mailto:fabien.vinc...@coreye.fr fabien.vinc...@coreye.fr
De : Vincent, Fabien
Envoyé : lundi 7 novembre 2011 10:36
À : Vincent, Fabien; freeradius-users@lists.freeradius.org
Objet : RE: NAS in sql and returning specific VSAs
Sorry, CTRL+Enter is not a good keyboard on Monday Morning ;)
So, I
: Vincent, Fabien
Envoyé : lundi 7 novembre 2011 10:36
À : Vincent, Fabien; freeradius-users@lists.freeradius.org
Objet : RE: NAS in sql and returning specific VSAs
Sorry, CTRL+Enter is not a good keyboard on Monday Morning ;)
So, I return to the NAS some VSAs depending LDAP Group like
Hi,
Hi all,
I just tried using
if(%Client-Type == 'cisco'){
Service-Type = NAS-Prompt-User
cisco-avpair = shell:priv-lvl=15
}
if(%Client-Type == 'cisco'){
d'origine-
De : freeradius-users-bounces+fabien.vincent=coreye...@lists.freeradius.org
[mailto:freeradius-users-bounces+fabien.vincent=coreye.fr@lists.freeradius.o
rg] De la part de Alan Buxey
Envoyé : mardi 8 novembre 2011 18:39
À : FreeRadius users mailing list
Objet : Re: NAS in sql and returning
Hi all,
I have one question about Free Radius and NAS in sql database.
I return to the NAS some VSAs depending LDAP User-Group like this :
Fabien VINCENT
Ingénieur Réseaux Sécurité / ASSR Produits
Niveau 3 - Infrastructure Produits
mailto:fabien.vinc...@coreye.fr
Borne
22, rue Hergé
59650 Villeneuve d'Ascq
http://www.pictime.com/ www.pictime.com
De : Vincent, Fabien
Envoyé : lundi 7 novembre 2011 10:31
À : 'freeradius-users@lists.freeradius.org'
Objet : NAS in sql and returning specific VSAs
Hi all,
I have one question about Free Radius
sorry, had read docs in older version (only got round to looking into
2.0.0-pre last night as attempt to answer my own ?)
Thanks for quick response!
Andy
On 26/10/2007, Alan DeKok [EMAIL PROTECTED] wrote:
Andy Billington wrote:
Is there a way to define NAS info / secrets in a SQL database
Andy Billington wrote:
Is there a way to define NAS info / secrets in a SQL database
Yes. See the sql.conf file.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I have one question to this, you suposed that RADIUS and DataBase services are in the same machine, what happens if these services are in severa or there are replicate servers?
My advice is to create a database trigger on INSERTs, UPDATEs,DELETEs.For example, my postgresql trigger written in
Then pipe the susdo command though ssh...
-Peter
On Tue 31 Jul 2007, Santiago Balaguer García wrote:
I have one question to this, you suposed that RADIUS and DataBase services
are in the same machine, what happens if these services are in severa or
there are replicate servers?
My advice is
Hi Santiago,
Tuesday, July 31, 2007, 11:21:36 AM, you wrote:
I have one question to this, you suposed that RADIUS and DataBase
services are in the same machine, what happens if these services are
in severa or there are replicate servers?
Most probably you will have the radius and the
Thanks for that Claudiu - I'll have to see what I can do :)
Handling the sighup would be a big deal. I am adding my NAS via a php script
so I can easily ask it to give the server a kick once i've added a NAS.
It may be that I can live with an hourly cron job - will have to see. In
theory there
Hi,
It is an issue that has been discussed previously and FreeRADIUS is
unlikely to ever do an SQL SELECT of the nas table for every inbound
packet. What may be possible is to reload the nas list at certain intervals
(from cron is the easiest) but until/unless HUP handling is improved that
On Mon 30 Jul 2007, Stefan Winter wrote:
Hi,
It is an issue that has been discussed previously and FreeRADIUS is
unlikely to ever do an SQL SELECT of the nas table for every inbound
packet. What may be possible is to reload the nas list at certain
intervals (from cron is the easiest) but
On 2007-07-30 15:54, Stefan Winter wrote:
Hi,
It is an issue that has been discussed previously and FreeRADIUS is
unlikely to ever do an SQL SELECT of the nas table for every inbound
packet. What may be possible is to reload the nas list at certain intervals
(from cron is the easiest) but
Krzysztof Olędzki wrote:
I'm not sure it this is a good idea. What if you need to change for
example a shared secret?
Poke it with radclient from a host that is not in the client table?
--
Dennis Skinner
Systems Administrator
BlueFrog Internet
http://www.bluefrog.com
-
List
On 2007-07-30 17:06, Dennis Skinner wrote:
Krzysztof Olędzki wrote:
I'm not sure it this is a good idea. What if you need to change for
example a shared secret?
Poke it with radclient from a host that is not in the client table?
Like 127.15.16.18? Good idea. So maybe a magic-client
Hi Paul,
Saturday, July 28, 2007, 6:08:23 PM, you wrote:
I however just tried hitting radiusd with a SIGHUP and it really
didn't like it Output attached, I just got a segfault when I hit it with
the next radius request.
