I have a more of an abstract question as to proxy functionality. Can you do
the following:
b...@bob.com password test
bob.com - proxy to localhost
b...@bob.com - reply Access Deny
This would be the norm for that realm, just deny everyone.
Except for bob's boss:
b...@bob.com password
On Wed, Apr 25, 2012 at 09:19:58AM -0400, David Peterson wrote:
I have a more of an abstract question as to proxy functionality. Can you do
the following:
b...@bob.com password test
bob.com - proxy to localhost
b...@bob.com - reply Access Deny
This would be the norm for that realm,
; FreeRadius users mailing list
Subject: Re: Proxy Question
On Wed, Apr 25, 2012 at 09:19:58AM -0400, David Peterson wrote:
I have a more of an abstract question as to proxy functionality. Can
you do the following:
b...@bob.com password test
bob.com - proxy to localhost
b...@bob.com
The error on the other side is Invalid_Auth_Type. It is set to only
accept MsCHAPv2 which is fine. I guess the next question is do I need
to set a default auth type for the realm and if so how can I do that
without mucking up the other realms?
On Sat, 2011-06-04 at 07:58 +0200, Alan DeKok
Doty, Seth wrote:
Currently I have a wireless setup that terminates the outer tunnel
locally then queries AD to get group/user data. This happens for the
realm named after the domain,the default realm, and NULL realm and works
perfectly. What I need to do now is add a new realm
Currently I have a wireless setup that terminates the outer tunnel
locally then queries AD to get group/user data. This happens for the
realm named after the domain,the default realm, and NULL realm and works
perfectly. What I need to do now is add a new realm (testrealm)that
terminates the eap
Hoping someone can help me or point me in the right direction.
We currently are running a Livingston radius server that does realm and DNIS
proxying. For obvious reasons we want to replace this server with
freeradius.
My current setup is like this.
Livingston radius proxy - let's say it's
But for users login in without a realm I notice a lot of stop records but
the curious thing is that I see some with Ascend-Disconnect-Cause =
PPP-PAP-Auth-Failed. So now im wondering if the proxy at 2.2.2.2 is doing
something to the packets leaving for 3.3.3.3 that's causing it to fail
without the
]
[mailto:[EMAIL PROTECTED] On
Behalf Of [EMAIL PROTECTED]
Sent: Tuesday, October 21, 2008 11:14 AM
To: FreeRadius users mailing list
Subject: Re: new to freeradius - proxy question
But for users login in without a realm I notice a lot of stop records but
the curious thing is that I see some
users mailing list'
Subject: RE: new to freeradius - proxy question
Ivan, from the new freeradius proxy I authenticate with/without the realm
using radtest and those packets look the same to me.
[EMAIL PROTECTED] radtest ectest 123 xxx.xxx.65.239:1645 11 QuincY
Sending Access-Request of id 89
Brian Walters wrote:
but the authhost and accthost entries can be listed next to each other
for each realm. I just wanted to make sure there wasn't a short cut of
allowing a home server to be both. Even with adding 2 entries for each
home server (1 auth, 1 acct) it's still a big saving with
With the new 2.0 release do we have to make 2 entries for each home
server? 1 for auth packets and 1 for acct packets?
--
Brian
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Brian Walters wrote:
With the new 2.0 release do we have to make 2 entries for each home
server? 1 for auth packets and 1 for acct packets?
Yes, because they are *different* servers. They may be different
programs that share no memory or configuration.
Or, you can continue to use the
Brian Walters wrote:
With the new 2.0 release do we have to make 2
entries for each home
server? 1 for auth packets and 1 for acct packets?
Yes, because they are *different* servers. They
may be different
programs that share no memory or configuration.
Or, you can continue to
Jory Privett wrote:
I have a new FreeRadius server that I set up and everything is working
great, well all most. What I want to do is have it check a local file and
if the user is not there then to proxy the request to another server. I can
make it check the local file or proxy the
I have a new FreeRadius server that I set up and everything is working
great, well all most. What I want to do is have it check a local file and
if the user is not there then to proxy the request to another server. I can
make it check the local file or proxy the request successfully, I
Roberto Greiner wrote:
You've marked that realm as something that shouldn't be proxied.
Why do you expect it to be proxied?
Actually I don't wan't it to be proxied, only that it removes the realm
part to handle it locally. But it's comparing the full entry (with
realm) against the
Roberto Greiner wrote:
Alan DeKok wrote:
Roberto Greiner [EMAIL PROTECTED] wrote:
Show the *full* log.
rad_recv: Access-Request packet from host E.F.G.H:4126, id=4, length=62
User-Name = [EMAIL PROTECTED]
Is this the log from the home server? If so, why? You
Roberto Greiner [EMAIL PROTECTED] wrote:
Actually I don't wan't it to be proxied
So when you originally said you wanted it to be proxied...
If you want people to be able to help you, tell them what you really
want to do.
Alan DeKok.
--
http://deployingradius.com - The web site of
Hy,
I'm having a small problem with the proxy.conf file.
