RE: Help about debug mode and python

Thank you for the answer, it's was helpful :-) Vlad. -Original Message- From: freeradius-users-bounces+kolla=netxp...@lists.freeradius.org [mailto:freeradius-users-bounces+kolla=netxp...@lists.freeradius.org] On Behalf Of Alan DeKok Sent: mercredi 16 mai 2012 08:49 To: FreeRadius users

Help about debug mode and python

Hi, Thank you for your presentation at OSSIR today. As said, I've a technical question about the debug mode and Python. We are using python with "LD_PRELOAD=/usr/lib/python2.6.so.1" in /etc/init.d/freeradius file But when we start FreeRadius in debug mode, it seems that the parameter is bypasse

Re: Issue with installation of FreeRadiusServer (2.1.11) on Solaris

I do have freeradius installation on sparc solaris 10 and have no problems with compiling it: # export PATH=$PATH:/usr/sbin:/usr/bin:/opt/csw/bin:/usr/sbin:/usr/bin:/usr/dt/bin:/usr/openwin/bin:/usr/ccs/bin:/usr/local/bin:/usr/sfw/bin # export LDFLAGS='-fPIC -mimpure-text -L/usr/sfw/lib -R/usr/s

freeradius performance testing with seagull

valid signature! (Shared secret is incorrect.) Dropping packet without response. I try next scenario . . -- Vladimir Romanov - List info/subs

Re: LDAP auth in two sources

On Fri, 27 Nov 2009 14:57:44 - (UTC) t...@kalik.net wrote: > Remove tam and lotus from authorize section of default > virtual server - > you are not authorizing anything just doing > authentication. Instead just > put that line at the top of the users file and enable > files in authorize. OK.

Re: LDAP auth in two sources

On Thu, 26 Nov 2009 18:21:29 - (UTC) t...@kalik.net wrote: > > As i doesn't have any other auth rather LDAP it is done > > automatically. I hope so. ;-) > > Enable files (and comment out ldap entries) and put: > > DEFAULT Auth-Type := tam > > at the top of the users file. That's much cheap

Re: LDAP auth in two sources

On Wed, 25 Nov 2009 19:51:34 - (UTC) t...@kalik.net wrote: Thank you foк the reply. > > radiusd: FreeRADIUS Version 1.1.3, for host > > x86_64-redhat-linux-gnu, built on Apr 25 2007 at > 09:04:23 > > Upgrade. > > http://wiki.freeradius.org/Red_Hat_FAQ#Current_Pre-built_RPM.27s_for_RHEL_5_

LDAP auth in two sources

Hello! radiusd: FreeRADIUS Version 1.1.3, for host x86_64-redhat-linux-gnu, built on Apr 25 2007 at 09:04:23 I need to make an authorization of some RADIUS clients in LDAP by RADIUS. Clients need only to check passwords. I can check this in ONE LDAP server at a time without problems. It's work fi

Re: logging of tls logons

> So, how can I get in logs exactly common names? As I understand, only way to do it is check_cert_cn = %{User-Name} in eap.conf? -- Vladimir Vassiliev <[EMAIL PROTECTED]> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

logging of tls logons

today I entered to wifi network from my PDA and saw that I can forge this entry as I want. So, it's not really common name, but something provided by client. So, how can I get in logs exactly common names? -- Vladimir Vassiliev <[EMAIL PROTECTED]> - List info/subscribe/unsubscrib

Re: Fedora DS

K. Suresh wrote: Has anyone tried FedoraDS with FreeRadius? It's a LDAP directory. It should work. Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius - Where to start and where to get the right answer

is simple to install and configure. Requires no database to be used and has nice extensions. I think Wiki is a great idea. Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: WPA with freeradius

[EMAIL PROTECTED] wrote: i want to configure freeradius with hardware adsl router ... could you sugest me some? i've got linksys wag54g which doesnt support pure radius but WPA radius.. is it posible to make them work together with my freeradius server? Yes. WPA RADIUS is so called WPA Ent

