Alexander Clouter wrote:
Only me...again doing things I probably should not do with FreeRADIUS.
It shouldn't crash...
So I decided to slap in unwisely placed 'handled' and the attr_filter on
the proxying server (in post-proxy) exploded. The backtrace is below
and I also slipped
the way, we use
eDirectory's Universal Password so we use the LDAP module to extract the
plaintext password) which speeds up the whole authentication.
So I decided to slap in unwisely placed 'handled' and the attr_filter on
the proxying server (in post-proxy) exploded. The backtrace is below
Hi,
hmm, I'm not sure at all that you can have multi line
attr filter matches... ie if you have seperate entries
for each allowed type - i think that the very last defined
one is the one takenwhat you need to do is have
a REGEX for the accetped types eg
Trapeze-VLAN-Name ==
[EMAIL PROTECTED] wrote:
Hi,
hmm, I'm not sure at all that you can have multi line
attr filter matches... ie if you have seperate entries
for each allowed type - i think that the very last defined
one is the one takenwhat you need to do is have
a REGEX for the accetped types eg
Hi Folk,
I have activated attr_filter for a realm (dr4.cnrs.fr) and want users
from that realm to have 2 possible values of VLANs (VISITEUR or SIRC)
Here is my attr_file:
dr4.cnrs.fr
Service-Type == Login-User,
Framed-IP-Address == 255.255.255.254,
Framed-MTU = 576
debug? It could be that they just haven't been copied from inner to
outer reply.
Ivan Kalik
Kalik Informatika ISP
Dana 25/11/2008, Mustapha Bouikhif [EMAIL PROTECTED]
piše:
Hi Folk,
I have activated attr_filter for a realm (dr4.cnrs.fr) and want users
from that realm to have 2 possible
Mike O'Connor wrote:
How do I only add a radius attribute via attr_filter on Accept-Accept
Packets ?
Run attr_filter only on the post-auth section. Or, are you doing
proxying?
My current config is adding the attribute on accounting reply packets also.
That doesn't matter too much
Hi Alan
Do you see it in the response packet? Or in debug mode? Or both?
Yes with verbose turned on in radclient you see the extra value pair
printed on the screen.
CVS head has this fixed. You can run separate pre/post proxy sections
for authentication and for accounting.
Ok
Hi Guys
How do I only add a radius attribute via attr_filter on Accept-Accept
Packets ?
My current config is adding the attribute on accounting reply packets also.
Thanks
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
I've been searching more documentation but there is too much about
attr_filter...
Is it possible to permit any attribute for DEFAULT entry instead of specifying
all posible attributes in a post-proxy answer?
Thanks in advance!
El Jueves, 19 de Mayo de 2005 11:42, David Manchado
Hello,
I would like to perform some control over the attributes returned post-proxy
in a realm but let any attribute return for the other realms.
my ${confdir}/attrs is:
realm1
Service-Type == Framed-User,
Login-Service =* ANY,
Login-TCP-Port =* ANY,
hi,
i'm interesting in doing some pre-proxy processing.
pre-proxy:
* i need to restrict the attributes that are sent on to the
target/home radius server
* the documentation doesn't suggest that attr_filter can be used in
the pre-proxy{} section
Ok I have tested
company.com
Reply-Message =~ (ValA|ValB)
it doens't work
(freeradius crash ans say :
Parse error (reply) for entry company.com: Expected end of
line or comma
Errors reading /etc/freeradius/attrs
radiusd.conf[1253]: attr_filter: Module instantiation failed.)
then i have tested
delrieu.nans [EMAIL PROTECTED] wrote:
Ok I have tested
company.com
Reply-Message =~ (ValA|ValB)
it doens't work
The Reply-Message attribute is a string. It requires double-quoted
strings, not miscelleneous text.
All of the examples in the files shipped with the server have it
quoted.
Hello all
I want to allow only three values of Reply Message from a
specific realm.
I have read the doc rlm_attr_filter but I haven't find any
information.In attr_filter i have tested that
Reply-Message == ok
Reply-Message == remote
than that
Reply-Message == ok,
Reply-Message == remoteor
Hi,
I want to allow only three values of Reply Message from a
specific realm.
Reply-Message == ok
Reply-Message == remote
Nothing work. how to allow three different values ? Is it
possible ?
Have you tried the regex matching operator =~ yet? If you want to allow the
three distinct
Hi all,
I want to know if there is any method to add
attributes in a proxy reply based on realm.
I have tried adding an attribute
Tunnel-Type:= VLAN
in attrs file, but when the proxy reply comes the
attr_filter only adds this attribute in newly built
proxy reply and doesn't keep all other
We have made a trivial patch to the attr_filter that changes the dafault
behaviour from reject to accept, that is we accept and pass over all
attributes which are not listed in the attrs file and apply the usual rules
to the ones that are listed.
In particular an entry:
Tunnel-Private
Ok I have tested
company.com
Reply-Message =~ (ValA|ValB)
it doens't work
(freeradius crash ans say :
Parse error (reply) for entry company.com: Expected end of
line or comma
Errors reading /etc/freeradius/attrs
radiusd.conf[1253]: attr_filter: Module instantiation failed.)
then i have
Ok I have tested
company.com
Reply-Message =~ (ValA|ValB)
it doens't work
(freeradius crash ans say :
Parse error (reply) for entry company.com: Expected end of
line or comma
Errors reading /etc/freeradius/attrs
radiusd.conf[1253]: attr_filter: Module instantiation failed.)
then i have
the only difference I see when Tunnel attributes
are passed to NAS is the operators := for realm and
= for local user.
Can any body suggest that what is wrong with my
settings to make attr_filter work fine with post proxy
or I have done something wrong in my settings.
I will be very thankful
Hi,
I have figured out the real problem was. Actually the attr_filternot considerall other a/v pairs from proxy request and just builts a new proxy reply containing only the tunnel attributes I have set in attrs file.
Now the question arises if it is possible to let attr_filter add required
Hi,
It seems like when I define an attr_filter module instance in the preproxy
section,
that the module is only run for auth packets, but not for acct packets.
How can I have the module run for acct packets also?
--
Regards,
Thor Spruyt
E: [EMAIL PROTECTED]
W: www.thor-spruyt.com
M: +32 (0)475
Thor Spruyt wrote:
It seems like when I define an attr_filter module instance in the
preproxy section,
that the module is only run for auth packets, but not for acct
packets.
Never mind, it seems to work :)
--
Regards,
Thor Spruyt
E: [EMAIL PROTECTED]
W: www.thor-spruyt.com
M: +32 (0)475 67 22 65
24 matches
Mail list logo