Oliver Warda wrote:
Is it possible to use the realm instead and should this be placed
within the users file?
Use the example I gave you, and search for @realm instead of @.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Oliver Warda wrote:
Now, I have the demand to implement RADIUS Proxy also.
As I understand MAC Auth is done before RADIUS Proxy.
Yes.
But I do not want to administrate about 5.000 RADIUS Proxy clients in my
authorized_macs file (RADIUS Proxy is using 802.1x only).
Is there a way to
any comment ?
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/radius-proxy-tp5620043p5620800.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-bounces+roberta.maglione=telecomitalia...@lists.freeradius.org
[mailto:freeradius-users-bounces+roberta.maglione=telecomitalia...@lists.freeradius.org]
On Behalf Of Alan DeKok
Sent: martedì 24 maggio 2011 17.08
To: FreeRadius users mailing list
Subject: Re: Radius proxy configuration
Maglione Roberta
Maglione Roberta wrote:
Thanks for the clarification and sorry for the basic question.
I'm new on this list and I was trying to understand if I can achieve with
freeradius a behavior similar to what could be done with another product
(navisradius) by setting Radius-CopyMode.
In navisradius
On Wed, May 25, 2011 at 3:47 PM, Alan DeKok al...@deployingradius.com wrote:
Maglione Roberta wrote:
Thanks for the clarification and sorry for the basic question.
I'm new on this list and I was trying to understand if I can achieve with
freeradius a behavior similar to what could be done
To: FreeRadius users mailing list
Subject: Re: Radius proxy configuration
Maglione Roberta wrote:
Thanks for the clarification and sorry for the basic question.
I'm new on this list and I was trying to understand if I can achieve with
freeradius a behavior similar to what could be done with another
Maglione Roberta wrote:
What I would like to do is to configure freeradius as a proxy to forward all
the authentication requests to another radius server without having to wait
for an answer from the RADIUS server.
What does that mean?
A proxy will forward a request, and then wait for
-users-bounces+roberta.maglione=telecomitalia...@lists.freeradius.org]
On Behalf Of Alan DeKok
Sent: martedì 24 maggio 2011 16.51
To: FreeRadius users mailing list
Subject: Re: Radius proxy configuration
Maglione Roberta wrote:
What I would like to do is to configure freeradius as a proxy
Hello...
I was able to overcome a lot of stoppers but I still need some help.
SERVERfreeRadius-client
the freeradius is proxying authentication messages to the SERVER, after
authenticated, the client is doing accounting to freeRadius and packet
counts are stored in
d...@hotmail.com wrote:
when a certain volumen of packets is reched, I need the freeRadius to send
an Authentication request to the SERVER, is that possible?
Sure. Keep track of packets in a DB.
I was trying to run a radclient instance on the accounting section of the
freeRadius in order
Hello...
Nice!, I got the proxy part working now. The client is also sending
accounting information and I can see teh accounting info on mysql (radacct
table).
Now, what I still need to do is to monitor the packets sent/received by
users, when the amount of packets reaches a certain level I then
Hello Fajar...
After some struggle I setup a proper environment to test your suggestions. I
am able to proxy the access_request to the radius server now.
Using the pre-proxy I also added the AVPs that I need to send to the server.
I have two questions now:
1. On the access request I see all
d...@hotmail.com wrote:
1. On the access request I see all AVPs there, but I might need to change
the order in which they are presented on the packet (I am checking the
packet using wireshark). Is that possible?
No. The specifications MANDATE that the order of attributes is
unimportant.
On Tue, May 3, 2011 at 9:45 AM, d...@hotmail.com d...@hotmail.com wrote:
Hello...
I am new to freeradius and I am hoping someone can give me some help with a
little project. The architecture is as follows:
RADIUS SERVER -freeRadius-Radius client
The radius
Thanks for your quick reply...
In order to store the accounting information, do I need to execute an
external script?
With my little knowledge of freeRadius at the moment, I have a vague idea on
how to forward the packets, but I have no clue yet on how to do the mysql
part you mentioned.
Could
On Tue, May 3, 2011 at 10:08 AM, d...@hotmail.com d...@hotmail.com wrote:
Thanks for your quick reply...
In order to store the accounting information, do I need to execute an
external script?
