On 08/06/2013 02:31 AM, Alan Buxey wrote:
> I assume that's the freeradius2 package rather than freeradius as 1.x
> doesn't have unlang
The OP said Fedora. Fedora has never had a freeradius2 package (only
ever existed in RHEL 5.x). Fedora has had 2.x for many years. So either
the OP is using an ex
I assume that's the freeradius2 package rather than freeradius as 1.x doesn't
have unlang
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 08/05/2013 08:49 PM, Joseph Perrin wrote:
> Thank you. I now understand.
>
> A stock install of freeRadius in Fedora, (i.e. via yum), does not
> provide a man page for unlang. Had you not helped me, I'd simply not know.
Nonsense, the freeradius rpm installs the unlang man page.
Please provi
at 22:37, Joseph Perrin wrote:
>
> > The following appears to now work, but I don't understand some things:
> >
> > files
> >
> > if (control:Local-Group != "%{NAS-Identifier}" ) {
> >
> > Why does control:Local-Group not need to be encl
On 5 Aug 2013, at 22:37, Joseph Perrin wrote:
> The following appears to now work, but I don't understand some things:
>
> files
>
> if (control:Local-Group != "%{NAS-Identifier}" ) {
>
> Why does control:Local-Group not need to be enclosed in "%{
The following appears to now work, but I don't understand some things:
files
if (control:Local-Group != "%{NAS-Identifier}" ) {
Why does control:Local-Group not need to be enclosed in "%{ }", but
NAS-Identifier does?
And why does %{ } content need to be within quote
>
> Diagnostic says:
> ++? if (control:Local-Group != NAS-Identifier ) -> FALSE
Assuming you're not looking for a literal value 'NAS-Identifier', you want
"%{NAS-Identifier}".
If this is a new deployment you should use current HEAD revision in Mast
Changing the Local-Group into the request still makes control:Local-Group
empty.
abc Cleartext-Password:="xyz", Local-Group:="staff"
NAS Sends this:
User-Name = "abc"
:
NAS-Identifier = "resident"
if ( control:Local-Group != NAS-I
Hi,
>I was thinking this should be easy, but it's been two weeks and I give
>up...
well, depends how you do itif you do it easy it is easy, no?
users file
abc Cleartext-Password := "xyz", NAS-Identifier = "staff"
Reply-Message "Welcome
>
>
> Running radiusd -X I get:
>
> :
> ++? if (Local-Group != NAS-Identifier )
> (Attribute Local-Group was not found)
> ? Evaluating (Local-Group != NAS-Identifier ) -> FALSE
> ++? if (Local-Group != NAS-Identifier ) -> FALSE
> :
>
>
Cleartext-Password:="xyz"
Local-Group="staff"
I've created an attribute in my /etc/raddb/dictionary file:
ATTRIBUTE Local-Group 3000string
In my /etc/raddb/sites-enabled/default file, in the authorize section, I've
got this:
if ( Local-Gro
Hi,
> I was wondering, is it possible to replace the NAS-Identifier features by
> playing with Huntgroups?
> The idea is to have one user which can access in several NAS with customized
> params, and this is what HG are for. But how to Reject the user, if it has no
> associa
> customized params, and this is what HG are for. But how to Reject
> the user, if it has no associated HG?
Ok I found searching more that I can achieve this by adding:
if (Huntgroup-Name == ''){
reject
}
--
Lorenzo Milesi - lorenzo.mil...@yetopen.it
GPG/PGP Key-Id: 0xE704E230 - http://ke
Hi.
I was wondering, is it possible to replace the NAS-Identifier features by
playing with Huntgroups?
The idea is to have one user which can access in several NAS with customized
params, and this is what HG are for. But how to Reject the user, if it has no
associated HG?
I'm having
Thanks Alan, I have figured out the problem.
On Tue, Jun 5, 2012 at 5:00 PM, Alan DeKok wrote:
> C.F. Yeung wrote:
> > Have changed the unlang as follow.
> >
> > update request {
> > NAS-Identifier := "new-nas-identifier"
> >
C.F. Yeung wrote:
> Have changed the unlang as follow.
>
> update request {
> NAS-Identifier := "new-nas-identifier"
> }
>
> Tried put it under authorize, pre-proxy or post-proxy, nothing changed.
So... you didn't follow m
Have changed the unlang as follow.
update request {
NAS-Identifier := "new-nas-identifier"
}
Tried put it under authorize, pre-proxy or post-proxy, nothing changed.
