Hi there,
we have a setup running for ppp user on a freeradius/mysql base.
We recognized that not all group values are given to the user while the login
is running.
After some debugging we found out, that freeradius didn't get all information
from the database while its inside of the tables.
At
Dear freeradius-users,
I'm trying to configure different access to users based on group membership.
What I would like to achieve is that userA is allowed only through
NAS-Port1, UserB through NAS-Port2 and userALL through both.
It seems to work OK as long as each user is only in one group. If I
pu
> b. Fall-Through was set in the last group's reply items
Thanks
It was exactly the problem!
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Multiple-groups-per-user-tp4362664p4368223.html
Sent from the FreeRadius - User mailing list archive at Nabble.com
On Sun, May 1, 2011 at 6:51 PM, googerdi wrote:
> Hi
>
> I want to have multiple groups per user but radius choose only the highest
> priority group with lowest number.
Really? Are you sure?
> How can i enable this feature for mysql
> module if exists!
>From https:/
Hi
I want to have multiple groups per user but radius choose only the highest
priority group with lowest number. How can i enable this feature for mysql
module if exists!
Thanks--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Multiple-groups-per-user-tp4362664p4362664
> Can you give an example of script? Also how should the script be invoked?
>
Freeradius *is* open source - rlm_logintime. Your problem is that
rlm_logintime doesn't support multiple intervals in the same day - you
will need to rework it so that you can pull each interval from the group
user belon
Can you give an example of script? Also how should the script be invoked?
Thanks,
Pramada
>> I am trying to assign one user to multiple groups and each group has a
>> different login time. Is it possible to check the user against each
>> group's login time and allow a
> I am trying to assign one user to multiple groups and each group has a
> different login time. Is it possible to check the user against each
> group's login time and allow access if anyone of them matches.
No. Login-Time can't be used like that. You will have to write a sc
Hi,
I am trying to assign one user to multiple groups and each group has a
different login time. Is it possible to check the user against each group's
login time and allow access if anyone of them matches.
I tried using DEFAULT and matching GROUP-NAME in users file with fall-through
o
http://wiki.freeradius.org/Rlm_sql
Ivan Kalik
Kalik Informatika ISP
Dana 20/10/2008, "Jřrn Kostřl" <[EMAIL PROTECTED]> piše:
>I'm trying to add multiple groups to a user, but only the group with
>the highest priority (lowest number) is being processed.
>I
I'm trying to add multiple groups to a user, but only the group with
the highest priority (lowest number) is being processed.
I've tried this on Freeradius 1.1.7, 2.0.4 and 2.1.1.
When I set the priorities different only the first is processed. If I
set the priority to the same leve
Hi,
I'm trying to set up rlm_sql for users that belong to multiple groups.
(1.1.6, postgresql 8.1).
If user belongs to only one group - everything works fine - i.e. user
can auth, gets correct attributes back.
If I add the user to another group - it stops working all together -
ie the user
> > DEFAULT Auth-Type := Local, NAS-IP-Address == "10.0.0.1"
> > Exec-Program-Wait = "/program for nas1"
>
> You don't need to set Auth-Type.
In the SQL database I am not setting it, its merely the NAS IP.
> And if the per-NAS configuration is fairly static, you can use
> rlm_passwd to map
Stavros Patiniotis wrote:
> For clarity I am trying to achieve the SQL equivalent of the lines below,
> however as we are doing chap I need to have the usernames and passwords
> stored in the database (radcheck).
>
> DEFAULT Auth-Type := Local, NAS-IP-Address == "10.0.0.1"
> Exec-Program-Wait =
Hi again,
I just want to clarify my previous email.
What I want is to authenticate one user who is in multiple groups. I am
assuming that the group binding is occurring as a result of the check items,
but this is where it appears to fail. In fact two separate problems are
occurring with point 5
Hello!
Anybody uses user in multiple groups with SQL backend?
--
Pavel D.Kuzin
System Administrator
Nodex ISP
St. Petersburg, Russia
[EMAIL PROTECTED]
http://nodex.ru
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Scott Reed wrote:
OK, Phil, you got me. I thought all I did was copy the to address, but
must have used a reply instead. Sorry.