No
With my little knowledge of freeRadius at the moment, I have a vague idea on
how to forward
Alex Myself wrote:
Hi,
I'm trying to configure free radius server as a proxy radius server with
realm defined and strip option enabled.
Don't strip the user name.
Authentication fails on
external radius server when EAP is used. Without EAP authentication is
fine.
Any configuration
Thanks, Alan.
From: Alan DeKok al...@deployingradius.com
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Thu, July 1, 2010 12:58:18 PM
Subject: Re: radius proxy authentication problem with realm stripping for EAP
Alex Myself wrote
Jeremy Brown wrote:
I'm trying to setup a FreeRadius server to act as a proxy for another
DNS server, and this seems straightforward enough from the
documentation, however I also want the FreeRadius proxy to send
accounting information to another Radius server.
That's not very clear. You
piston wrote:
I'm putting the following code under /etc/freeradius/site-available/default,
authorize section just after preproccess
if (User-Name =~ ^ABC\/) {
That is not a valid regular expression. See man unlang for the form
of regular expressions:
if (User-Name =~ /^ABC\//) {
Hi,
Hi
I'm putting the following code under /etc/freeradius/site-available/default,
authorize section just after preproccess
if (User-Name =~ ^ABC\/) {
update control {
Realm == %another_realm}
}
But i'm getting such error:
Expected
...@lboro.ac.uk a.l.m.bu...@lboro.ac.uk
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Monday, March 9, 2009 5:16:35 PM
Subject: Re: radius proxy senario
Hi,
Hi
I'm putting the following code under /etc/freeradius/site-available/default,
authorize section just after
I have trying both
if (%{User-Name} =~ /^ABC\// ) {
update control {
Realm := 'another_realm'
}
}
if (%{User-Name} =~ /^ABC\// ) {
update request {
Realm := 'another_realm'
}
Hi,
if (%{User-Name} =~ /^ABC\// ) {
if (%{User-Name} =~ /^ABC\// ) {
read a few online regex resources.
++? if (%{User-Name} =~ /^ABC\//)
expand: %{User-Name} - ABC/use...@my_realm
? Evaluating (%{User-Name} =~ /^ABC\//) - FALSE
++? if (%{User-Name} =~ /^ABC\//) - FALSE
this
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Monday, March 9, 2009 8:38:25 PM
Subject: Re: radius proxy senario
Hi,
if (%{User-Name} =~ /^ABC\// ) {
if (%{User-Name} =~ /^ABC\// ) {
read a few online regex resources.
++? if (%{User-Name} =~ /^ABC\//)
expand
Hi,
Thanks Alan
With this:
if (%{User-Name} =~ /^ABC\//) {
update request {
Realm := 'another_realm'
}
}
The regex is working by now, but the other problem exist, the rewrite not
working properly.
dont play with User-Name!
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
a.l.m.bu...@lboro.ac.uk wrote:
Hi,
1. I have a local realm (suffix), xyz.com. I'm using freeradius
2.1.3+mysql.
2. My own user's username in mysql radcheck table is store in
usern...@xyz.com format
3. A person want me to proxy his prefix
freeradius-users@lists.freeradius.org
Sent: Saturday, March 7, 2009 6:15:02 PM
Subject: Re: radius proxy senario
Hi,
1. I have a local realm (suffix), xyz.com. I'm using freeradius 2.1.3+mysql.
2. My own user's username in mysql radcheck table is store in
usern...@xyz.com format
3. A person
Condition:
1. I have a local realm (suffix), xyz.com. I'm using freeradius 2.1.3+mysql.
2. My own user's username in mysql radcheck table is store in usern...@xyz.com
format
3. A person want me to proxy his prefix ABC/his-customer-usern...@myrealm to
his radius server, i.e:
Hi,
1. I have a local realm (suffix), xyz.com. I'm using freeradius 2.1.3+mysql.
2. My own user's username in mysql radcheck table is store in
usern...@xyz.com format
3. A person want me to proxy his prefix ABC/his-customer-usern...@myrealm to
his radius server, i.e:
Lutrika Mufti Rachmat wrote:
I have an existing radius server running on Cisco ACS 4.2. In the
current configuration, all users are configured using priv ID 15. I
wanted to setup a proxy radius, where the proxy will relay an
authentication and authorization request to the Cisco ACS, but when
On Tue, Jul 31, 2007 at 07:44:40PM -0400, Alan DeKok wrote:
Janne Peltonen wrote:
I seem to be getting errors such as
Tue Jul 31 11:50:23 2007 : Error: Assertion failed in request_list.c, line
1012
Which version? 1.1.7 doesn't have an assertion on that line, and it
has a LOT of
Hi,
We suffer from exactly the same issue (fr1.1.6). The only workaround I
found is to use a script that checks if freeradius is aliave and if
not - starts it again. Obviously it still causes some disruptions but
it's better then freeradius dying completely.
