May 16 01:43:22 2010 : Info: Ready to process requests.
Thanks.
--- On Sat, 5/15/10, Alan DeKok wrote:
From: Alan DeKok
Subject: Re: COA default configuration...Need help to test radclient
To: "FreeRadius users mailing list"
Date: Saturday, May 15, 2010, 9:43 AM
Eric Martell
Hi Alan,
Thanks for the reply. Pardon my ignorance but as you mentioned I did not
find raddb/sites-available/coa.
In 2.1.8, there's an example CoA server in raddb/sites-available/coa
I only see,
# ls -lart sites-available/
total 124
-rw-r- 1 root root 2538 May 14 15:37 vmps
-rw-r---
Hi,
I am searching through the forum and did not got a right suggestion.
I am doing LDAP authentication and getting macaddress as User-Name in the
following format.
User-Name = "001e.5283.34aa"
I want to convert that to "001E528334AA" => convert to uppercase.and remove
the dots.
Is there
Hi
I am having similar problems like this thread
http://lists.freeradius.org/mailman/htdig/freeradius-users/2008-August/msg00273.html
Also I followed everything in http://wiki.freeradius.org/Rlm_perl
Here is my radiusd -X log.
Please let me know if I miss anything.
Thanks and Regards.
# ./rad
rench wrote:
> 2008/10/10 Eric Martell <[EMAIL PROTECTED]>:
>> Hi..
>> I searched thru the forums but not getting the right username after
using
>> regex.
>> The request I am getting is : [EMAIL PROTECTED] and I need to strip
everything
>> after @ and pass t
Hi..
I searched thru the forums but not getting the right username after using
regex.
The request I am getting is : [EMAIL PROTECTED] and I need to strip everything
after @ and pass the username as test.
I am using ldap for auth. This is the config I have in ldap.
if (User-Na
Thanks Ivan.
Not sure which file should I add the update reply? Getting familiar with unlang
so pardon my dumb questions.
I added in ldap.attrmap.
update reply {
rEntitlements -= entitlements
}
replyItem rEntitlements entitlements +=
is that right? Also you men
Ivan,
I told the management but looks like no go.
is there any way I can change the rlm_ldap.c?
I am not proficient in c, so might need additional help.
Or there are any other options.
Let me know.
Thanks in advance.
--- On Thu, 10/9/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
From: [E
Hi Ivan,
I agree with you. But I am reading those attributes from LDAP. In LDAP
"entitlements" attribute is defined as Multivalue (array). I can't not change
the existing LDAP structure.
I am mapping "entitlements" attribute from LDAP with the radius attribute
rEntitlements in the ldap.attrm
Subject: Re: Radius reply multivalue VSA question.
To: freeradius-users@lists.freeradius.org
Date: Wednesday, October 8, 2008, 7:18 PM
+=
http://wiki.freeradius.org/Operators
Ivan Kalik
Kalik Informatika ISP
Dana 8/10/2008, "Eric Martell" <[EMAIL PROTECTED]> piše:
>
Hi,
We are defining custom VSA's for our company. We have ldap configured in
freeradius which returns back the VSA's.
I defined custom VSA in
$freeradius/share/freeradius/dictionary.abc
ATTRIBUTE rEntitlements 113 string
entitlements is multivalue attribute (vARR
we see a request.
--- On Tue, 8/26/08, Alan DeKok <[EMAIL PROTECTED]> wrote:
From: Alan DeKok <[EMAIL PROTECTED]>
Subject: Re: Pop3 and LDAP authentication...Multiple radius servers
To: [EMAIL PROTECTED], "FreeRadius users mailing list"
Date: Tuesday, August 26, 2008, 12:00 PM
.
--- On Tue, 8/26/08, Alan DeKok <[EMAIL PROTECTED]> wrote:
From: Alan DeKok <[EMAIL PROTECTED]>
Subject: Re: Pop3 and LDAP authentication...Multiple radius servers
To: [EMAIL PROTECTED], "FreeRadius users mailing list"
Date: Tuesday, August 26, 2008, 11:13 AM
Eric Martel
k <[EMAIL PROTECTED]>
Subject: Re: Pop3 and LDAP authentication...Multiple radius servers
To: freeradius-users@lists.freeradius.org
Date: Monday, August 25, 2008, 1:39 PM
http://radiuswiki.suntel.com.tr/Proxy.conf
Ivan Kalik
Kalik Informatika ISP
Dana 25/8/2008, "Eric Martell" <[EMAIL PROTE
Hi,
We have radius server which is inhouse which does the LDAP authentication.
