Tomas Hoger wrote:
> Hi Federico!
>
> Check default radiusd.conf and search for "realm" and "suffix". It
> looks like you're not calling rlm_realm in authorize.
Yes, that was the problem!
I thought that the realms were handled by some kind of internal magic.
We have a working FreeRADIUS 1.1.4 running since a lot of months.
Now we have to proxy the requests for a realm (gtenet.it) to a given
RADIUS server, but our server seems to ignore the proxy configuration!
I have set "proxy_requests = yes" and included the "proxy.conf" file
(I'm sure of these, l
Federico Giannici wrote:
> Alan DeKok wrote:
>> Federico Giannici wrote:
>>> Now we have to check every authentication against TWO different
>>> passwords (it's OK if ONE is matched). Something like setting two
>>> different and alternative "User-
Federico Giannici wrote:
> Federico Giannici wrote:
>> Alan DeKok wrote:
>>> Federico Giannici wrote:
>>>> Now we have to check every authentication against TWO different
>>>> passwords (it's OK if ONE is matched). Something like setting two
Unfortunately it works with PAP only!
With CHAP it gives me "rlm_chap: Clear text password not available"...
Any suggestion?
Thanks.
Federico Giannici wrote:
> SOLVED!
>
> In pairmake() I was using T_OP_CMP_EQ instead of T_OP_EQ (it worked with
> "U
SOLVED!
In pairmake() I was using T_OP_CMP_EQ instead of T_OP_EQ (it worked with
"User-Password"...).
Bye.
Federico Giannici wrote:
> Alan DeKok wrote:
>> Federico Giannici wrote:
>>> I have just upgraded from 1.1.2. to 1.1.4.
>>> Now I tried to convert
Alan DeKok wrote:
> Federico Giannici wrote:
>> I have just upgraded from 1.1.2. to 1.1.4.
>> Now I tried to convert my custom authorization module to use the
>> "Cleartext-Password" attribute instead of "User-Password" (my passwords
>> are in clear
hack (but if it works every
> time and is less complex than a failover implementation, is it bad?).
Well... this is a little more than "a bit of a hack".
It will work with clear-text authentication mechanisms only...
Bye.
> On 03/02/07, *Federico Giannici* <[EMAIL PROTEC
I have just upgraded from 1.1.2. to 1.1.4.
Now I tried to convert my custom authorization module to use the
"Cleartext-Password" attribute instead of "User-Password" (my passwords
are in clear-text).
I simply replaced the following command at the end of the authorization
routine of my module:
Alan DeKok wrote:
> Federico Giannici wrote:
>> Now we have to check every authentication against TWO different
>> passwords (it's OK if ONE is matched). Something like setting two
>> different and alternative "User-Password" attributes...
>
> Sort o
We are currently using FreeRADIUS 1.1.2 since a lot of months (with a
custom module to retrieve and record data from/to our database and
perform custom things).
Now we have to check every authentication against TWO different
passwords (it's OK if ONE is matched). Something like setting two
dif
I have a couple of questions about the FreeRADIUS logging:
1) Looking at the source code, I found that in order to send the logs to
the syslog I have to set "logdir = syslog" in the config file, but I
have found no way to set the syslog facility from the config file.
Is it possible to set it onl
Alan DeKok wrote:
Federico Giannici <[EMAIL PROTECTED]> wrote:
Hummm...
Do you want to remove only the "after" option (the real hack) or the
entire command?
Both. The "after" thing runs the packet through the server twice,
which is problematic. The "low
Alan DeKok wrote:
Federico Giannici <[EMAIL PROTECTED]> wrote:
I have noticed that the "lower_pass = after" configuration command is
implemented simply executing a second time the entire sequence of
authorization/authentication operations.
Yes. The feature is a hack, and s
I am compiling FreeRADIUS without shared libraries (--disable-shared)
because there are problems under OpenBSD i386 3.3.
I have noticed that, even if I disabled a lot of modules
(--without-rlm_krb5, --without-rlm_eap, --without-rlm_pam,
--without-rlm_sql, --without-rlm_ldap, --without-rlm_always,
-
I have noticed that the "lower_pass = after" configuration command is
implemented simply executing a second time the entire sequence of
authorization/authentication operations.
I think this is not a good thing, for a couple of reasons:
1) The operation is logged two times: first the failure and
Alan DeKok wrote:
Federico Giannici <[EMAIL PROTECTED]> wrote:
I tried to use "--with-rlm_MYMODULENAME" in configure, but it has no
effect if my module isn't in "stable"!
So submit a patch for configure.in.
Unfortunately I don't know almost anything about
Alan DeKok wrote:
Federico Giannici <[EMAIL PROTECTED]> wrote:
My first question is: what is the supposed way to add a custom module to
the list of the compiled ones?
The list of modules to compile is in the top-level "Make.inc" file.
OK, but it seems to be created by the &q
Any other hints?
Thanks.
--- Federico Giannici <[EMAIL PROTECTED]> wrote:
We need a complex authorization process that take
complex decisions
based on various condition and SQL data. So we need
to create a custom
module.
We think that we'll start modifying the sql module
as a starting poin
We need a complex authorization process that take complex decisions
based on various condition and SQL data. So we need to create a custom
module.
We think that we'll start modifying the sql module as a starting point.
My first question is: what is the supposed way to add a custom module to
th
20 matches
Mail list logo