kind regards
Pshem
On 01/08/07,
Janne Peltonen wrote:
I seem to be getting errors such as
Tue Jul 31 11:50:23 2007 : Error: Assertion failed in request_list.c, line
1012
Which version? 1.1.7 doesn't have an assertion on that line, and it
has a LOT of fixes over earlier versions.
Alan DeKok.
-
List
You can use the radacct table to log your users. Obviously, you have to
enable the use of a DB for working with freeradius.
From: ego seek [EMAIL PROTECTED]
Reply-To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
To: Freeradius MailingList
ego seek [EMAIL PROTECTED] wrote:
Does anybody know how can I setup RADIUS and a proxy server to generate a
log for the users?
I need to trace where in the Internet the user went.
RADIUS doesn't do that. You need a transparent web proxy.
Alan DeKok.
--
http://deployingradius.com
Denis V. Gudtsov [EMAIL PROTECTED] wrote:
The problem lies on NAS-ID attribute. First radius servers knows all
about all of my NASes, but the second radius - mustn't. Is it posible to
change NAS-ID attribute to static string (e.g. MY NAS) when request is
forwarding to a second radius
Ron Wahler wrote:
Does the radius protocol specify the reason a request is rejected ? or
is
This not part of the protocol or FreeRadius does not look at that
attribute
And do something different.
See the RFCs at
http://www.freeradius.org/rfc/
or
http://www.ietf.org/
--
Regards,
Thor Spruyt
E:
Ron Wahler wrote:
So the Reply-Message is how a client can determine why the request was
Rejected ? Is there a standard set of values that are returned in
Reply-Message so that it can be programmed on the client to determine
the reason?
See http://www.freeradius.org/rfc/attributes.html
and in
Ron Wahler wrote:
Is there a way for me to set the Reply-Message to Timeout or
something
If the proxy times out?
No.
Although it might look to be a nice feature, a better option would be to
make your home radius server redundant.
--
Regards,
Thor Spruyt
E: [EMAIL PROTECTED]
W:
When a radius reply come back from a proxy server
Can/does FreeRadius know if it was a bad password/bad login or
A timeout of the proxy server ? is there an error code or ID that
Is set ? or an attribute that says why the reply was rejected ?
There's nothing in the server right now to do
There's nothing in the server right now to do something different if
the home server returned Access-Reject, or simply failed to respond.
If the home server sends a Reply-Message along, then there's a
difference
So the Reply-Message is how a client can determine why the request was
Is there a way for me to set the Reply-Message to Timeout or something
If the proxy times out?
Ron.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ron Wahler [EMAIL PROTECTED] wrote:
When there is a bad user name or bad password is there a return code or
ID set in the reject packet so a client knows why a request failed, not
just a generic access-reject ?
No. There is just an Access-Reject.
Some RADIUS servers may send additional
Ron Wahler [EMAIL PROTECTED] wrote:
When a radius reply come back from a proxy server
Can/does FreeRadius know if it was a bad password/bad login or
A timeout of the proxy server ? is there an error code or ID that
Is set ? or an attribute that says why the reply was rejected ?
There's
Alan DeKok wrote:
There's nothing in the server right now to do something different if
the home server returned Access-Reject, or simply failed to respond.
If the home server sends a Reply-Message along, then there's a difference
--
Regards,
Thor Spruyt
E: [EMAIL PROTECTED]
W: www.thor-spruyt.com
On Fri, 29 Oct 2004, Stefan wrote:
The big thing is: it must be fault tolerant and must proxy some thousends of
requests per second (starting with 1000 complete sessions: Auth, Acct-Start,
Acct-Stop).
Would Freeradius be able to do this?
Yes.
Is there a nearly equivalent implementation
48 matches
Mail list logo