2013 12:26, Emmanuel BILLOT wrote:
Hi,
We want to force Session-Timeout for all our users. Authorization and
authentication are made by LDAP.
Is it possible to add Session-Timeout in a file or config file to apply
it to all our users ?
Add the following at the begining of the users
Beeblebrox wrote:
Update: I tried connection from an XP laptop and got the message:
Windows was unable to find a certificate to log you on to the network
You need to follow the documentation or you will be unsubscribed, and
banned from the list. 10+ years of experience shows us that this is
Emmanuel BILLOT wrote:
Ok, but i knew there was regular re-auth session to keep the connexion
alive, right ?
Maybe. It doesn't always happen.
If it is right, what could be the attribut to increase
interval between two checks ?
Nothing. The two authentications are *completely*
Hi,
I saw that interim-update was a partial report of what was done during
the session, fixed on interval for not losing all data if connexion fail
for accounting.
Ok, but i knew there was regular re-auth session to keep the connexion
alive, right ? If it is right, what could be the attribut
Le 18/01/2013 15:31, Alan DeKok a écrit :
Emmanuel BILLOT wrote:
Ok, but i knew there was regular re-auth session to keep the connexion
alive, right ?
Maybe. It doesn't always happen.
I don't understand, i thought it was fixed either by the server or by
the client ?
When looking at
: returned: 0
++[evdoesn] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -
/var/log/freeradius/radacct/10.55.42.32/auth-detail-20130118
[auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius
Joseph Showalter wrote:
What we would like to do is this:
Take this request:
User-Name = 6064191...@evdo.myawi.net
CHAP-Password = 0x59db2896a9629a7a1296e8e3dc7751da58
NAS-IP-Address = 10.130.2.1
CHAP-Challenge = 0x022074534be2e8405c867f676b46b432
Thanks so much for taking a look...
See comments below:
On Jan 18, 2013, at 3:04 PM, Alan DeKok al...@deployingradius.com
wrote:
Joseph wrote:
What we would like to do is this:
Take this request:
User-Name = 6064191...@evdo.myawi.net
CHAP-Password =
Joseph Showalter wrote:
Instead of using Chap which we are getting above, we want to use the
3GPP2-Attr-61 = 0x010600010209a029275c41 value which we can convert
to the device serial number.
OK.
In our DB we store the device serial number. The devices chap info most of
them time
On Jan 18, 2013, at 3:34 PM, Alan DeKok al...@deployingradius.com wrote:
authorize {
...
if (! %{sql:SELECT ... }) {
reject
}
Can I use a userdefined variable in the select statement that the EXEC perl
script returns:
I would like to use the User-Password
Dear Alan,
First off, thanks again for your help. I fully appreciate that you are
giving of your time to answer posts, when you really have no obligation
to do so. I know you are one of the developers or project leader since
your name keeps coming up on almost every web page that posts something
Joseph Showalter wrote:
Can I use a userdefined variable in the select statement that the EXEC perl
script returns:
Only if it's returned in the Perl script.
I would like to use the User-Password below:
[evdoesn] expand: %{User-Name} - 6064191...@evdo.myawi.net
Exec-Program output:
Beeblebrox wrote:
First off, thanks again for your help. I fully appreciate that you are
giving of your time to answer posts, when you really have no obligation
to do so. I know you are one of the developers or project leader since
your name keeps coming up on almost every web page that posts
Forget the user-password. You are not using it, you are trying to kludge it.
Just use the variable you have, or the facsimile you are making.
This is freeradius, there are at least a dozen ways of doing what you want,
Alan has given you a fine method
alan
-
List info/subscribe/unsubscribe?
...and then you did comment . And added more. It's open source and the
documentation and Wikipedia is there for everyone.e to contribute. Don't like
it? Feel free to show the world how you think it should look, or add the
missing bits you have discovered.
Unfortunately , what we get is
21 matches
Mail list logo