On Tue, Jun 5, 2012 at 2:45 PM, Alan DeKok wrote:
> C.F. Yeung wrote:
> > I
C.F. Yeung wrote:
> I want to update NAS-Identifier in Access-Request before proxying to
> other radius server. Tried adding the following lines in default but in
> vain.
WHERE? Just some random place?
Or did you READ the file, and look for "proxy". If you had done that,
I want to update NAS-Identifier in Access-Request before proxying to other
radius server. Tried adding the following lines in default but in vain. So,
where should I put the following unlang?
update request {
NAS-Identifier = "new-nas-identifier"
}
-
Eric Geier wrote:
> I found %{Packet-Src-IP-Address} but when I include this in the
> postauth_query, it doesn't work...the fields are blank in the DB when I view
> it.
And what does debug log say?
If Packet-Src-IP-Address doesn't work, odds are you're running 1.x.
Upgrade.
Alan DeKok.
-
L
geier@lists.freeradius.org
[mailto:freeradius-users-bounces+me=egeier@lists.freeradius.org] On
Behalf Of Eric Geier
Sent: Tuesday, August 16, 2011 3:49 PM
To: 'FreeRadius users mailing list'
Subject: RE: NAS-IP-Address or NAS-Identifier in Access-Request?
Understood, thanks!
Can I lo
, August 16, 2011 10:38 AM
To: FreeRadius users mailing list
Subject: Re: NAS-IP-Address or NAS-Identifier in Access-Request?
Eric Geier wrote:
> Yes I read that in the RFC, but was wondering what vendors usually do,
> what's the most typical, etc. I'm also wondering the same abou
Eric Geier wrote:
> Yes I read that in the RFC, but was wondering what vendors usually do,
> what's the most typical, etc. I'm also wondering the same about the
> Calling-Station-Id and Called-Station-ID. But sounds like those aren't
> included very often, completely optional.
There's no way to
radius-users-bounces+me=egeier@lists.freeradius.org] On
Behalf Of Alan Buxey
Sent: Tuesday, August 16, 2011 4:32 AM
To: FreeRadius users mailing list
Subject: Re: NAS-IP-Address or NAS-Identifier in Access-Request?
Hi,
> Does anyone happen to know if consumer-level Wi-Fi routers typically
>
Hi,
> Does anyone happen to know if consumer-level Wi-Fi routers typically
> transmit the NAS-IP-Address or NAS-Identifier (or maybe both) in the
> Access-Request?
RFC's say
An Access-Request MUST contain either a NAS-IP-Address attribute or a
NAS-Identifier
attribute (or both).
Does anyone happen to know if consumer-level Wi-Fi routers typically
transmit the NAS-IP-Address or NAS-Identifier (or maybe both) in the
Access-Request?
Would be great if there was a central place to look up the exact attributes
and formats vendors use.
Thanks, Eric
-
List info/subscribe
Hi guys,
there are some posts about subj. refering to search mailing list
archive. I did that, but not sure what is the best solution for 2.1.10
to solve this case. And of course, I would like to use regex for
nas-identifier value. Thanks for your opinions.
Regards,
Z.
-
List info
Thank you.
Is it still needed to compile freeradius with rlm_raw, or can it be
freeradius get NAS-Identifier with a standard install?
On Sun, Aug 15, 2010 at 6:15 PM, Alan DeKok wrote:
> tyllerd wrote:
> > Hi.
> >
> > I would like to know if its possible to rather define
tyllerd wrote:
> Hi.
>
> I would like to know if its possible to rather define clients with
> NAS-Identifier & secret instead of IP address & secret. Because some NASes
> are behind ADSL connections with dynamic IP's I think this would be a lot
> better that havin
Hi,
> I would like to know if its possible to rather define clients with
> NAS-Identifier & secret instead of IP address & secret. Because some NASes
> are behind ADSL connections with dynamic IP's I think this would be a lot
> better that having a client 0.0.0.0/0 an
Hi.
I would like to know if its possible to rather define clients with
NAS-Identifier & secret instead of IP address & secret. Because some NASes
are behind ADSL connections with dynamic IP's I think this would be a lot
better that having a client 0.0.0.0/0 and secret key.
Is thi
> Hmm... that will cause all of the users to be rejected. Delete it.
>
Yes
>
> > I follow this howto http://wiki.freeradius.org/SQL_Huntgroup_HOWTO and,
> > *DEFAULT Auth-Type := Reject
>
> That's not necessary. It should be deleted from the page.