Re: freeradius EAP/PEAP and LDAP

François Dagorn wrote: I'm trying to configure a secured Wireless network, so I want to use EAP/PEAP/LDAP for authentication and then try WPA to crypt sessions. As a beginner, I'm doing that step by step. So I've done the following : - set up a freeradius server and test it with a simple ra

Re: [PEAP] Authenticate aigainst OpenLDAP Directory with NT Hashes

the Dir) and RADIUS for dialup and wireless users. Has someone done this before? Does someone know a good Howto to achieve this? Yes it is possible. Please read http://vuksan.com/linux/dot1x/802-1x-LDAP.html#Set_up_FreeRADIUS Let me know if you have any additional questions, Vladimir - List

Re: radius LDAP problem ?

Frank Bonnet wrote: Thanks for your answer, how to tell freeradius no to use this attribute do I have to set it to NULL ? do I have to comment the line ? You can simply put uid for the accessattribute so as long as the user has a uid they'll be allowed access. Vladimir - List

Re: 802.1x and LDAP

quest 0 It appears in your users file you are setting Auth-Type to LDAP. It should be EAP or just leave it blank. FreeRADIUS will set it to EAP. What you also need to do is set the client to use PAP authentication in the inner tunnel. http://vuksan.com/linux/dot1x/wpa-client-config.html Vla

Re: Debian 802.1x LDAP

Linksys and Foundry Networks APs. Should work with Cisco. Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius and oracle LDAP

are being provided by the LDAP. Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius and oracle LDAP

Allan Borman wrote: I have put together a freeradius server to authenticate users existing on our oracle LDAP directory. The issue that I have is getting the passowrd from oracle. I can probe the LDAP, get a user authorized and fallback to the default for the passowrd check which is the "sys

Re: eap-ttls + PAP using Crypt-Password obtained by ldap

+PAP. Otherwise they will default to TTLS+MSCHAPv2 which will not work with crypted password. Here is a HOWTO on configuring TTLS+PAP http://vuksan.com/linux/dot1x/wpa-client-config.html Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: WRT54GS (sveasoft) with Freeradius 1.0.2

radius server in the debug mode and I see that the server is sending the Access-Accept packet (I also notice that it is re-sending it). You have to provide a debug log with more details on your setup if you want any help. Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org

Re: rlm_ldap: Attribute "User-Password" isrequired forauthentication

melvin wrote: rad_recv: Access-Request packet from host 192.168.84.11:2048, id=0, length=125 User-Name = "melvin" NAS-IP-Address = 192.168.84.11 Called-Station-Id = "000f66005feb" Calling-Station-Id = "0012f075e7b3" NAS-Identifier = "000f66005feb" NAS-P

Re: Does Linksys WRT54G wireless router supports FreeRadius with EAP-TTLS?

melvin wrote: Does anyone knows if Linksys WRT54G wireless router supports FreeRadius with EAP-TTLS? Yes it does. It supports both EAP-TTLS and PEAP. Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 802.1X Port Authentication using unix user/pass

[EMAIL PROTECTED] wrote: Does the Dlink DWL-2100AP support this? It supports 801.X WPA Here's is a screenshot of what the WPA configuration section looks like (on the AP's config page) http://support.dlink.com/emulators/dwl2100ap/html/CfgWepParam.html It appears it does. WPA-PSK is WPA with

Re: rlm_ldap: Attribute "User-Password" is required forauthentication

melvin wrote: LDAP does provide some authentication -- through the 'BIND' statement. Incidentally, this is how the FreeRadius rlm_ldap module chooses to authenticate against an LDAP entry... it attempts to 'bind' to it, passing the username and password to LDAP. I have successfully integrated

