Re: How to fix the proxy source port

2013-04-29 Thread Okis Chuang
> Chuang Okis wrote: > > I think you misunderstanding my point a bit. Maybe I don't express it clear > enough. > > I only need fixing my *source port* instead of random port, I don't care IP > address at all. > > Ah, OK. > > > Actually, due to some maintenance issue, we want to know that could

Re: SQL and Huntgroups

2013-04-29 Thread Fajar A. Nugraha
On Tue, Apr 30, 2013 at 4:31 AM, Grégoire Leroy wrote: > Maybe I was not clear enough above. > > What I want is : > 1) Set the password for the user > 2) Authentication of the user > 3) X is always added to the reply if the user is authenticated > 4) Moreover, Y is added to the reply for NAS, stil

Re: redundant-load-balance for AD ntlmauth

2013-04-29 Thread FreeRadius List
Thank you I'll check with the samba people and get a better understanding of how ntlm_auth works. On 29 Apr 2013 13:58, "Alan DeKok" wrote: > FreeRadius List wrote: > > I use redundant-load-balance for ldap user auth to authenticate users to > > a pool of active directory servers for one service.

Re: SQL and Huntgroups

2013-04-29 Thread Grégoire Leroy
Hi, Le Monday 29 April 2013 20:30:15, a.l.m.bu...@lboro.ac.uk a écrit : > Hi, > > > The thing is, I don't know how many attributes I have. It could be > > 1, 4, 10 and not always the same. That's why I want to retrieve from > > the database the value, the op and the attribute. > > just use

Re: wireshart shows wrong information

2013-04-29 Thread A . L . M . Buxey
Hi, >Hi Alan, i m sorry i m sorry if i m not being clear enough, but please >consider the example from my last reply: ...you've written this 3 or 4 times. its clear. we see what you are saying but you are not taking the answers given to you. alan - List info/subscribe/unsubscribe? See ht

RE: wireshart shows wrong information

2013-04-29 Thread Juan Pablo L.
Hi Alan, i m sorry i m sorry if i m not being clear enough, but please consider the example from my last reply: this is the code in the module:pairadd(&request->reply->vps,pairmake("3GPP2-Prepaid-Acct-Quota-QuotaIDentifier","1", T_OP_EQ)); and this is what travels on the wire: subtype = 01 (3GP

Re: SQL and Huntgroups

2013-04-29 Thread A . L . M . Buxey
Hi, > The thing is, I don't know how many attributes I have. It could be > 1, 4, 10 and not always the same. That's why I want to retrieve from > the database the value, the op and the attribute. just use authorize_group_reply_query and the "groupreply_table = "radgroupreply"" part of sql.

Re: How to fix the proxy source port

2013-04-29 Thread Alan DeKok
Chuang Okis wrote: > I think you misunderstanding my point a bit. Maybe I don't express it clear > enough. > I only need fixing my *source port* instead of random port, I don't care IP > address at all. Ah, OK. > Actually, due to some maintenance issue, we want to know that could we fix > o

Re: Question about EAP-TTLS session resumption

2013-04-29 Thread David Bird
> The user 'bob' does not exist, so FreeRADIUS does the correct thing (i.e. > rejecting the user). This has not been in doubt at all. > Instantiate a new EAPTTLSAuthenticator() for each authentication session and you should be fine. The Authenticator class is there to maintain a context through

Re: Username with spaces (MySQL)

2013-04-29 Thread Andres Gomez Ruiz
Hi Guys, I have another Cuestion. How can I convert the username to UPPERCASE in the authorization section? Or how can I Authorize only the Username wittren in UPPERCASE? Thanks 2013/4/19 Andres Gomez Ruiz > Thanks a lot guys! > > Both methods work. Finally I used the regex in the Authorize s

RE: Question about EAP-TTLS session resumption

2013-04-29 Thread stefan.paetow
Thanks again for the confirmation, Alan. :-) Stefan -Original Message- From: freeradius-users-bounces+stefan.paetow=diamond.ac...@lists.freeradius.org [mailto:freeradius-users-bounces+stefan.paetow=diamond.ac...@lists.freeradius.org] On Behalf Of Alan DeKok Sent: 29 April 2013 15:35

