On 2 Jul 2013, at 07:18, Phil Mayers wrote:
> On 07/02/2013 02:30 AM, Matt Zagrabelny wrote:
>
>> If a user is not in the secret group, then their login should fail if
>> the Vendor-3076-Attr-146 = 0x554d44 pair is in the request.
>
> This is pretty easy:
>
> authorize {
> ...
> if (Vendor-
On 01.07.2013 18:34, Alan DeKok wrote:
It's not possible for one proxy radius to send request to different EAP
SIM/EAP AKA radius server (based on certain criteria) ?
When you're proxying an EAP packet, the ONLY criteria you have is the
EAP identity. You do NOT have the EAP type available.
On 07/02/2013 02:30 AM, Matt Zagrabelny wrote:
If a user is not in the secret group, then their login should fail if
the Vendor-3076-Attr-146 = 0x554d44 pair is in the request.
This is pretty easy:
authorize {
...
if (Vendor-3076-Attr-146 == 0x554d44) {
if (SQL-Group == secret) {
Greetings!
Our Cisco VPN concentrator is sending some RADIUS attributes in the
request packet and if certain values appear, then I'd like to only
allow a subset of users to login.
I've looked at:
http://wiki.freeradius.org/SQL-Huntgroup-HOWTO/dbeef165862fe9ba7ef6f7d011889d1f7212cf9b
the SQL Hun
On Mon, Jul 1, 2013 at 3:30 PM, Arran Cudbard-Bell
wrote:
>
> On 1 Jul 2013, at 17:59, Matt Zagrabelny wrote:
>
>> Greetings,
>>
>> I am using a Pg datastore to hold authentication data and using the Pg
>> module for FR to hook into it.
>>
>> I am using a basic view for the radius_check table:
>>
On 1 Jul 2013, at 17:59, Matt Zagrabelny wrote:
> Greetings,
>
> I am using a Pg datastore to hold authentication data and using the Pg
> module for FR to hook into it.
>
> I am using a basic view for the radius_check table:
>
> # SELECT * from radius_check_users where username = 'mzagrabe';
Greetings,
I am using a Pg datastore to hold authentication data and using the Pg
module for FR to hook into it.
I am using a basic view for the radius_check table:
# SELECT * from radius_check_users where username = 'mzagrabe';
id | username | attribute| op | value
Ming-Ching Tiew wrote:
> If I understand you correctly, it means it is only possible to have ONE
> radius server which does EAP SIM/EAP AKA authentication in the entire
> chain of connections ?
No.
It means that you don't KNOW it's EAP-SIM until after you decide to
proxy it.
> It's not possi
Hi,
> and this is the output from radius (ran as radiusd -X)
> http://pastebin.com/MT0txW2c
please post to the list - avoids more work at this end.
the output shows this:
Found Auth-Type = LDAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group LDAP {...}
[ldap] logi
On 1 Jul 2013, at 12:27, Horatiu Nimigean wrote:
> Greetings.
> I have a problem with freeradius using ldap to auth, here are my system specs:
>
> Centos 6 64bit
> freeradius installed from repo
>> rpm -qa | grep -i freeradius
>> freeradius-ldap-2.1.12-4.el6_3.x86_64
>> freeradius-2.1.12-4.el6_
Greetings.
I have a problem with freeradius using ldap to auth, here are my system
specs:
Centos 6 64bit
freeradius installed from repo
rpm -qa | grep -i freeradius
freeradius-ldap-2.1.12-4.el6_3.x86_64
freeradius-2.1.12-4.el6_3.x86_64
freeradius-utils-2.1.12-4.el6_3.x86_64
ldap already up and
There is a clear distinction between the two cases.
First case: user record is found in users file:
rad_recv: Access-Request packet from host 192.168.2.1 port 2048, id=1,
length=215
[skipped]
+- entering group authorize {...}
[skipped]
[files] users: Matched entry
1510019760806...@wlan.mn
Jt Adrada Arrea Te tata art Rey sxhxgh gfgg the hggvbodfsx.vn
it it bbb ..# te
On 27 Jun 2013 15:31, wrote:
> Send Freeradius-Users mailing list submissions to
> freeradius-users@lists.freeradius.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>
If I understand you correctly, it means it is only possible to have ONE radius
server which does EAP SIM/EAP AKA authentication in the entire chain of
connections ?
It's not possible for one proxy radius to send request to different EAP SIM/EAP
AKA radius server (based on certain criteria) ?
-->I am wondering if it is possible to proxy EAP-SIM/EAP-AKA
authentication using FreeRadius ?
yes it is possible , but you have to make sure that all requests of an EAP
session are being entertain by the same server, ( as proxy can have
multipile freeradius servers), Read proxy.config, it hav
15 matches
Mail list logo