>
>
Thanks
--
A
Alan DeKok wrote:
Ana Gallardo wrote:
DEFAULT Auth-Type := Reject
Hmm... that will cause all of the users to be rejected. Delete it.
I follow this howto http://wiki.freeradius.org/SQL_Huntgroup_HOWTO and,
at the button said:
*Note: If you want to reject authentication by def
Ana Gallardo wrote:
> DEFAULT Auth-Type := Reject
Hmm... that will cause all of the users to be rejected. Delete it.
> I follow this howto http://wiki.freeradius.org/SQL_Huntgroup_HOWTO and,
> at the button said:
>
> *Note: If you want to reject authentication by default then edit the
> rad
Hello Alan, thank you for your response.
Where is this coming from?
>
I put a default entry at the button of users file.
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg51143.html
My users file:
debian:/etc/freeradius# cat users
DEFAULT Auth-Type := Reject
bobCle
On 04/26/2010 08:46 AM, Ana Gallardo wrote:
Hello,
sorry to ask again about this isuue, but I can't get the correct
configuration.
I follow your howto: http://wiki.freeradius.org/SQL_Huntgroup_HOWTO
I want to filter users login from fixed NAS,but I always get an reject.
I don't understand why
Ana Gallardo wrote:
> sorry to ask again about this isuue, but I can't get the correct
> configuration.
>
> I follow your howto: http://wiki.freeradius.org/SQL_Huntgroup_HOWTO
>
> I want to filter users login from fixed NAS,but I always get an reject.
...
> [expiration] Checking Expiration time:
Hello,
sorry to ask again about this isuue, but I can't get the correct
configuration.
I follow your howto: http://wiki.freeradius.org/SQL_Huntgroup_HOWTO
I want to filter users login from fixed NAS,but I always get an reject.
I don't understand why in the example bellow:
++[request] returns n
e cannot even predict the subnet.
The only other way I can thing of is identifying the nas by the
NAS-Identifier.
Why "other"? That's a bad idea.
Don't understand what you mean.
To sum up.
Currently a nas is "authenticated" by ip address/radius secret.
I feel th
the subnet, not exact IP in
dynamic-clients. Just make one for each ADSL pool.
> The only other way I can thing of is identifying the nas by the
> NAS-Identifier.
>
Why "other"? That's a bad idea.
> To sum up.
> Currently a nas is "authenticated" by ip ad
> > I'm sure that I'm not the only one that have NAS's behind dynamic IPs,
> > and this would make radius traffic from such NAS's much more secure.
OK, if you have Dynamic public IP you have two options:
1) use a DNS to identify the dynamic IP of your hotspot. It means that your
DSL router or
Johan Meiring wrote:
> I realise, i've asked for the before, and it is on your todo list, but
> I'd like to make a case again for maybe getting it moved up higher onto
> the list.
My "to do" list right now is:
- consulting work (my *only* source of income is FreeRADIUS)
- 3 IETF documents that
The source ip address of the radius packet is
therefore not predictable.
The only other way I can thing of is identifying the nas by the
NAS-Identifier.
To sum up.
Currently a nas is "authenticated" by ip address/radius secret.
I feel that being able to "authenticate" a nas b
a.l.m.bu...@lboro.ac.uk wrote:
Hi,
I recently posted a howto explaining how to implement huntgroups in SQL
using unlang in 2.x, look in the mail archives. It also illustrates how
to use the SQL huntgroups to control logon access based on the NAS.
Perhaps I should put this on the wiki.
vio=bascom...@lists.freeradius.org] Per
conto di t...@kalik.net
Inviato: mercoledì 7 gennaio 2009 12.52
A: FreeRadius users mailing list
Oggetto: Re: R: R: NAS-Identifier and radgroupcheck table
>I followed your suggestion, but I still have the problem. I put
>DEFAULT
> Auth-Type := Reject
>at th
>I followed your suggestion, but I still have the problem. I put
>DEFAULT
> Auth-Type := Reject
>at the bottom of users file.
>
It should be on the same line:
DEFAULT Auth-Type := Reject
And it should go to the front of the users file.
Ivan Kalik
Kalik Informatika ISP
-
List info/sub
...@lists.freeradius.org
[mailto:freeradius-users-bounces+a.savio=bascom...@lists.freeradius.org] Per
conto di t...@kalik.net
Inviato: mercoledì 7 gennaio 2009 12.24
A: FreeRadius users mailing list
Oggetto: Re: R: NAS-Identifier and radgroupcheck table
>MMM... Not so easy...