Re: Question about EAP-TTLS session resumption

2013-04-29 Thread Alan DeKok
stefan.pae...@diamond.ac.uk wrote: > However, when you go to the bottom of the output, where the request for user > 'steve' (who is a valid user, and for whom a correct password was supplied) > is sent, the request fails. The session for 'steve' is partial and stops > prematurely, which leads me

Re: SQL and Huntgroups

2013-04-29 Thread gregoire . leroy
Hello, if (Huntgroup-Name == 'one_huntgroup_name') { update reply { attribute1 := "%{sql:SELECT blah blah} attribute2 := "%{sql:SELECT blah blah} attribute3 := "%{sql:SELECT blah blah} attribute4 := "%{sql:SELECT blah blah} } } The thing is, I d

Re: How to fix the proxy source port

2013-04-29 Thread Chuang Okis
I think you misunderstanding my point a bit. Maybe I don't express it clear enough. I only need fixing my *source port* instead of random port, I don't care IP address at all. Actually, due to some maintenance issue, we want to know that could we fix our arc port while our freeRADIUS AS A ROAM

Re: Grab request password with ASCII character

2013-04-29 Thread Alan DeKok
Mehdi Ravanbakhsh wrote: > first one that is not huge that is one NAS in local network . and i > have just 4 question in general and in all of them i read , test and try > by any document that be available for freeradius first. > > but if my question nuisance you , i apologize for that . Don'

Re: SQL and Huntgroups

2013-04-29 Thread A . L . M . Buxey
Hi, > The thing I want to be added by radius in the reply : > if (Huntgroup-Name == 'one_huntgroup_name') { >Attribute1 op1 value1 >Attribute2 op2 value2 >... >Attributei opi valuei > } > Given that Attribute,op,value 1...i are in the MySQL table. > if (Huntgroup-Name == 'one_hun

Re: SQL and Huntgroups

2013-04-29 Thread gregoire . leroy
For the step 4, I have to : 1) Retrieve the huntgroup 2) Compare it with what the user sends 3) If it matches, give him his specific statement. So, if I understand correctly in the authorize section, I have to maintain a radipusers table for my IP/users and do something like : 1) update request

Re: Grab request password with ASCII character

2013-04-29 Thread Mehdi Ravanbakhsh
dear A.L.M.Buxe first one that is not huge that is one NAS in local network . and i have just 4 question in general and in all of them i read , test and try by any document that be available for freeradius first. but if my question nuisance you , i apologize for that . On Mon, Apr 29, 2013

Re: Grab request password with ASCII character

2013-04-29 Thread A . L . M . Buxey
hi, are you one person or a while team? looking through my emails you have asked multiple questins every day. thsi seems like a big project you are tackling here but using the users mailing list for all your help/advice. thats abuse. alan - List info/subscribe/unsubscribe? See http://www.freer

Grab request password with ASCII character

2013-04-29 Thread Mehdi Ravanbakhsh
Hi Alll i need to Grab request password to insert in database if Cleartext-Password is "import" so i write this unlang script in authenticate section : Auth-Type PAP { pap { reject = 1 } if (reject) { if ("%{control:Cleartext-Password}"=

RE: Question about EAP-TTLS session resumption

2013-04-29 Thread stefan.paetow
Alan, The user 'bob' does not exist, so FreeRADIUS does the correct thing (i.e. rejecting the user). This has not been in doubt at all. However, when you go to the bottom of the output, where the request for user 'steve' (who is a valid user, and for whom a correct password was supplied) is s

Re: Question about EAP-TTLS session resumption

2013-04-29 Thread Alan DeKok
stefan.pae...@diamond.ac.uk wrote: > We're trying to put together an EAP-TTLS authentication solution with another > open-source authentication server (Jasig CAS). We've found that only the > first authentication process succeeds, but everything else after fails. In > order for us to pinpoint wh

Re: redundant-load-balance for AD ntlmauth

2013-04-29 Thread Alan DeKok
FreeRadius List wrote: > I use redundant-load-balance for ldap user auth to authenticate users to > a pool of active directory servers for one service. That seems to work well. Because the LDAP module maintains a long-lived connection to the LDAP server. > I'm trying to think why I don't do tha