Grin - it was not my intention to "get" you. I'm certainly not the
mailing list police. The only reason I mentioned it is that I (and I
suspect many) people drop wh
Wireless Networking
Network Design, Installation and Administration
www.nwwnet.net
-- Original Message ---
From: Phil Mayers <[EMAIL PROTECTED]>
To: FreeRadius users mailing list
Sent: Fri, 07 Apr 2006 11:09:48 +0100
Subject: Re: User in Multiple Groups
> Scott R
Wireless Networking
Network Design, Installation and Administration
www.nwwnet.net
-- Original Message
---
From: Phil Mayers <[EMAIL PROTECTED]>
To: FreeRadius users mailing list
Sent: Fri, 07 Apr 2006 11:09:48 +0100
Subject: Re: User in Multiple
Apr 2006 07:25:29 -0500
Message-Id: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
Subject: User in Multiple Groups
I changed radcheck to have := instead of ==. No change.
First query returns:
++--+--+-+
t.net
-- Original Message ---
From: "Scott Reed" <[EMAIL PROTECTED]>
To: FreeRadius users mailing list
Sent: Thu, 6 Apr 2006 07:54:08 -0500
Subject: Re: User in Multiple Groups
> I did not usurp a thread, I reposted my own.
>
> I changed radcheck to ha
riginal Message
---
From: Phil Mayers <[EMAIL PROTECTED]>
To: FreeRadius users mailing list
Sent: Thu, 06 Apr 2006 13:22:39 +0100
Subject: Re: User in Multiple Groups
> Scott Reed wrote:
>
> I have searched the archive and came close to figuring this out, but I have
Scott Reed wrote:
I have searched the archive and came close to figuring this out, but I have not
Don't start your query as part of another thread please.
Configuration tables:
1 USERGROUP
2 80 sreed MS1-AP1
3 76 treed MS1-AP1
4 78 sreed Router-Ad
AIL PROTECTED]>
To: FreeRadius users mailing list
Sent: Wed, 5 Apr 2006 07:25:29 -0500
Subject: User in Multiple Groups
>
I have searched the archive and came close to figuring this out,
but I have not been able to get a user to exist in 2 groups and have each
authenticate.
I have searched the archive and came close to figuring this out, but I have not been able to get a user to exist in 2 groups and have each authenticate. I have one set of systems that need Login-User and then reply with one set of responses and another set that need Framed-User and reply with
Hi,
I have problem with multiple groups behind one NAS after upgrade from
freeradius0.9.x to 1.0.4-1.
There was no problem with this configuration before upgrade.
Scenario:
2 groups: GPRS_1 and GPRS_2
both groups are behind NAS 1.1.1.1
user_1 is member of group GPRS_2 and he and all members
adius users mailing list'
Subject: RE: return ALL the AVPs for a username that belongs multiple groups
Here's the rest of my config. Notice, that username 3000 belongs to group
Dialin and Dialin2. The user can register fine, however in this case the
Access-Accept packet only returns the
at belongs multiple groups
Here's the rest of my config. Notice, that username 3000 belongs to group
Dialin and Dialin2. The user can register fine, however in this case the
Access-Accept packet only returns the AVPs related to group Dialin (I'm
guessing is because it's the first one that it
er 28, 2005 1:34 PM
To: FreeRadius users mailing list
Subject: Re: return ALL the AVPs for a username that belongs multiple groups
"Lenir" <[EMAIL PROTECTED]> wrote:
> Radius replies with the AVPs of the first group that it
> matches that the user belongs to. Instead of returning
: FreeRadius users mailing list
Subject: Re: return ALL the AVPs for a username that belongs multiple groups
"Lenir" <[EMAIL PROTECTED]> wrote:
> Radius replies with the AVPs of the first group that it
> matches that the user belongs to. Instead of returning all the AVPs f
: FreeRadius users mailing list
Subject: Re: return ALL the AVPs for a username that belongs multiple groups
"Lenir" <[EMAIL PROTECTED]> wrote:
> Radius replies with the AVPs of the first group that it
> matches that the user belongs to. Instead of returning all the AVPs f
reply AVP's.
