Re: rlm_passwd help

2013-04-16 Thread David Brodrick
Hi, I got there. I added authtype = PAP to the passwd module configuration and then DEFAULT Auth-Type = PAP to users. I had tried this earlier but there was a trailing delimiter in the local password file which wasn't in the format and this seems to have caused the password verification to fa

rlm_passwd help

2013-04-16 Thread David Brodrick
Hi, We're experimenting with freeradius for authenticating users in a custom application. It was straightforward to get this authenticating against the OS: DEFAULT Auth-Type = System But what we want to do is maintain a list of usernames and crypt passwords in an external file, separate to

Re: Setting different IDLE-TIMEOUTS based on IP Address

2013-04-16 Thread Matthew Newton
On Tue, Apr 16, 2013 at 10:39:18PM +0100, a.l.m.bu...@lboro.ac.uk wrote: > >client 10.3.99.0/24 { > >secret = XX > >shortname = SNJ 7000 Switches > >} > > I'd use "%{client:shortname}" eg > > if ("%{client:shortname}" == "MSP 7345's") { > u

Re: Setting different IDLE-TIMEOUTS based on IP Address

2013-04-16 Thread A . L . M . Buxey
Hi, >For examples this is what we have in our clients config file now (with our >internal IP's changed for obfuscation's sake): > >client 10.99.3.0/24 { >secret =XXX >shortname = MSP 7345's >} > >client 10.3.99.0/24 { >

Re: OCSP parsing in client certificate

2013-04-16 Thread Matthew Newton
On Tue, Apr 16, 2013 at 04:30:18PM -0400, Alan DeKok wrote: > Beltramini Francesco wrote: > > but when I try to remove this feature and use the OCSP > > property extracted from the client certificate, the radiusd -X > > output is: > > > > [tls] --> Starting OCSP Request > > [ocsp] --> Responder UR

Re: Setting different IDLE-TIMEOUTS based on IP Address

2013-04-16 Thread Matthew Newton
Hi, On Tue, Apr 16, 2013 at 02:05:45PM -0500, John Giordano wrote: > So I man’ed unlang and then did some more reading on huntgroups > and the users file. If at all possible I think we would opt for > a combo of the huntgroups/users file approach. I am still not > clear as to how we would do thi

Re: OCSP parsing in client certificate

2013-04-16 Thread Alan DeKok
Beltramini Francesco wrote: > I have a small/big issue and I cannot find a good solution for that. > Scenario: > iPhones with certificates from internal PKI, joining a Wi-Fi network > protected by WPA2-Enterprise authenticating against a Freeradius server v. > 2.1.12 (Redhat 6.3). ... > but whe

Re: Setting different IDLE-TIMEOUTS based on IP Address

2013-04-16 Thread Alan DeKok
John Giordano wrote: > Could you please speak to the interrelationship between the clients file > and the huntgroups file? The clients.conf file defines IP, secret, "type", etc. for the NASes. The huntgroups file allows you to put clients into logical groups. > These are the two different eq

RE: Setting different IDLE-TIMEOUTS based on IP Address

2013-04-16 Thread John Giordano
Alan, Interesting… So I man’ed unlang and then did some more reading on huntgroups and the users file. If at all possible I think we would opt for a combo of the huntgroups/users file approach. I am still not clear as to how we would do this though…. Could you please speak to the interrela

Re: Setting different IDLE-TIMEOUTS based on IP Address

2013-04-16 Thread Alan Buxey
If your NAS can take such a value then it can be assigned. Either via eg users file and huntgroup or via eg unlang if(%{NAS-Ip-Address} == "192.168.1.1") { update reply { Attribute = XYZ } } ..'man unlang' for more info alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/

Re: Volume Control

2013-04-16 Thread Alan DeKok
Russell Mike wrote: > Dear Alan D. I may create a new rule. People who address mail to me personally get unsubscribed. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Setting different IDLE-TIMEOUTS based on IP Address

2013-04-16 Thread John Giordano
Hi, So I have done a fair amount of RTFM'ing and search engining but am stumped. Perhaps someone on this list has successfully done what we are trying to do: Have our FreeRADIUS Server assign a different IDLE-TIMEOUT Value based on what IP Address is contacting the RADIUS server. OS: CentOS 5.

Re: Volume Control

2013-04-16 Thread Arran Cudbard-Bell
> What Freeraidus is using currently as to keep track. Is it 64bit or 32bit. FreeRADIUS makes liberal use of 64bit data types. -Arran Arran Cudbard-Bell FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Volume Control

2013-04-16 Thread Russell Mike
Dear Alan D. What Freeraidus is using currently as to keep track. Is it 64bit or 32bit. Thanks / Regards - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

unsubscribe

2013-04-16 Thread Julson, Jim
Jim C. Julson Sr. Network & Systems Administrator C 208.995.3297 jjul...@marketron.com [www.marketron.com] The information contained in this e-mail message may be confidential and protected from disclosure. If yo

OCSP parsing in client certificate

2013-04-16 Thread Beltramini Francesco
Dear all, I have a small/big issue and I cannot find a good solution for that. Scenario: iPhones with certificates from internal PKI, joining a Wi-Fi network protected by WPA2-Enterprise authenticating against a Freeradius server v. 2.1.12 (Redhat 6.3). The radius server has as well an interna