Re: 802.1X Port Authentication using unix user/pass

EAP and TTLS then make sure your WPA clients are using TTLS+PAP. Here are directions on how to set up clients http://vuksan.com/linux/dot1x/wpa-client-config.html Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: LDAP authentication

rId" dictionary_mapping = ${raddbdir}/ldap.attrmap authtype = ldap ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 } Hope this helps, Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: problems authenticating

and LM-Password. Those are two different hashes. You can't just use one. From your previous example separate password at colon and stick it in NT and LM passwords attributes. Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: problems authenticating

[EMAIL PROTECTED] wrote: I am trying to do EAP-PEAP, using FreeRadius 1.0.4. Here are the debug logs, at the breaking points: It doesn't appear you are sending the whole log. There should be another section where the user is being authorized against the SQL database. It appears your pass

Re: Problems authenticating and assigning DHCP addresses

-config.html Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Can do EAP/TLS, but not EAP/MD5

hown below. Attached is my eap.conf. You appear to be setting Auth-Type to Local. Check your Users file and see where the Auth-Type := Local or similar is getting set. Comment it out. Vladimir users: Matched entry jeff at line 6 modcall[authorize]: module "files" returns ok for requ

Re: LAN clients?

You should be able to. The only question is whether the AP that is in the client mode will correctly pass EAP packets around. Try using WPA supplicant under Linux just make sure you use the -D wired device as your network device. Vladimir - List info/subscribe/unsubscribe? See

Re: Problem TTLS-LDAP

alfonso celestino wrote: Thanks very much Alan, Now, I have a doubt. I am using EAP-TTLS to authenticate users 802.11, I need to add my users in the users file like that: "User1" User-Password == "passwd1" "User2" User-Password == "passwd2" But instead of storing in users file I would like

Re: eDirectory backend with FreeRadius

to verify credentials. Just leave of identity and password from the ldap module. Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Authenticate to eDirectory

lease read http://vuksan.com/linux/dot1x/802-1x-LDAP.html Let me know if it works for you. Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius + peap + wifi + mac os x

Vittore Zen wrote: I'm using freeradius (+mysql) in a wireless infrastructure with a dozen of linksys WAP54G access point (using AES). Authentication is PEAP with mschapv2. All go right when use Windows clients but no response using Mac Os X clients. Any ideas? Someone says me that MacOsX use

Re: Authenticate against Mac OS X Open Directory

-LDAP.html and let me know if it works. Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Wireless Authentication

Radius wrote: Does anyone have any links or on-line examples that show how to use FreeRadius to do 802.1x authentication? Go to www.freeradius.org and first page shows a link for 802.1x HOWTO http://www.gnist.org/~lars/courses/04thales/8021X-HOWTO.html Vladimir - List info/subscribe

Re: Cisco 3550/3750 802.1x

/dot1x/802-1x-LDAP.html#Enable_802.1x_on_a_Cisco_switch Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: How to connect XP to Linux?

iMeta Co wrote: Okay guys, I just finished setting up the server through a PEAP connection. I attached the root.der through my email and installed it in my XP. Also, I set up my NETGEAR MR814v2 Wireless Router and my Wi-Fi Laptop running Windows XP with: Shared Key Authentication 128-bit Encryp

Re: WinXP 802.1X/Radius/eDir (LDAP)

enLDAP that supports both TTLS/PEAP. http://vuksan.com/linux/dot1x/802-1x-LDAP.html Vladimir modcall[authorize]: module "files" returns ok for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for testuser radius_xlat: '(cn=testuser)' radius_xlat: 'o

Re: RADIUS LDAP Problem

Christian Zawada wrote: password_attribute = userPassword Set up seems right. You could try commenting out the line above and making sure you have following line in ldap.attrmap file checkItem User-Password userPassword That works for me. Vladimir - List info

Re: RADIUS LDAP Problem

ns invalid for request 8 auth: Failed to validate the user. Login incorrect: [test1/] Please send LDAP configuration section from radiusd.conf and also the LDIF entry for user test1. Also you could try checking out my OpenLDAP and FreeRADIUS Howto. http://vuksan.com/linux/dot1x/802-1x-L