> So I guess the question is, can a user belong to multiple groups? If so, how
> can radius reply with all the AVPs that correspond to ALL the groups that
> the user belongs to?
Yes, and you configure the server to do that.
Alan DeKok.
-
List info/subscribe/uns
to multiple groups? If so, how
can radius reply with all the AVPs that correspond to ALL the groups that
the user belongs to?
Lenir
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alex M
Sent: Sunday, October 23, 2005 11:00 PM
To: [EMAIL PROTECTED
Probably yes...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Seferovic Edvin
Sent: Sunday, October 23, 2005 10:42 PM
To: 'FreeRadius users mailing list'
Subject: RE: return ALL the AVPs for a username that belongs multiple groups
Fa
]
[mailto:[EMAIL PROTECTED] On Behalf Of Alex M
Sent: Montag, 24. Oktober 2005 04:37
To: 'FreeRadius users mailing list'
Subject: RE: return ALL the AVPs for a username that belongs multiple groups
In config file there should be a line that will allow you to go to the next
parameter despit
Sent: Sunday, October 23, 2005 10:14 PM
To: 'FreeRadius users mailing list'
Subject: RE: return ALL the AVPs for a username that belongs multiple groups
Can anybody help me with this?
Thanks in advance,
Lenir
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTE
s multiple groups
Hello list,
I have a user that belongs to multiple groups, lets say in the usergroup
table, I have username Paul_S that belongs to Group1, Group2 and Group3
(using a different row for each group membership). In the radgroupreply
table, I have multiple different attributes for
Hello list,
I have a user that belongs to multiple groups, lets say in the usergroup
table, I have username Paul_S that belongs to Group1, Group2 and Group3
(using a different row for each group membership). In the radgroupreply
table, I have multiple different attributes for each group.
When I
I have freeradius and LDAP authenticating nicely. The problem I am
running into is that when I id a user, it only shows the primary group
that user is a member of. How can I get FreeRadius to report the other
groups that the user belongs to?
Mark Litchfield
Sorry I don't understand. Can you
On Fri, 22 Jul 2005, Mark Litchfield wrote:
> Using:
> FreeRadius 1.0.4
> OpenLDAP 2.2.27
> FreeBSD 5.4
>
> We are trying to get FreeBSD to allow a user to be a member in multiple
> groups. Here's roughly the way we have the tree laid out.
>
> dc: tre
Using:
FreeRadius 1.0.4
OpenLDAP 2.2.27
FreeBSD 5.4
We are trying to get FreeBSD to allow a user to be a member in multiple
groups. Here's roughly the way we have the tree laid out.
dc: treeroot
|_ou: accounts
| |_ou: domain1
| | |_uid: joe
| | mail: [EMAIL PROTECTED]
|
"Fiederling, Daniel" <[EMAIL PROTECTED]> wrote:
> Is there a suggested way to predefine groups in the hints file that are
> used by rlm_sql and matched to the groupname field?
Read sql.conf. It uses the SQL-Group attribute to look for groups.
Alan DeKok.
-
List info/subscribe/unsubscribe?
er.
What would be the suggested attribute for this issue?
Thanks
Daniel
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Auftrag von Alan
DeKok
Gesendet: Donnerstag, 24. März 2005 17:47
An: freeradius-users@lists.freeradius.org
Betreff: Re: Multiple groups via
"Fiederling, Daniel" <[EMAIL PROTECTED]> wrote:
> I'm currently using freeradius 1.0.2 with a mysql database for
> authorization. Because I have multiple client applications I use the
> hints file to define groups based on Client-IP-Address:
>
> DEFAULT Client-IP-Address ==D a.b.c.d
>
Title: Multiple groups via hints file and rlm_sql
Hi,
I'm currently using freeradius 1.0.2 with a mysql database for authorization. Because I have multiple client applications I use the hints file to define groups based on Client-IP-Address:
DEFAULT Client-IP-Address == a.
45 matches
Mail list logo