We are getting unexpected behavior from FreeRADIUS 2.2.x (built from current
git).
We want to check if a user is BLOCKED first, and only then do we want to
perform some other checks.
Our current config looks like this:
authorize {
#auth_log # uncomment for debugging
Bruce Bauman wrote:
We want to stop executing the BUNCH OF UNLANG CODE in the first two
cases (infected and tempsus), effectively doing something like a return.
There is a return code. See doc/configurable_failover.rst:
ok {
ok = return
}
That may work. The issue is that
We want to stop executing the BUNCH OF UNLANG CODE in the first two cases
(infected and tempsus), effectively doing something like a return.
Where you have ok in the case stanzas, put
ok {
ok = return
}
-Arran
Arran Cudbard-Bell a.cudba...@freeradius.org
FreeRADIUS Development Team
Hi,
A simple thing:
infected case
update control {
Tmp-String-0 := stop
}
...
if (Tmp-String-0 != stop) {
BUNCH OF UNLANG CODE
}
That should work. Ugly, but functional.
this is pretty much what I was
On 2 Oct 2013, at 22:57, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
A simple thing:
infected case
update control {
Tmp-String-0 := stop
}
...
if (Tmp-String-0 != stop) {
BUNCH OF UNLANG CODE
}
That should work. Ugly,
hi
thought so at the beginning but I did :)
The startup of freeradius shows that the module is loaded (called
local-sql.conf):
...
Thu Aug 25 16:26:48 2011 : Debug: including configuration file
/etc/raddb/modules/files
Thu Aug 25 16:26:48 2011 : Debug: including configuration file
Here is the module:
sql sql_local {
database = mysql
driver = rlm_sql_${database}
server = localhost
login = radius
password =
radius_db = radius-MAB
read_groups = no
sqltrace = yes
Of course!
Didnt instantiate it properly!
Thanks!
On Fri, Aug 26, 2011 at 9:31 AM, Arran Cudbard-Bell
a.cudba...@freeradius.org wrote:
Here is the module:
sql sql_local {
database = mysql
driver = rlm_sql_${database}
server = localhost
login =
Hi,
I am trying to do mac authorization as per
http://wiki.freeradius.org/Mac-Auth#Mac-Auth+authorisation+by+SSID+SQL
In fact my attempt is much simpler as I just have a very simple table
containing the mac address of system to accept. My conf looks like that:
authorize {
...
# newer
Means you haven't instantiated your SQL module with the correct instance name.
Check that the config block for your SQL is :
sql sql_local {
}
-Arran
On 25 Aug 2011, at 16:57, Sébastien Barbereau wrote:
Hi,
I am trying to do mac authorization as per
On Tue, Feb 01, 2011 at 02:33:33PM -0800, Brett Littrell wrote:
The authenticate section is used to just verify that you are who
you are, via certs, username/password, token etc. The authorize
section is where you define the sources for all the information you
want FR
to knowing who you are? Or
are you saying that the way the program loads the config the authorize section
simply gets read first?
Brett Littrell
Network Manager
MUSD
CISSP, CCSP, CCVP, MCNE
On Wednesday, February 02, 2011 at 12:05 AM, in message
20110202080557.ga2...@talktalkplc.com, Brian
the program loads the config
the authorize section simply gets read first?
Brett Littrell
Network Manager
MUSD
CISSP, CCSP, CCVP, MCNE
On Wednesday, February 02, 2011 at 12:05 AM, in message
20110202080557.ga2...@talktalkplc.com, Brian Candler b.cand...@pobox.com
wrote:
I'd say that's
-Name), so can use that to look up the
reply attributes. It doesn't know you actually *are* that person yet, but
it won't send back an Access-Accept until it does.
Or are you saying that the way the program loads
the config the authorize section simply gets read first?
The authorize
*are* that person yet, but
it won't send back an Access-Accept until it does.
Or are you saying that the way the program loads
the config the authorize section simply gets read first?
The authorize section gets executed first; I don't think it makes any
difference what order you put them
that to look up the
reply attributes. It doesn't know you actually *are* that person yet, but
it won't send back an Access-Accept until it does.
Or are you saying that the way the program loads
the config the authorize section simply gets read first?
The authorize section gets executed first
Hi All,
I'm trying to find out what to use (if anything) in the authorize
section when authenticating clients via MSCHAP-v2 and AD credentials.
The how-to at deployingradius.com only speaks to the authentication
section.
If I only want to ensure that the username/password credentials are
valid
Hi,
I'm trying to find out what to use (if anything) in the authorize
section when authenticating clients via MSCHAP-v2 and AD credentials.
The how-to at deployingradius.com only speaks to the authentication
section.
If I only want to ensure that the username/password credentials
On Tue, 2011-02-01 at 20:48 +, Alan Buxey wrote:
Hi,
I'm trying to find out what to use (if anything) in the authorize
section when authenticating clients via MSCHAP-v2 and AD credentials.
The how-to at deployingradius.com only speaks to the authentication
section.
If I only
Hi Harry,
So this is the way I understand it.
The authenticate section is used to just verify that you are who you are,
via certs, username/password, token etc. The authorize section is where you
define the sources for all the information you want FR to respond to. So to
just
i forgot:
thanks for the info
- Original Message -
From: Arran Cudbard-Bell [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Monday, June 11, 2007 10:16 AM
Subject: Re: EAP-Handshakes: every reply runs the full authorize-section
Rainer
FreeRADIUS Version 1.1.0:
Hello,
we run EAP-TTLS and what we get in Debug-Mode is, that every received
EAP-Packet within the TLS-Tunnel-establish runs the complete
authorize-section and slows down the overall time to create a TTLS-Tunnel.
Reason is, that the User-Name e.g. NTB-BRINK-610, which
Rainer Brinkmann wrote:
FreeRADIUS Version 1.1.0:
Hello,
we run EAP-TTLS and what we get in Debug-Mode is, that every received
EAP-Packet within the TLS-Tunnel-establish runs the complete
authorize-section and slows down the overall time to create a TTLS-Tunnel.
Reason is, that the User
Hi all,
I'm developping some FreeRADIUS modules. In the authorize section, my
module set the Auth-Type to a specific value to pick my own module
in the authorize section. The last one in this section is the
FreeRADIUS files module. I use it to perform some tasks if the request
is not processed
Nicolas Castel [EMAIL PROTECTED] wrote:
Is there any possibility not to go through following modules in the
authorize section if the Auth-Type has already been set.
Yes. See doc/configurable_failover. You should have your module
return different codes, based on whether Auth-Type was set
Thanks a lot Alan, that's exactly what i needed
2006/5/30, Alan DeKok [EMAIL PROTECTED]:
Nicolas Castel [EMAIL PROTECTED] wrote:
Is there any possibility not to go through following modules in the
authorize section if the Auth-Type has already been set.
Yes. See doc/configurable_failover
Ross Reed [EMAIL PROTECTED] wrote:
I have an entry in the users file that checks for anything coming
from that number, if it does give them certain reply attributes, but
the problem being is, it continues down the line and checks the sql
section ( giving the reply attributes I don't want them
To all,
I know the answer to this is most likely in the docs/list, but I cannot
find it and it is crunch time.
I have users that will be dailing a certain number so they can get a
new dialer that pushes out new numbers ( Any of them dailing this
number will get authenticated by default). I
28 matches
Mail list logo