Re: ACL on LDAP

Chan Min Wai wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm working with freeradius that running EAP auth, the account info is with LDAP server. Just want to know what kind of Right did the freeradius need to have on the LDAP server so that the ACL on the LDAP server can be control. Also,

Re: peap (ms-chap v2) + ldap bind

-LDAP.html#PEAP_with_OpenLDAP Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: peap (ms-chap v2) + ldap bind

passwords since you can't convert from MD5 to NT/LM. Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Apple Airport Extreme with EAP-TTLS...

(WPA-PSK) with the Airport AP. See if that works. RADIUS seems to be working correctly and authenticating you but after that if an AP is dropping packets it is something between your iBook and AP. Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: OpenLDAP / FreeRADIUS / Cisco 5350 problem

Douglas G. Phillips wrote: I'm running into an issue here, and I can't seem to find the forest for the trees. I'm probably overlooking something obvious, and am not searching correctly for the problem. Our LDAP server is using crypted passwords at the moment. The router is a cisco 5350. RADIUS is

Re: OpenLDAP / FreeRADIUS / Cisco 5350 problem

icular IP in clients.conf match. Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: problems with 802.1x - EAP-TLS

Galvao Rezende wrote: eaptls_process returned 7 rlm_eap_tls: Received unexpected tunneled data after successful handshake. You need to investigate following. You may want to re-do certificates. Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: problems with 802.1x - EAP-TLS

Galvao Rezende wrote: problems with 802.1x - EAP-TLS I'm having trouble at authentication using radius, openssl and EAP-TLS, using AP CISCO 350 Series. Look at radius output. It doesn't appear that is the whole output. There is no Reject message that I can see. Vladimir -

Re: "peap "-> works but "peap + ldap" ->doesn't works

backend you would likely have NT/LM hashes. If you don't have NT/LM hashes or plain-text passwords you will need to use EAP-TTLS with PAP for inner tunnel authentication. I have a write-up on how to set up FreeRADIUS with OpenLDAP at http://vuksan.com/linux/dot1x/802-1x-LDAP.html V

Re: EAp/TSL authorization problem

Sergey Guriev wrote: В сообщении от 3 Май 2005 09:48 Vladimir Vuksan написал: I believe this should be User-Password == "" I made it and User-Password and Password - no change The log contains something peculiar ie. rad_recv: Access-Request packet from host 80.243.64.30

Re: EAp/TSL authorization problem

Sergey Guriev wrote: Im' using freeradius 1.02 (under linux), Cisco AiroNet 1230B and PC-station under Win-XP. And I have some problem with authorization. Here parts of my configs: users: - ttt Password == "" I believe this should be User-Password ==

Re: WPA Auth w/users file

Homer Parker wrote: I have the same problem as: Running Freeradius 1.0.1. I've made the changes listed in that thread, but.. I'm using the raddb/users file (only 7 entries), and am not finding a way to auth a

Logging/accounting regardless whether Accounting-Request packet sent

Address}/detail expands to /var/log/radacct/192.168.2.227/detail modcall[accounting]: module "post_proxy_log" returns ok for request 18 modcall[accounting]: module "unix" returns fail for request 18 modcall: group accounting returns fail for request 18 Thanks a lot, Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

OpenLDAP + 802.1x / WPA setup

/linux/dot1x/802-1x-LDAP.html and let me know if you have any corrections. Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius and LDAP-V2

not plan to upgrade to v3 since several monthes. Yes. OpenLDAP 2.x support LDAPv3 specification. Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius + Wireless Users (802.X)

Victor M. Polukcht wrote: Is there any ability to authentificate Wireless Users with login and password using Freeradius? I use freeradius now for dialup and voip users. But now also need somehow to auth wireless users (we have some hotspots). As i got i need to configure PEAP. May be there is