>
>I made other tes
>MMM... Not so easy...
>
>I made other tests, but I had a wrong profile on user table. I corrected the
>profile and I still have my problem.
>At the moment I can classify users belonging to a group, and all is OK. The
>problem is for users that don't belong to any group. They are still
>authenticat
-
Da: freeradius-users-bounces+a.savio=bascom...@lists.freeradius.org
[mailto:freeradius-users-bounces+a.savio=bascom...@lists.freeradius.org] Per
conto di Arrigo Savio
Inviato: mercoledì 7 gennaio 2009 11.01
A: 'FreeRadius users mailing list'
Oggetto: R: NAS-Identifier and radgroupcheck tab
...@lboro.ac.uk
Inviato: lunedì 5 gennaio 2009 18.20
A: FreeRadius users mailing list
Oggetto: Re: NAS-Identifier and radgroupcheck table
Hi,
> I recently posted a howto explaining how to implement huntgroups in SQL
> using unlang in 2.x, look in the mail archives. It also illustrates how
> to us
Hi,
> I recently posted a howto explaining how to implement huntgroups in SQL
> using unlang in 2.x, look in the mail archives. It also illustrates how
> to use the SQL huntgroups to control logon access based on the NAS.
> Perhaps I should put this on the wiki.
certainly! things posted to t
t...@kalik.net wrote:
Now I have NAS-Identifier attribute in group table, but it is ignored and
the user can connect from different NAS.
That's how sql groups work. If the group check doesn't match - group is
ignored. User is not rejected. If you wan't to force thi
>Now I have NAS-Identifier attribute in group table, but it is ignored and
>the user can connect from different NAS.
>
That's how sql groups work. If the group check doesn't match - group is
ignored. User is not rejected. If you wan't to force this use unlang or
hungroup
(in radius group1) coming from NAS_IP_1
us...@realm2 (in radius group2) coming from NAS_IP_2
I want to add a check that block authentication of user2 if he tries to
authenticate from NAS_IP different from NAS_IP_2
I can do it (correctly) adding NAS-Identifier attribute in radcheck table
for the sing
<[EMAIL PROTECTED]> wrote:
> Stefan Eck (gmail) wrote:
> > Well, the new NAS device sends 5 different NAS-Identifier. eg WebAdmin,
> > SSLVPN or HTTP. But only one RADIUS can be configured.
>
>
> One one RADIUS can be configured... where?
>
>
> >
Stefan Eck (gmail) wrote:
> Well, the new NAS device sends 5 different NAS-Identifier. eg WebAdmin,
> SSLVPN or HTTP. But only one RADIUS can be configured.
One one RADIUS can be configured... where?
> I'm just thinking about that users can be authenticated via RADIUS
>
2008/10/10 Alan DeKok <[EMAIL PROTECTED]>
> Stefan Eck (gmail) wrote:
> > running successfull freeradius in 1.x version, i'm looking for some free
> > radius documentation to the NAS-Identifier. Couldn't find anything in
> > the doc or wiki.
>
>
Stefan Eck (gmail) wrote:
> running successfull freeradius in 1.x version, i'm looking for some free
> radius documentation to the NAS-Identifier. Couldn't find anything in
> the doc or wiki.
http://freeradius.org/rfc/attributes.html
> Anyone who can point me to some do
Hi,
running successfull freeradius in 1.x version, i'm looking for some free
radius documentation to the NAS-Identifier. Couldn't find anything in the
doc or wiki.
Anyone who can point me to some docs?
I do have now an additional NAS which sends an different NAS-Identifier, but
I do cur
ondition like this :
>NAS-Identifier == LMS2
>This works very fine, but limits to only one NAS Identifier. I need to allow
>some clients to log in from different NAS ids...
>Is there a way to put multiple conditions in the radcheck table such as
>(NAS-Identifier == LM1) || (NAS-Identifier
Ok that brings me back to my initial problem...
My first try was to put in the radcheck table a condition like this :
NAS-Identifier == LMS2
This works very fine, but limits to only one NAS Identifier. I need to allow
some clients to log in from different NAS ids...
Is there a way to put multiple
>So, if I set the NAS-Identifier to "LMS2" (the one used by my chillispot
>portal), the condition NAS-Identifier == LMS2 matches, so radius puts me to
>the "hotel1" group. If it doesn't match (while using radtest command for
>example), it continues the login
Ok thanks a lot for your answer !
