[EMAIL PROTECTED] wrote:
>
> I cant see WHY the VLAN info needs to reach other sites at all...perhaps
> the National Proxy should be stripping out such things? anyway, if memory
>
Alan,
your logic sounds fine but it has two flaws:
1. you should not depend on someone whom you cannot control to
Is it possible to delete entire attributes with rlm_attr_rewrite?
Tomasz
--
Tomasz Wolniewicz
[EMAIL PROTECTED]http://www.uni.torun.pl/~twoln
Uczelniane Centrum Informatyczne Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copern
Alan DeKok wrote:
> Can you not key off of the NAS information, and *not* add VLAN data,
> then?
>
>
I am not sure what you mean by that. Using NAS information is the only
thing that came to our minds, that is we create a large hunt group
containing all local NASes and add VLAN data only when th
Alan DeKok napisaĆ(a):
> Tomasz Wolniewicz <[EMAIL PROTECTED]> wrote:
>
>> Our university radius server sets VLAN information based on user
>> attributes form the LDAP directory.
>> This works fine when the system is used internally. However when our
>> user
and a mess to
administer.
Is there a better trick to solve this?
Tomasz
-- Tomasz Wolniewicz [EMAIL PROTECTED]
http://www.uni.torun.pl/~twoln Uczelniane Centrum Informatyczne
Information&Communication Technology Centre Uniwersytet Mikolaja
Kopernika Nicolaus Copernicus University, pl. Rapackie
and from what I have found there I
would guess that the first 4 bytes of the Vendor-Specific value should be
the Vendor-Id. But this seems strange that these Ids should be so high and
that they should be different. Am I missinterpreting something?
Tomasz
--
Tomasz Wolniewicz
[EMAIL PR
il.yahoo.com
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Tomasz Wolniewicz
[EMAIL PROTECTED]http://www.uni.torun.pl/~twoln
Uczelniane Centrum Informatyczne Information&Communication Technology Centre
Uniwersy
go?
Tomasz
On Wed, Dec 22, 2004 at 11:14:31AM -0500, Alan DeKok wrote:
> Tomasz Wolniewicz <[EMAIL PROTECTED]> wrote:
> > Does someone have an idea how to switch off LDAP for processing of the
> > outer part of the EAP-TTLS message?
>
> Put ldap into an Atz-Type bloc
whenever eap returns updated, unfortunately this does not work with
TTLS in which case the outer identity is THE one that we are interested in.
Does someone have an idea how to switch off LDAP for processing of the
outer part of the EAP-TTLS message?
Tomasz
--
Tomasz Wolniewicz
[EMAIL
. All other
attributes should go through unmodified.
It would seem natural to have directives saying what to do with attributes
not mentioned on the list - delete or send through.
Perhaps such mechanism is actually present?
Yours
Tomasz
--
Tomasz Wolniewicz
[EMAIL PROTECTED
it to NULL or something could be acceptable.
Yours
Tomasz
On Tue, Nov 30, 2004 at 01:40:26PM +0200, Kostas Kalevras wrote:
> On Tue, 30 Nov 2004, Tomasz Wolniewicz wrote:
>
> >I am using the groupmembership_attribute to add users to certain groups,
> >unfortunately rlm_ldap
groupmembership_filter to (objecClass = nosuchclass), this way with
indexing over the object class the negative reply to this search should be
quick enough, but still I would prefer to simply save this extra call.
Perhaps there is some way that I have overlooked?
Yours
Tomasz
--
Tomasz Wolniewicz
[EMAIL
lto:[EMAIL PROTECTED] On
> > Behalf Of Tomasz Wolniewicz
> > Sent: Tuesday, July 13, 2004 21:30
> > To: [EMAIL PROTECTED]
> > Subject: EAP-TTLS proxying
> >
> >
> > I hope this is not a totally stupid question.
> > Suppose a user [EMAIL PROTECTED]
I hope this is not a totally stupid question.
Suppose a user [EMAIL PROTECTED] wants to access the network at org-2 by
authenticating at org-1 via the proxy mechanism.
Suppose we want to use PAP-TTLS.
It would seem natural that the proxying is done on the basis of the outer
identity and the tunne
14 matches
Mail list logo