Re: Beginner question: Trying to secure a wlan

k you for 1. RADIUS server IP/hostname ie. 127.0.0.1 2. Shared secret ie. whatever you set, FreeRADIUS defaults to testing123 for 127.0.0.1 3. Optionally it may ask for RADIUS server port ie. 1812 You should be able to get tech support from PCtel since SoftAP is a paid product. Vladimir - List

Re: Beginner question: Trying to secure a wlan

Tim Boneko wrote: A silly question, perhaps, but you *did* configure you wireless AP to actually *use* the RADIUS server, did you not? OW! Damn, i forgot to mention that the AP _is_ the Radius server... sorry, my fault. It?s a SoftAP. That still doesn't tell us whether you configured SoftAP

Re: PEAP-{GTC,MSCHAPv2} against OpenLDAP

WPA/802.1x set up http://vuksan.com/linux/dot1x/802-1x-LDAP.html You don't necessarily need clear/plain-text passwords in the LDAP database. You can a) Have MD5/CRYPT/SSHA hashed passwords if you are using TTLS with PAP b) Have NT/LM password hashes if you are using PEAP. Vladimir - List

Configuring Mac OS X client to use TTLS+PAP

sections properly configured. Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: EAP-TTLS/PAP - LDAP bind rather than a password compare

Alan DeKok wrote: 1) The tunneled session is MS-CHAP, not PAP. The server is telling you this in the debug messages! I don't understand why you are asking about TTLS + PAP when you're using TTLS + MSCHAP. Please do not post misleading messages to the list. I did not intend to mislead anyone.

Re: EAP-TTLS/PAP - LDAP bind rather than a password compare

Alan DeKok wrote: Vladimir testuser <[EMAIL PROTECTED]> wrote: Great. So how do I configure it :-) to use LDAP CRYPT or MD5 hashes. Read the documentation and the sample configuration files. TTLS + PAP is *REALLY* TTLS + PAP. Configure PAP, configure TTLS, and TTLS + PAP wil

Re: EAP-TTLS/PAP - LDAP bind rather than a password compare

is that I already have hashed passwords and would like to use them. Having hundreds of users (re)set their passwords so they get plain text passwords doesn't seem like a good option since more than half of them will not do it and will seek tech support when things don't work :-(. V

Re: EAP-TTLS/PAP - LDAP bind rather than a password compare

work. But shouldn't FreeRADIUS be able to extract username and password from PAP packet and check those credentials by binding to LDAP ? I would like to avoid having to store plain text passwords in the LDAP database. Vladimir - List info/subscribe/unsubscribe? See http://www.freeradiu

EAP-TTLS/PAP - LDAP bind rather than a password compare

like to find out if someone actually has notes that they would be willing to share on how to actually set this up since I would love to do it. Thanks, Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

WPA EAP-PEAP and OS X client problem

default_eap_type = mschapv2 } mschapv2 { } } Any clues ? Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Using freeradius and 802.1x for dynamic VLAN on Cisco 2950

e new IOS. I also had problem with a 2950. No problem with a new IOS and a 3550. Has anyone implemented a setup where e.g. Tunnel-Type, VLAN information is stored in LDAP instead of in the users file ? Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Using freeradius and 802.1x for dynamic VLAN on Cisco 2950

Horschtel wrote: I try but it doesn't work. I try another radius server and it failed also. I the properties of the Attribute 81 I see should be a string. So I think I did a mistake on the switch configuration. I post the configuration here : Is 802.1x working at all ? For instance I had to

Re: EAP-TTLS - FreeRadius - Ldap - Edirectory -Enterasys - 802.1x

following radiusFilterId attribute ie. radiusFilterId: "Enterasys:version=1:policy=Enterprise User" In ldap.attrmap you need to have something like Filter-IdradiusFilterId I wrote a HOWTO how I did it. http://vuksan.com/linux/dot1x/802-1x-LDAP.html Vladimir - List info/subscribe/u

