Jevos, Peter wrote:
> Thank you Alan , it makes sense. But it doesn't solve my problem
(1) Edit your responses. It shows consideration for other people
(2) pick one problem at a time. Changing "the problem" midway in a
conversation makes it look like you don't care about the solution to the
As a hint, if you don't implement a rule for a different NT-Domain,
then the rules for that different NT-Domain won't be applied. Because
they don't exist.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thank you Alan , it makes sense. But it doe
Jevos, Peter wrote:
> Thank you phill, that's great help, but it still doesn't work as it
> should.
> Now I don't know how should I adjust the users file : )
You don't. The messages on this list should make it *very* clear that
updating the "authorize" section is all that is necessary.
> With
Thank you phill, that's great help, but it still doesn't work as it
should.
Now I don't know how should I adjust the users file : )
I used
if ((NAS-IP-Address == 1.1.1.1) && "%{mschap:NT-Domain}" =
"vipdomainuser")) {
update control {
Auth-Type := ntlm_auth_
Jevos, Peter wrote:
> Hi Alan, , thanks , I’ve read it but it’s too complicated and I’m
> missing more examples of configurations
The raddb directory *does* come with examples.
> If anybody help me with the syntax and code location with this issue:
Sorry, but:
1) the "unlang" documentation
On 11/11/10 15:49, Jevos, Peter wrote:
See "man unlang". Put the logic into raddb/sites-available/default,
the "authorize" section.
Uh... read the debug output, and look at the files in the "raddb"
directory. The directory has more than *one* file. This should be a
hint that the "users" fi
See "man unlang". Put the logic into raddb/sites-available/default,
the "authorize" section.
Uh... read the debug output, and look at the files in the "raddb"
directory. The directory has more than *one* file. This should be a
hint that the "users" file doesn't solve everything.
Jevos, Peter wrote:
First, edit your posts to delete unneeded text. Repeating all of the
message you're replying to is unfriendly.
> I agree with you , regarding the logic "when the packet looks like X, choose
> A. When it looks like Y, choose B"
> I sit possible to apply it ? Which files sho
Jevos, Peter wrote:
> Fall-through attribute doesn’t work in this case, cause it is “falling”
> all the time ( even though it matches the condition )
You're not getting what I'm saying. The "users" file does *not* run
during the "authenticate" phase. So it makes no sense to ask about
modifyin
Jevos, Peter wrote:
> Fall-through attribute doesn’t work in this case, cause it is “falling”
> all the time ( even though it matches the condition )
You're not getting what I'm saying. The "users" file does *not* run
during the "authenticate" phase. So it makes no sense to ask about
modifying
Jevos, Peter wrote:
> How can I skip to the second DEFAULT if the first DEFAULT doesn’t pass ?
Use the "Fall-Through" attribute. See comments in the default "users"
file.
> So if request comes from the 10.1.1.2 and user doesn’t pass through
> authentication, it should be forwarded to
Jevos, Peter wrote:
> How can I skip to the second DEFAULT if the first DEFAULT doesn’t pass ?
Use the "Fall-Through" attribute. See comments in the default "users"
file.
> So if request comes from the 10.1.1.2 and user doesn’t pass through
> authentication, it should be forwarded to another D
Hi
How can I skip to the second DEFAULT if the first DEFAULT doesn't pass ?
So if request comes from the 10.1.1.2 and user doesn't pass through
authentication, it should be forwarded to another DEFAULT ( with the
vpn_auth_name authentication).
Now it stops at the first DEFAULT
DEFAULT
On 2010/11/04 06:40 PM, Jevos, Peter wrote:
I'm sorry , It's outlook : )
As they say
Friends don't let friends use outlook!
--
Johan Meiring
Cape PC Services CC
Tel: (021) 883-8271
Fax: (021) 886-7782
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 04/11/10 16:15, Jevos, Peter wrote:
> Thank fo your reply, hoever as you can see from my previous posts, I
did
> it:
Frankly I find your posts confusing; your email client doesn't quote
properly and mangles the text wrapping, so I had no way to be sure.
Post full debug output of a failing re
On 04/11/10 16:15, Jevos, Peter wrote:
Thank fo your reply, hoever as you can see from my previous posts, I did
it:
Frankly I find your posts confusing; your email client doesn't quote
properly and mangles the text wrapping, so I had no way to be sure.
Post full debug output of a failing req
On 04/11/10 15:52, Jevos, Peter wrote:
>>
>
> Dear Phil , thank you ,
> I removed Fall through parameter, it works partially, when user
comes
> from the address 10.1.1.252 and Tunnel-Private-Group-ID is not Group1,
> it takes the Auth-Type := ntlm_auth_vpn ( which is wrong ), and not
> Auth-Type
On 04/11/10 15:52, Jevos, Peter wrote:
Dear Phil , thank you ,
I removed Fall through parameter, it works partially, when user comes
from the address 10.1.1.252 and Tunnel-Private-Group-ID is not Group1,
it takes the Auth-Type := ntlm_auth_vpn ( which is wrong ), and not
Auth-Type := vpn_aut
>
> Cisco-AVpair += "2nd:attribute"
>
> This is documented in the manpage and docs.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> Thank you, it helped but it still doesn't work as I wished:
>
> All I need is:
> When request comes from 10.1.1.252 and Tu
On 04/11/10 15:25, Jevos, Peter wrote:
On 04/11/10 10:41, Jevos, Peter wrote:
DEFAULT Auth-Type := ntlm_auth_vpn, NAS-IP-Address == 10.1.1.252
Tunnel-Type = "ESP",
Tunnel-Private-Group-ID = "Group1",
Tunnel-Password = "cisco",
Cisco-Avpair="ipsec:dns-servers=10.1.1.6 10.1.1.7",
Cisco-Avpair="ip
On 04/11/10 10:41, Jevos, Peter wrote:
> DEFAULT Auth-Type := ntlm_auth_vpn, NAS-IP-Address == 10.1.1.252
> Tunnel-Type = "ESP",
> Tunnel-Private-Group-ID = "Group1",
> Tunnel-Password = "cisco",
> Cisco-Avpair="ipsec:dns-servers=10.1.1.6 10.1.1.7",
> Cisco-Avpair="ipsec:addr-pool=vpn_pool",
This
On 04/11/10 10:41, Jevos, Peter wrote:
DEFAULT Auth-Type := ntlm_auth_vpn, NAS-IP-Address == 10.1.1.252
Tunnel-Type = "ESP",
Tunnel-Private-Group-ID = "Group1",
Tunnel-Password = "cisco",
Cisco-Avpair="ipsec:dns-servers=10.1.1.6 10.1.1.7",
Cisco-Avpair="ipsec:addr-pool=vpn_pool",
This wrong; yo
On 04/11/10 10:41, Jevos, Peter wrote:
However this config doesn’t work, debug lokks strange ( takes only first
Cisco Avpair attribute ), probably something wrong In the config
Send the full debug output, as asked frequently on this list.
-
List info/subscribe/unsubscribe? See http://www.freer
23 matches
Mail list logo