We got a new request from third party to do authentication for "their" users
using POP3.
So the request comes to radiusA (our inhouse radius).
If the user has realm as @xyz.net ..then we forward the request to thi
dn is not the uid as ldap tree is structured with roleid as dn and uid/did
is an attribute. Also changing ldap tree is not possible.
Please let me know.
Thanks in advance.
Alan DeKok <[EMAIL PROTECTED]> wrote: Eric Martell wrote:
>Can you please reply me about LDAP multiple att
titlements = "test1"
rCidx = "11"
>>>>>
Alan DeKok <[EMAIL PROTECTED]> wrote: Eric Martell wrote:
> I am using NTRadPing to test the authorization.
> I see in the log, radius attribute is mapped to ldap attribute and
> returning
, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type Accept
rad_check_password: Auth-Type = Accept, accepting the user
Login OK: [0014F846C199/] (from client samir port 0)
Sending Access-Accept of id 21 to 216.2.193.1 port 20070
rEntitlements = "test1"
Hi,
I mapped my ldap attribute in the ldap.attrmap file as
replyItem rCidx roleid
And in the dictionary file I mapped it as
ATTRIBUTE rCidx 3000string
I am using NTRadPing to test the authorization.
I see in the log, radius attrib
tiple resultset, gets the first result
>and returns success instead of sending reject.
>
>Please let me know if this is doable.
>
>Thanks and Regards.
>
>
>Ivan Kalik wrote: Your did needs to be a distinguished name.
>
>Ivan Kalik
>Kalik Informatika ISP
>
>
>D
ad of sending reject.
Please let me know if this is doable.
Thanks and Regards.
Ivan Kalik <[EMAIL PROTECTED]> wrote: Your did needs to be a distinguished name.
Ivan Kalik
Kalik Informatika ISP
Dana 26/3/2008, "Eric Martell" pi¹e:
>Hi Ivan,
> We have scenarios whe
Hi Ivan,
We have scenarios when one PC gets transfered to other user, we don't
delete the registered MAC address of the previous PC. The other new user still
able to register with the previous user's existing PC MAC address one more
time. Thus the scenario of duplicate entries in LDAP.
Ple
Hi Ivan,
Sorry to get back to you early as I did not had ldap access :(
After adding radiusAuthType on ONE uid it is working fine now.
But now the issue is, I have some cases where the MAC address are stored
multiple times in Ldap. Thus the ldap query is failing.
Please check the log below. C
> as devices - now make entries as users.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 20/3/2008, "Eric Martell"
> <[EMAIL PROTECTED]> pi¹e:
>
> >Hi Ivan,
> > Thanks for the response. I am newbie for
> freeradius.
> >Not
t; In mac authentication mac address is used as
> username. So you will have
> to create entries that have (only) username equal to
> mac address and
> radiusAuthType Accept.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 19/3/2008, "Eric Martell"
> &
Please let me know if this topic is already discussed
or has doc/wiki. If yes please guide me to the right
thread. Thanks.
We are going to use MACaddress as silent
authentication. When the users tries to connect to the
WIFI Access point, Aptilo Networks is going to send
MacAddress as User-Name att
--- [EMAIL PROTECTED] wrote:
> OK, so password is not in LDAP. Where is it then?
> Are you trying to
> accept users without passwords? Consider using a
> perl script to
> implement that logic and forget about LDAP module in
> Freeradius.
>
> Ivan Kalik
> Kalik Inf
help at this point.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>>
Assuming you are using a recent version of FreeRadius,
you can do one of
the following:
modules {
ldap {
...
set_auth_type = no
}
}
authorize {
preproc
Hi Alan,
Can you please help me out with the LDAP query? I
am still stuck with the issue.
Your response will be greatly appreciated.
Thanks and Regards,
Eric.