Re: 802.1X Port-Based Authentication HOWTO

micki wrote: Hello i am trying to execute 802.1X Port-Based Authentication HOWTO aftwer change all the configuration file of the server i get an error message when i type radiusd -X 4422:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: CERTIFICATE 4422:error:020010

Re: 802.1x/EAP-MD5 against OpenLDAP HOWTO

) authentication via the same RADIUS server and I believe that one requires the authenticate section. I'll test. Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

802.1x/EAP-MD5 against OpenLDAP HOWTO

I promised I would write a HOWTO to 802.1x/EAP-MD5 authentication using LDAP. Here it is :-) http://vuksan.com/linux/dot1x/802-1x-LDAP.html Let me know if you have corrections or additions. Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: How to send SIGHUP signal to server ( radiusd )

. kill -1 Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Want to add details to MySQL

. PHP or Perl that tails the radius.log and inserts data into a database ie. tail radius.log | perl someperlscript.pl In someperlscript you simply do an infinite loop that reads from STDIN and inserts it into a proper SQL database. Vladimir - List info/subscribe/unsubscribe? See http

Use alternate LDAP source if EAP message

EAP message ? I want to use ldap_normal for everything else. Thanks, Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: EAP-MD5 + LDAP problem

Alan DeKok wrote: Too bad. Nearly all authentication protocols require access to clear-text passwords. :-(. The suggestion to put passwords in clear text worked. Thanks for your responses. Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: EAP-MD5 + LDAP problem

Chan Min Wai wrote: Vladimir wrote: I am trying to get 802.1x authentication going for wired clients on our LAN. I have been successul in using local password database to authenticate 802.1x users however I haven't been able to get it going with LDAP. Version of FreeRadius is Debian pac

Re: EAP-MD5 + LDAP problem

Alan DeKok wrote: Vladimir <[EMAIL PROTECTED]> wrote: rlm_ldap: Added password risfylFZSeXVT7IrjtlVdQ== in check items rlm_ldap: looking for check items in directory... rlm_ldap: Adding userPassword as User-Password, value { & op=21 That doesn't look right. Try the late

EAP-MD5 + LDAP problem

nticate returns reject for request 1 auth: Failed to validate the user. Delaying request 1 for 1 seconds Finished request 1 Going to the next request Waking up in 6 seconds... --- If I get this going I promise to write up a HOWTO :-). Thanks, Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re[2]: NAS-Identifier and != operator

Hello Alan, Monday, November 29, 2004, 5:34:18 PM, you wrote: AD> Vladimir Ilyin <[EMAIL PROTECTED]> wrote: >> I.e., it should check if user is from huntgroup test, has group >> groupname, and his nas-identifier is NOT ftp. Everything works, except >> for that != ope

NAS-Identifier and != operator

heck if user is from huntgroup test, has group groupname, and his nas-identifier is NOT ftp. Everything works, except for that != operator, and i don't see, why. Can you please give some point? Regards, Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

EXEC and PHP

Good day to lall Why can i return from exec_module (external programm write on php) Auth-Type := Reject Reply-Msg = "No permition" - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Exec mod (Paul Hampson), Vladimir Gavrilov

>Off the top of my head, if you use wait=true, and return a status >other than 0, it should reject the request. > >-- >Paul "TBBle" Hampson, on an alternate email client I have FreeRadius 0.9.3 and use for Voip Gate AquaGateKeeper. If Gate do not get packet this Access-Accept or Access-Reject.Gat

Re: Exec mod (Paul Hampson)

If return exit status non = 0 from exec programm. Radius write " rlm_exec (echo): External script failed rad_recv: Access-Request packet from host xx.xxx.xxx.xxx:, id=5, length=290 Dropping packet from client clzz: - ID: 5 due to dead request 0" and resend next packet. It is no good idea.

Exec mod

Good day to all as I can change Packet-Type from Access-Accept to Access-Reject in external programm in exec module Please send example. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html