Proxying doesn't work!

We have a working FreeRADIUS 1.1.4 running since a lot of months. Now we have to proxy the requests for a realm (gtenet.it) to a given RADIUS server, but our server seems to ignore the proxy configuration! I have set proxy_requests = yes and included the proxy.conf file (I'm sure of these,

Re: Proxying doesn't work!

Tomas Hoger wrote: Hi Federico! Check default radiusd.conf and search for realm and suffix. It looks like you're not calling rlm_realm in authorize. Yes, that was the problem! I thought that the realms were handled by some kind of internal magic... Thanks. On 7/11/07, Federico Giannici

Re: Usage of Cleartext-Password

Alan DeKok wrote: Federico Giannici wrote: I have just upgraded from 1.1.2. to 1.1.4. Now I tried to convert my custom authorization module to use the Cleartext-Password attribute instead of User-Password (my passwords are in clear-text). ... But the daemon started to give Login incorrect

Re: Usage of Cleartext-Password

SOLVED! In pairmake() I was using T_OP_CMP_EQ instead of T_OP_EQ (it worked with User-Password...). Bye. Federico Giannici wrote: Alan DeKok wrote: Federico Giannici wrote: I have just upgraded from 1.1.2. to 1.1.4. Now I tried to convert my custom authorization module to use

Re: Usage of Cleartext-Password

Unfortunately it works with PAP only! With CHAP it gives me rlm_chap: Clear text password not available... Any suggestion? Thanks. Federico Giannici wrote: SOLVED! In pairmake() I was using T_OP_CMP_EQ instead of T_OP_EQ (it worked with User-Password...). Bye. Federico

Re: Check against TWO possible password?

Federico Giannici wrote: Federico Giannici wrote: Alan DeKok wrote: Federico Giannici wrote: Now we have to check every authentication against TWO different passwords (it's OK if ONE is matched). Something like setting two different and alternative User-Password attributes... Sort

Re: Check against TWO possible password?

Federico Giannici wrote: Alan DeKok wrote: Federico Giannici wrote: Now we have to check every authentication against TWO different passwords (it's OK if ONE is matched). Something like setting two different and alternative User-Password attributes... Sort of. See doc

Check against TWO possible password?

We are currently using FreeRADIUS 1.1.2 since a lot of months (with a custom module to retrieve and record data from/to our database and perform custom things). Now we have to check every authentication against TWO different passwords (it's OK if ONE is matched). Something like setting two

Re: Check against TWO possible password?

Alan DeKok wrote: Federico Giannici wrote: Now we have to check every authentication against TWO different passwords (it's OK if ONE is matched). Something like setting two different and alternative User-Password attributes... Sort of. See doc/configurable_failover. I read it, but I'm

Usage of Cleartext-Password

I have just upgraded from 1.1.2. to 1.1.4. Now I tried to convert my custom authorization module to use the Cleartext-Password attribute instead of User-Password (my passwords are in clear-text). I simply replaced the following command at the end of the authorization routine of my module:

Re: Check against TWO possible password?

every time and is less complex than a failover implementation, is it bad?). Well... this is a little more than a bit of a hack. It will work with clear-text authentication mechanisms only... Bye. On 03/02/07, *Federico Giannici* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Alan

Logging questions

I have a couple of questions about the FreeRADIUS logging: 1) Looking at the source code, I found that in order to send the logs to the syslog I have to set logdir = syslog in the config file, but I have found no way to set the syslog facility from the config file. Is it possible to set it only

Re: lower_pass = after problems

Alan DeKok wrote: Federico Giannici [EMAIL PROTECTED] wrote: I have noticed that the lower_pass = after configuration command is implemented simply executing a second time the entire sequence of authorization/authentication operations. Yes. The feature is a hack, and should be removed from

Re: Creating a custom module

Alan DeKok wrote: Federico Giannici [EMAIL PROTECTED] wrote: My first question is: what is the supposed way to add a custom module to the list of the compiled ones? The list of modules to compile is in the top-level Make.inc file. OK, but it seems to be created by the configure script based

Re: Creating a custom module

Alan DeKok wrote: Federico Giannici [EMAIL PROTECTED] wrote: I tried to use --with-rlm_MYMODULENAME in configure, but it has no effect if my module isn't in stable! So submit a patch for configure.in. Unfortunately I don't know almost anything about autoconf. I hoped someone else would have

lower_pass = after problems

I have noticed that the lower_pass = after configuration command is implemented simply executing a second time the entire sequence of authorization/authentication operations. I think this is not a good thing, for a couple of reasons: 1) The operation is logged two times: first the failure and

Creating a custom module

We need a complex authorization process that take complex decisions based on various condition and SQL data. So we need to create a custom module. We think that we'll start modifying the sql module as a starting point. My first question is: what is the supposed way to add a custom module to

Re: Creating a custom module

module and used it as a skeleton for my new module. Looking around, I have found the stable file in the src/modules directory and added the name of my module at the end of the file. It seems to be sufficient to make my module compiled into the server. Any other hints? Thanks. --- Federico