I added the following entry to proxy.conf:
realm test.com{
type= radius
authhost= LOCAL
accthost= LOCAL
secret = foobar
strip
}
But when I send a user
Roberto Greiner [EMAIL PROTECTED] wrote:
But when I send a user with the test.com domain, it wasn't stripped. The
radiusd -X log below shows the behavior:
Show the *full* log.
modcall[authorize]: module files returns notfound for request 0
radius_xlat: '[EMAIL PROTECTED]'
ok... and
Alan DeKok wrote:
Roberto Greiner [EMAIL PROTECTED] wrote:
But when I send a user with the test.com domain, it wasn't stripped. The
radiusd -X log below shows the behavior:
Show the *full* log.
rad_recv: Access-Request packet from host E.F.G.H:4126, id=4, length=62
Roberto Greiner [EMAIL PROTECTED] wrote:
Show the *full* log.
rad_recv: Access-Request packet from host E.F.G.H:4126, id=4, length=62
User-Name = [EMAIL PROTECTED]
Is this the log from the home server? If so, why? You already said
the username wasn't stripped, so showing that
Alan DeKok wrote:
Roberto Greiner [EMAIL PROTECTED] wrote:
Show the *full* log.
rad_recv: Access-Request packet from host E.F.G.H:4126, id=4, length=62
User-Name = [EMAIL PROTECTED]
Is this the log from the home server? If so, why? You already said
the
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Phil Mayers
Sent: Friday, April 21, 2006 4:11 PM
To: FreeRadius users mailing list
Subject: Re: Proxy Question
Reynold McGuire wrote:
Thanks for the reply.
I forgot to mention that I had 'ntdomain' addedd
Reynold McGuire wrote:
It gets to the pre-proxy, adds the domain after the user name, but doesn't
strip out the 'DOMAIN'
Set
Do you see any evidence that the 'ntdomain' is actually doing anything? I
don't see much of anything except the one line 'modcall[authorize]: module
ntdomain
How's everyone doing?
I have a proxy question / problem.
I am attempting to get freeRadius to basically proxy via realm. This one
radius server is going to be the proxy to all other radius servers...
I am able to proxy correctly using the following in proxy.conf
---CUT---
Realm ad.domain.com
Reynold McGuire [EMAIL PROTECTED] writes:
How can I get freeRadius to see domain.com\username and convert that to
[EMAIL PROTECTED] and proxy that off?
If you need both styles:
modules {
..
realm suffix {
format = suffix
delimiter = @
users mailing list
Subject: Re: Proxy Question
Reynold McGuire [EMAIL PROTECTED] writes:
How can I get freeRadius to see domain.com\username and convert that
to [EMAIL PROTECTED] and proxy that off?
If you need both styles:
modules {
..
realm suffix {
format
Bjørn Mork wrote:
Reynold McGuire [EMAIL PROTECTED] writes:
How can I get freeRadius to see domain.com\username and convert that to
[EMAIL PROTECTED] and proxy that off?
If you need both styles:
modules {
..
realm suffix {
format = suffix
Ok.
I can see that... Now what about the syntax problem? :)
-R
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Phil Mayers
Sent: Friday, April 21, 2006 1:22 PM
To: FreeRadius users mailing list
Subject: Re: Proxy Question
Bjørn Mork wrote:
Reynold
request 0 ID 40 with timestamp 4448d631
Nothing to do. Sleeping until we see a request.
-Original Message-
From: Bjørn Mork [mailto:[EMAIL PROTECTED]
Sent: Friday, April 21, 2006 8:42 AM
To: [EMAIL PROTECTED]
Cc: FreeRadius users mailing list
Subject: Re: Proxy Question
Reynold McGuire
Hello list,
i got a proxy configuration in which all auth requests for a specific realm
is proxied to another radius server. The problem is that if this radius
server isnt reachable the server is marked as dead and every further auth
request is sucessfully authenticated locally in cause of a
I figured out what it was. The situation only arises if the nas-ip address
value is set to localhost (tested with radtest) in the auth-request. In
every other request with real nas-ip values the problem doesnt appear.
Maybe its interesting to know why and somebody got an idea?
Hello list,
i
[EMAIL PROTECTED] wrote:
People might be able to do more if they had configs and debug output (-X)
--
Groeten, Regards, Salutations,
Thor Spruyt
M: +32 (0)475 67 22 65
E: [EMAIL PROTECTED]
W: www.thor-spruyt.com
www.salesguide.be
www.telenethotspot.be
-
List info/subscribe/unsubscribe? See
[EMAIL PROTECTED] wrote:
Greetings. I am using freeradius and want to do the following:
1. proxy authentication to a secondary server for two-factor
authentication
2. if the user is authenticated via the home server, add attributes
via
definitions from the local freeradius server from
[EMAIL PROTECTED] wrote:
Greetings. I am using freeradius and want to do the following:
1. proxy authentication to a secondary server for two-factor
authentication
2. if the user is authenticated via the home server, add attributes via
definitions from the local freeradius server from a
Greetings. I am using freeradius and want to do the following:
1. proxy authentication to a secondary server for two-factor authentication
2. if the user is authenticated via the home server, add attributes via
definitions from the local freeradius server from a sql database
I can do either 1
[EMAIL PROTECTED] wrote:
Greetings. I am using freeradius and want to do the following:
1. proxy authentication to a secondary server for two-factor authentication
2. if the user is authenticated via the home server, add attributes via
definitions from the local freeradius server from a sql
39 matches
Mail list logo