The Reply-Message did not come because of the '==' operator in the
radgroupcheck table.
So, if I set the NAS-Identifier to "LMS2" (the one used by my chillispot
portal), the condition NAS-Identifier == LMS2 matches, so radius puts me to
the &
Something is wrong here:
>rlm_sql (sql): Reserving sql socket id: 2
>expand: SELECT id, username, attribute, value, op FROM
>radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
>-> SELECT id, username, attribute, value, op FROM radcheck
>WHERE u
ks !
tnt-4 wrote:
>
> Not only that but Auth-Type Local also wasn't forced. Adding it there is
> a mistake in the first place but it still didn't work.
>
> What freeradius version is this? Add Reply-Message to radgroupreply and
> see if that shows in the reply.
>
>
Not only that but Auth-Type Local also wasn't forced. Adding it there is
a mistake in the first place but it still didn't work.
What freeradius version is this? Add Reply-Message to radgroupreply and
see if that shows in the reply.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscri
Ok... so, here is my DB structure :
Table radgroupcheck :
++---+++---+
| id | groupname | attribute | op | value |
++---+++---+
| 4 | hotel1| Auth-Type | := | Local |
| 5 | hotel1| NAS-Identifier
r each account in the radcheck table
>where does the Access-Request comes from. As some of the NAS will get their
>IP dynamically from their ISP, I cannot use the NAS-IP-Address parameter, so
>I would like to use the NAS-Identifier.
>As some of my accounts could be active for requests c
, sorry about that...
So here is the point: I need to check for each account in the radcheck table
where does the Access-Request comes from. As some of the NAS will get their
IP dynamically from their ISP, I cannot use the NAS-IP-Address parameter, so
I would like to use the NAS-Identifier.
As some of my
Hi,
FR + mysql auth&acct.
Sometimes I need to restrict users or groups to acces a certain NAS.
I use the nas-identifier attribute to recognize the nas
To accomplish this I just add an entry to radcheck or radgroupcheck like
this
NAS-identifier != nas-name
This works fine but, sometimes I
Just add NASIdentifier column to the radacct table and alter
accounting_start_query to put %{NAS-Identifier} into NASIdentifier
column.
Ivan Kalik
Kalik Informatika ISP
Dana 7/9/2007, "Pratchaya Chatuphian" <[EMAIL PROTECTED]> piše:
>Hi, everybody
>
>I need help.
>I
Hi, everybody
I need help.
I want to keep NAS-Identifier in DB.
It can be keep it on DB ?
Would you like to suggest/help/guide me ?
Thank you very much
Pratchaya
I see Log file
/var/log/freeradius/radacct/124.xxx.xxx.xxx/detail-20070829
##
Wed Aug 29 12:56
How i can accept users by NAS-Identifier and not with NAS-AP-Address ??
How i can modify clients.conf (or other file) for use only nas identifier??
Thank
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"DESETech - German P. Santillan" <[EMAIL PROTECTED]> wrote:
> How I can configure multiples "NAS-Identifier" attributes in my "users"
> file?
To do what?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How I can configure multiples "NAS-Identifier" attributes in my "users"
file?
Thanks in advance
Germán P. Santillán
Administrador de Redes
Responsable Dpto. Técnico
DESETech Argentina S.A.
San Martín 133 - CP: B8000FIC
Bahía Blanca - Argentina
Tel/Fax: +54 (291) 456-5642
[E
I don't believe so. Not if you use the NAS-IP-Address attribute.
Traditionally that was used for access servers on the coporate level and
due to the nature of their work they had static IP addresses. I for one
would not want my APs (if I were deploying a wide area wireless network)
to have dyn
Rob Cleminson <[EMAIL PROTECTED]> wrote:
> Is there a way of identifying the router to our FreeRadius server
> without having a static IP address on each Router?
Configure a networked client in clients.conf. See the examples there.
The NASes all have to have the same secret, though.
Alan
Hello, I am new to freeradius and need a little help
We are going to be deploying a bunch of Wireless Routers all over the place and
they may have DHCP addresses on them instead of static WAN addresses..When a
client associates to our Wireless Router they are redirected to the Radius
Server
Solved
Thank you guys, you made my day!! :-)
I didn't know that there was a checkval-modul in freeradius.
This modul does exactly what I want!!
Thank you very much!!
regards
peda
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> Hi
>
> Thxs for the fast reply!!
