[JK] This works beautifully.I want to thank Arran and others for the
quick response. Very much appreciated.
Excellent. Glad to hear :)
Thanks,
Arran
--
Arran Cudbard-Bell (a.cudbard-b...@sussex.ac.uk),
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT
Arran Cudbard-Bell
*sigh* the Coffee excuse doesn't work past lunch time does it...
(missed out some curly braces)
instantiate {
sql_old
}
authorize {
# Retrieves credentials
sql_new
# Sets auth-type mschap
mschap
}
authenticate {
so, what you've actually got to do is run the pap method twice.
once for the user-name/password from sql_new and once for the
user-name/password from sql_old. one of those methods would
work for a valid user
thats a funky bit of group/failover requirement that'll have to
be
Hi,
You should write your custom authentication script.
theres probably a way of doing it all in config
with unlang etc - but yes, a PERL script which does
all of the SQL stuff and authentication itself
is probably the way to go for it
alan
-
List info/subscribe/unsubscribe? See
On 25/6/09 10:33, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
You should write your custom authentication script.
theres probably a way of doing it all in config
with unlang etc - but yes, a PERL script which does
all of the SQL stuff and authentication itself
is probably the way to go for it
I
Hi,
I leave you guys alone for 5 minutes
8-) as i said, theres probably a way of doing it
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 25/6/09 13:11, Ivan Kalik wrote:
I have tested something like this yesterday - it doesn't. You can't just
replace Cleartext-Password. NT-Password and LM-Passowrd were created for
the new password and mschap module will reuse them, completely
ignoring
old Cleartext-Password. They need to be
On 25/6/09 12:01, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
I leave you guys alone for 5 minutes
8-) as i said, theres probably a way of doing it
:P Granted, was trickier than it first appeared. After a brief discussion with
Ivan, looks like this should work (he pointed out the security
On 25/6/09 14:53, Arran Cudbard-Bell wrote:
On 25/6/09 12:01, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
I leave you guys alone for 5 minutes
8-) as i said, theres probably a way of doing it
*sigh* the Coffee excuse doesn't work past lunch time does it... (missed out
some curly braces)
[mailto:freeradius-users-
bounces+john.kane=prodeasystems@lists.freeradius.org] On Behalf Of
Arran Cudbard-Bell
Sent: Thursday, June 25, 2009 9:21 AM
To: FreeRadius users mailing list
Subject: Re: Old password 'grace period'
On 25/6/09 14:53, Arran Cudbard-Bell wrote:
On 25/6/09 12
Hi,
[JK] Thanks, Arran. Another quick question. Will 2.* do this
'straight out of the box'? If not, will it require much work? We are
evaluating whether attempt this in radius, or make changes in our
system.
your situation is a slightly unique bespoke requirement - as such, it
wont
Hi,
I added, in the authorize section of sites-available/default, the
following:
hmm, all you are doing is setting the values to what they
normally are...you need something like
group {
sql_new {
reject = 1
hmm, all you are doing is setting the values to what they
normally are...you need something like
group {
sql_new {
reject = 1
ok = return
}
sql_old {
Hi,
[JK] Tried that earlier Alan. Seems whenever is set ok = return, we
process no further. Here's the logs from a 'radtest', where testRadOld
is entered as the password (testRad is the new password, testRadOld is
the old password in the DB). We see the first query, where there is a
: Wednesday, June 24, 2009 2:56 PM
To: FreeRadius users mailing list
Subject: Re: Old password 'grace period'
Hi,
[JK] Tried that earlier Alan. Seems whenever is set ok = return, we
process no further. Here's the logs from a 'radtest', where
testRadOld
is entered as the password (testRad
so, what you've actually got to do is run the pap method twice.
once for the user-name/password from sql_new and once for the
user-name/password from sql_old. one of those methods would
work for a valid user
thats a funky bit of group/failover requirement that'll have to
be
Hi,
[JK] Thanks, Arran. Another quick question. Will 2.* do this 'straight out
of the box'? If not, will it require much work? We are evaluating whether
attempt this in radius, or make changes in our system.
your situation is a slightly unique bespoke requirement - as such, it wont
work
John Kane wrote:
I've been asked to implement freeradius on a proprietary system that
uses the concept of a password 'grace period', a brief time period
during which both the old and new passwords should be allowed. Is
this
possible with freeradius?
[snip]
Not with any of the 1.*
John Kane wrote:
I've been asked to implement freeradius on a proprietary system that
uses the concept of a password 'grace period', a brief time period
during which both the old and new passwords should be allowed. Is this
possible with freeradius?
The system uses pptp client access
19 matches
Mail list logo