Re: How to fix the proxy source port

2013-04-29 Thread Alan DeKok
Okis Chuang wrote: > Yeah…Actually I almost k knew it that I cannot achieve this hope > while seeing the document. Huh? You *can* set the source IP address. Go read the proxy.conf file. This is documented. In great detail. Including *how* to do it. If your proxy.conf doesn't have

Re: RADIUS server is dumping core

2013-04-29 Thread Alan DeKok
ramakrishna wrote: > I have not used any of the 1.x versions of freeradius. However I have > used 2.1.12 initially and finally migrated to 2.2. Could you please > lemme know how to trace any incompatibilities if any between the two > versions? My point was that's hard to do. Instead, ensure you

Question about EAP-TTLS session resumption

2013-04-29 Thread stefan.paetow
Hi, We're trying to put together an EAP-TTLS authentication solution with another open-source authentication server (Jasig CAS). We've found that only the first authentication process succeeds, but everything else after fails. In order for us to pinpoint whether this is a problem in the CAS so

redundant-load-balance for AD ntlmauth

2013-04-29 Thread FreeRadius List
Hello I use redundant-load-balance for ldap user auth to authenticate users to a pool of active directory servers for one service. That seems to work well. I'm trying to think why I don't do that for ntlmauth (used inside mschap inner-tunnel) for another other service. I've knocked that up to te

Re: RADIUS server is dumping core

2013-04-29 Thread Fajar A. Nugraha
On Mon, Apr 29, 2013 at 5:02 PM, ramakrishna wrote: > Also please find the attached file which has only memory access errors which > are leading to dump finally. Could you please suggest some way to get rid of > those errors? Have you tried installing on a fresh solaris box, or using prebuilt pac

RE: authentification ldap subgroup

2013-04-29 Thread REYNALD chekhina
I have found the solution just add this group membership filter in /etc/raddb/modules/ldap file. groupmembership_filter = "(&(objectcategory=group)(member:1.2.840.113556.1.4.1941:=%{control:Ldap-UserDn}))" From: tche...@hotmail.com To: freeradius-users@lists.freeradius.org Subject: authentificat

Re: RADIUS server is dumping core

2013-04-29 Thread ramakrishna
Hi Alan, Thanks for your suggestions. I have not used any of the 1.x versions of freeradius. However I have used 2.1.12 initially and finally migrated to 2.2. Could you please lemme know how to trace any incompatibilities if any between the two versions? Also please find the attached file which

Re: multiply Cisco-AVPair request attribute process by regular expression

2013-04-29 Thread A . L . M . Buxey
Hi, >i test it , but if i use Cisco-AVPair[0] and Cisco-AVPair[1] first one >and second one is not working. you need to check which attribute is which. >Do i need to to move them in some variable then use regular exertion >?(soothing like this) : > >value0 := %{Cisco-AVP

Re: question about freeradius

2013-04-29 Thread A . L . M . Buxey
Hi, >I am just wondering if I can use freeradius for hotspot and dial up >accounts on same box or does it have to be separate box for hotspot and >dial up accounts? that would depend on how you configured it and had each function isolated when not needing same resources etc. we use ou

Re: multiply Cisco-AVPair request attribute process by regular expression

2013-04-29 Thread Mehdi Ravanbakhsh
Dear Olivier thanks for your information On Mon, Apr 29, 2013 at 11:36 AM, Olivier Beytrison wrote: > On 28.04.2013 23:30, Mehdi Ravanbakhsh wrote: > > DearOlivier > > > > I am try to test it but why first one is working ?!!! do you check my > > regular expression in second one ? i do it co

Re: multiply Cisco-AVPair request attribute process by regular expression

2013-04-29 Thread Olivier Beytrison
On 28.04.2013 23:30, Mehdi Ravanbakhsh wrote: > DearOlivier > > I am try to test it but why first one is working ?!!! do you check my > regular expression in second one ? i do it correctly ? I'm quoting the man page. man unlang : %{Attribute-Name[index]} Reference the N'th occurance of the