>
> Ok, user steve (the one with the Auth-Type := Local) exists only for
> testing purposes. With user-data in die local users file, the
> nas-identifier works
>
> So, I don't know why radius ignores my ldap data ...
Its n
On Mon, 18 Apr 2005, guest01 wrote:
Hi
Thxs for the fast reply!!
Ok, user steve (the one with the Auth-Type := Local) exists only for
testing purposes. With user-data in die local users file, the
nas-identifier works
So, I don't know why radius ignores my ldap data ...
Thxs for you help!
Hi
Thxs for the fast reply!!
Ok, user steve (the one with the Auth-Type := Local) exists only for
testing purposes. With user-data in die local users file, the
nas-identifier works
So, I don't know why radius ignores my ldap data ...
Thxs for you help!
best regards
peda
user tes
ldn't authenticate. Even
> other entries works!!
>
> But for some reason, I have to add a NAS-Identifier to my
> ldap-attributes and that does NOT work! :-(
>
> Adding a NAS-Identifier to the users-file works, for example:
> steve Auth-Type := Local, User-Passwo
other entries works!!
But for some reason, I have to add a NAS-Identifier to my
ldap-attributes and that does NOT work! :-(
Adding a NAS-Identifier to the users-file works, for example:
steve Auth-Type := Local, User-Password == "testing", NAS-Identifier
== "chilli"
Vladimir Ilyin <[EMAIL PROTECTED]> wrote:
> Thanks, Alan, but there's no such topic in FAQ, and i failed to find
> anything similar in the mail list archives.
The topic in the FAQ is "it doesn't work". There are instructions
on what to do, and what information to provide.
> To simplify the que
Hello Alan,
Monday, November 29, 2004, 5:34:18 PM, you wrote:
AD> Vladimir Ilyin <[EMAIL PROTECTED]> wrote:
>> I.e., it should check if user is from huntgroup test, has group
>> groupname, and his nas-identifier is NOT ftp. Everything works, except
>> for that != ope
Vladimir Ilyin <[EMAIL PROTECTED]> wrote:
> I.e., it should check if user is from huntgroup test, has group
> groupname, and his nas-identifier is NOT ftp. Everything works, except
> for that != operator, and i don't see, why. Can you please give some
> point?
Read the FA
Greetings!
To be short, i tried to use this construction in users file, but it
fails to match for some reason.
DEFAULT Huntgroup-Name == "test", Sql-Group == "groupname",
NAS-Identifier != ftp, Auth-Type := Reject
Fall-Through = No
I.e., it should c
On Tue, Oct 12, 2004 at 07:10:47AM -0700, Alex wrote:
> OK, I defined a huntgroup "test NAS-Identifier == "my_nas"" in huntgroups
> file and added | eap_user| Huntgroup-Name | == | test | to radcheck table.
> It says "No matching entry in
OK, I defined a huntgroup "test NAS-Identifier == "my_nas"" in huntgroups file and added | eap_user | Huntgroup-Name | == | test | to radcheck table. It says "No matching entry in the database for request from user [eap_user]" and "auth
On Tue, Oct 12, 2004 at 02:11:02AM -0700, Alex wrote:
> If Auth-Type is Accept, no EAP negociation occurs. What I want is TTLS established
> and user credentials checked and also NAS-Identifier value checked. Thai is, block
> some TTLS users from connecting from behind other NAS tha
Hello Oliver,
thank you for your reply.
If Auth-Type is Accept, no EAP negociation occurs. What I want is TTLS established and user credentials checked and also NAS-Identifier value checked. Thai is, block some TTLS users from connecting from behind other NAS than its own.
I get users accepted
On Mon, Oct 11, 2004 at 06:56:01AM -0700, Alex wrote:
> Hello,
>
> I want TTLS users to be authenticated using their login/pwd _AND_ the NAS-Identifier
> attribute from the Access-Req packet. It works fine with User-Password, but when I
> add NAS-Identifier == 'my_route
Hello,
I want TTLS users to be authenticated using their login/pwd _AND_ the NAS-Identifier attribute from the Access-Req packet. It works fine with User-Password, but when I add NAS-Identifier == 'my_router' to radcheck table, freeradius says 'Auth-Type notfound'.
Hello,
let´s imagine this:
We stored user names in SQL as "User-Name dot NAS-Identifier" (ie.
"john.acme").
User do login as "john" and don´t care about ".acme"
Freeradius "rad_recv" takes User-Name and NAS-Identifier and authorize
the user
95 matches
Mail list logo