Currently, I'm able to run a SIGHUPed freeradius 20070420
:11:02 PM
Subject: Out of Office AutoReply: Re[2]: Adding a NAS via SQL
===8==Original message text===
danke für ihre mail, aber ich bin bis einschliesslich 19.08.2007 nicht im
büro. wenden Sie sich bei dringenden anfragen bitte an
[EMAIL PROTECTED]
i'm out of office until
Thanks for your help guys.
I guess a way to prevent the DoS is through the correct use of a firewall?
Kind regards,
Paul.
On 7/28/07, Peter Nixon [EMAIL PROTECTED] wrote:
On Sat 28 Jul 2007, Paul Lambert wrote:
Hi,
I have now taken a look through the archives and I can't see a clean
Yeah. That would be one way, but its kind of like saying we are going to
introduce a new feature to a BMW that makes it dangerous at speeds over
100km so don't drive it on an autobahn...
It is an issue that has been discussed previously and FreeRADIUS is unlikely
to ever do an SQL SELECT of
that is problematic for
deployments that need to keep session state (ie. EAP users). If you dont use
EAP, then there is no problem doing a full restart on a regular basis..
how about updating the NAS list from SQL via, for example, an SNMP write command
or a special RADIUS command packet. both
[EMAIL PROTECTED] said:
how about updating the NAS list from SQL via, for example, an SNMP write
command
or a special RADIUS command packet. both of these could have security
protection
to prevent DoS (eg the SNMP write from only certain locations (firewalled)
and
has password too of course
Hugh Messenger wrote:
[EMAIL PROTECTED] said:
how about updating the NAS list from SQL via, for example, an SNMP write
command
or a special RADIUS command packet. both of these could have security
protection
to prevent DoS (eg the SNMP write from only certain locations (firewalled
On 2007-07-29 19:13, Arran Cudbard-Bell wrote:
Hugh Messenger wrote:
[EMAIL PROTECTED] said:
how about updating the NAS list from SQL via, for example, an SNMP write
command
or a special RADIUS command packet. both of these could have security
protection
to prevent DoS (eg the SNMP
/27/07, ram [EMAIL PROTECTED] wrote:
On 7/27/07, Paul Lambert [EMAIL PROTECTED] wrote:
Hi all,
I think I might be being a little dense but when I add a NAS to my SQL
database, it doesn't appear to be enabled until I restart my radius server.
Is there a way to automatically activate
for my windows PC (running ntradping),
and sent an authorisation request which was successful. (Well failed, but I
got a response).
I then removed the entry for my NAS from the SQL database, and sent another
authorisation request which was again successful when I expected freeradius
to ignore my
On Fri 27 Jul 2007, Paul Lambert wrote:
Hi all,
I think I might be being a little dense but when I add a NAS to my SQL
database, it doesn't appear to be enabled until I restart my radius
server.
Yep. Thats to way it's designed to protect against DoS attacks, otherwise
every inbound packet
/07, Peter Nixon [EMAIL PROTECTED] wrote:
On Fri 27 Jul 2007, Paul Lambert wrote:
Hi all,
I think I might be being a little dense but when I add a NAS to my SQL
database, it doesn't appear to be enabled until I restart my radius
server.
Yep. Thats to way it's designed to protect against
but when I add a NAS to my SQL
database, it doesn't appear to be enabled until I restart my radius
server.
Yep. Thats to way it's designed to protect against DoS attacks,
otherwise every inbound packet from an unknown IP would trigger an SQL
query which would mean killing a server would
, Peter Nixon [EMAIL PROTECTED] wrote:
On Fri 27 Jul 2007, Paul Lambert wrote:
Hi all,
I think I might be being a little dense but when I add a NAS to my
SQL
database, it doesn't appear to be enabled until I restart my radius
server.
Yep. Thats to way it's designed to protect
] wrote:
On Fri 27 Jul 2007, Paul Lambert wrote:
Hi all,
I think I might be being a little dense but when I add a NAS to my
SQL
database, it doesn't appear to be enabled until I restart my
radius
server.
Yep. Thats to way it's designed to protect against DoS
Paul Lambert wrote:
I have now taken a look through the archives and I can't see a clean
solution for reloading the nas without restarting. I assume this is what
you were suggesting I do via cron?
Yes.
Unfortunately, *no* application daemon I've looked at handles HUP very
well. Almost
On Sat 28 Jul 2007, Paul Lambert wrote:
Hi,
I have now taken a look through the archives and I can't see a clean
solution for reloading the nas without restarting. I assume this is what
you were suggesting I do via cron?
Yep.. The short answer is that FreeRADIUS does not currently reload the
Hi all,
I think I might be being a little dense but when I add a NAS to my SQL
database, it doesn't appear to be enabled until I restart my radius server.
Is there a way to automatically activate a new NAS device that I add to the
SQL database?
Kind regards,
Paul.
-
List info/subscribe
On 7/27/07, Paul Lambert [EMAIL PROTECTED] wrote:
Hi all,
I think I might be being a little dense but when I add a NAS to my SQL
database, it doesn't appear to be enabled until I restart my radius server.
Is there a way to automatically activate a new NAS device that I add to
the SQL
36 matches
Mail list logo