--- Alan DeKok <[EMAIL PROTECTED]> wrote:
> Phil Mayers wrote:
> > Slightly confusing, there are two ways to do this:
>
> This sho
Hi Phil,
Please let me know if you need more info. I am
still
stuck with the problem.
Thanks and Regards,
Eric.
--- Phil Mayers <[EMAIL PROTECTED]> wrote:
> >
> > rlm_ldap: user test1 authorized to use remote
> access
> > rlm_ldap: ldap_release_conn: Release Id: 0
> > modcall[authorize]: m
Hi Phil,
Here is the detail configs and logs. Please let me
know.
Thanks and Regards.
modules {
ldap {
server = "ldap://x:1389";
identity =
"uid=appuser,ou=appadm,o=entitlement"
password = **
basedn = "ou=roles
validate the user.
--- Phil Mayers <[EMAIL PROTECTED]> wrote:
> Eric Martell wrote:
> > Hi Phil,
> > I installed the latest freeradius-1.1.7. I put
> the
> > line
> >>> set_auth_type = no in ldap module
> > to ignore the authentication.
ease let me know if I am missing something.
Thanks and Regards,
Eric.
--- Eric Martell <[EMAIL PROTECTED]> wrote:
> Thanks so much Phil. I am using freeradius-1.0.4
>
> I am going to install the latest version and will
> try
> your suggestion.
>
> Thanks and
turn whatever the first result.
rlm_ldap: performing search in dc=eng,dc=com, with
filter (&(uid=test1)(phone=1231313128))
rlm_ldap: object not found or got ambiguous search
result
rlm_ldap: search failed
Please help.
Thanks and Regards,
Eric.
--- Eric Martell <[EMAIL PROTECTED]> wr
Thanks so much Phil. I am using freeradius-1.0.4
I am going to install the latest version and will try
your suggestion.
Thanks and Regards.
Eric.
--- Phil Mayers <[EMAIL PROTECTED]> wrote:
> Eric Martell wrote:
> > Hi,
> > Is it possible to altogether avoid authenti
I am extremely sorry. Looks like it created new thread
with same title.
Really apologized. Admin's please merge the thread.
Eric.
--- Eric Martell <[EMAIL PROTECTED]> wrote:
> Hi,
> Is it possible to altogether avoid authenticate
> section and just do ldap lookups in the
word which we don't have.
I also tried in users file
Ldap-UserDN := `cn=Manager,dc=eng,dc=com/answer2`
But for some reason it is not working.
Please help.
Let me know if you need more information or please
guide me to any documentation.
Thanks and Regards,
Eric.
--- Eric Martell &l
I am little bit confused as how to configure
radiusd.conf in the authorize and/or authenticate
section. So password is going to act like ldap
attribute.
We are going to pass, username and ldap attribute
(home phone #) as input for each user.
The way it is configured now is in the modules,
ldap {
I will be really appreciated if someone points me to
the right direction or archive of the thread.
Thanks in advance.
Regards.
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
-
List info/s
Hi,
We are trying to use LDAP group for authentication
and authorization.
Ldap1 => baseDN = "dc=user,dc=net,o=internet"
This Ldap1 will have users and passwords store in it
along with profile.
Ldap2 => baseDN = "dc=role,dc=system,o=internet"
This Ldap2 will have only users and associated roles
Thanks Alan.
I figured it out. It should be
ldap2 {
notfound = reject
}
as ldap2 is returning notfound status.
Thanks so much again.
--- Alan DeKok <[EMAIL PROTECTED]> wrote:
> Eric Martell <[EMAIL PROTECTED]> wrote:
> > Thanks so much Neal. You got it 95% right.
Thanks so much Neal. You got it 95% right. The problem
is FreeRadius always authorize first (no matter what
the order in radiusd.conf) and then authenticate.
authorize {
.
.
.
ldap2
}
authenticate {
.
.
.
ldap1
}
So if the user fails in ld
Hi...
I need to do multiple ldap lookups (2).. The
purpose of both the ldaps are different so it does not
abide with configurable_failover scenario in a way.
ldap1.
This ldap is solely used for authentication for
given user.
ldap2.
This ldap is solely used for checking ldap attribute
ex.
43 matches
Mail list logo
