On 25/07/13 10:43, stefan.pae...@diamond.ac.uk wrote:
Alan,
https://confluence.terena.org/display/H2eduroam/freeradius-sp implies that after v2.1.9,
"%{Realm}" would contain "DEFAULT", not whatever the realm extracted from
User-Name was, when used in logging... Hence my
Alan,
https://confluence.terena.org/display/H2eduroam/freeradius-sp implies that
after v2.1.9, "%{Realm}" would contain "DEFAULT", not whatever the realm
extracted from User-Name was, when used in logging... Hence my question.
Of course, if this is no longer an issue, the
stefan.pae...@diamond.ac.uk wrote:
> After FreeRADIUS 2.10, we had to replace the DEFAULT {} stanza with the below
> in proxy.conf to ensure that the Realm attribute was correctly populated:
Huh? That's wrong. The DEFAULT realm works just fine.
And it's not "DE
Hi,
After FreeRADIUS 2.10, we had to replace the DEFAULT {} stanza with the below
in proxy.conf to ensure that the Realm attribute was correctly populated:
realm "~.+$" {
authhost = "host to deal with other realms"
:
:
}
Is that still necessary
Brian Julin wrote:
> Would it require too much tokenization witchdoctoring to make:
>
> realm /regexp\.edu/ {
> }
>
> ...work?
No. We'll wait for 3.0.1, though.
> Also I find a note in my config file comments about some regexp
> availability in the "hint
It seems to be last call for refactoring some of the user-visible
config items that are easier to change when bumping a major
rev number. The syntax for regexp-based realms has always
struck me as a bit hinky:
realm "~regexp\\.edu" {
}
Would it require too much tokenization witchdo
Hello,
I have two clients that proxy access requests to me. The realm varies, but the
format is always userid@realm.whatever
Is there a way that I can deny a specific realm when an access request is
received from a specific client?
I tried adding something to policy.conf but I couldn'
Ross wrote:
> Ok, so where do I setup the realm and then strip the realm? I'm using
> mysql.
> Some assistance would be greatly appreciated :)
All realms are defined in raddb/proxy.conf. This is documented.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freer
3 at 9:20 AM, Ross wrote:
>
> On 09/06/2013 11:01 PM, "Alan DeKok" wrote:
> >
> > geebs wrote:
> > > I don't recall having to setup a realm in previous installs.
> >
> > You always had to set up a realm in previous installs.
> >
> > Ala
On 09/06/2013 11:01 PM, "Alan DeKok" wrote:
>
> geebs wrote:
> > I don't recall having to setup a realm in previous installs.
>
> You always had to set up a realm in previous installs.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
http
geebs wrote:
> I don't recall having to setup a realm in previous installs.
You always had to set up a realm in previous installs.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
Not sure what I'm missing here, i seem to not be able to get this to work.
One of those things, I've done it many times yet I've missed a step I think.
This server is used to authenticate pppoe connections on a cisco router.
I just want freeradius to strip the realm every
port = 1603
type = acct
}
[...]
And in order to proxy, I want to forward using proxy depending realm
(proxy.conf)
realm ".*customer$" {
virtual_server = customer
}
realm ".*admin$" {
virtual_server = administrator
}
realm NULL {
virtual_
Bertalan Voros wrote:
> There is a freeradius server that is proxying every mschapv2 request to
> a homeserver using the DEFAULT realm.
>
> The same server is also handling EAP requests and then proxying the
> inner request through the DEFAULT realm.
>
> Is is possible to s
Hello All,
I would like to get help with the following.
There is a freeradius server that is proxying every mschapv2 request to a
homeserver using the DEFAULT realm.
The same server is also handling EAP requests and then proxying the inner
request through the DEFAULT realm.
Is is possible to
I've done it...it seems working.
Thank a lot.
Le 06/02/2013 11:40, Phil Mayers a écrit :
On 06/02/13 10:03, Hocine M wrote:
Hi ,
I have a problem with some user proxied.
In the accounting-request the username is stripped and realm is NULL.
Why le realm is lost?
The User-Name i
On 06/02/13 10:03, Hocine M wrote:
Hi ,
I have a problem with some user proxied.
In the accounting-request the username is stripped and realm is NULL.
Why le realm is lost?
The User-Name in the accounting packets is overridden by the User-Name
in the Access-Accept. In your case, your
thanks!
MIha
Dne 1/23/2013 3:58 PM, piše Phil Mayers:
On 23/01/13 14:47, Miha wrote:
Hi,
my radius client is sending with user-name and password aslo realm. I
can not disable sending realm, is it possible to configure radius that
will not user realm with user-name (user-name@realm
On Wed, Jan 23, 2013 at 2:47 PM, Miha wrote:
> Hi,
>
> my radius client is sending with user-name and password aslo realm. I can
> not disable sending realm, is it possible to configure radius that will not
> user realm with user-name (user-name@realm)?
>
> i only know t
On 23/01/13 14:47, Miha wrote:
Hi,
my radius client is sending with user-name and password aslo realm. I
can not disable sending realm, is it possible to configure radius that
will not user realm with user-name (user-name@realm)?
[digest] Digest-Attributes look OK. Converting them to
Hi,
my radius client is sending with user-name and password aslo realm. I
can not disable sending realm, is it possible to configure radius that
will not user realm with user-name (user-name@realm)?
[digest] Digest-Attributes look OK. Converting them to something more
usful.
*Digest-User
Jason Everard wrote:
> We have been trying to get it to work with "Replicate-To-Realm := ISE"
> in the corresponding virtual-server configuration, however it doesn't
> work.
See the FAQ for "it doesn't work".
If you want to get replication to work,
to get it to work with "Replicate-To-Realm := ISE" in
the corresponding virtual-server configuration, however it doesn't work.
The only way we can get the freeradius installation to send accounting
packets to another external radius box is to use "Proxy-To-Realm" which
req
> by other radius communicatons.
>
> The realm is not in the radacct table of server A. But I kow the reason,
> because FR doesn't know this realms. But thats ok.
Good to know.
>
>>What I don't understand is how come the reply that FR sends STILL contains
>
Hi Guys,
thank you for your answers. I killed the attribute user-name on my global
radius server in post-proxy and post-auth sections by unlang.
Now I have got the full username on my server, because it is not overwritten by
other radius communicatons.
The realm is not in the radacct table of
0x03e4
Message-Authenticator = 0x
3Com-Ip-Host-Addr = "123.456.789.012"
Proxy-State = 0x323437
Proxy-State = 0x323132
You should add "nostrip" into your local realm definition:
# raddb/proxy.conf
realm kl-dfki.de {
nos
Long answers available but the shirt version is local sites want their kit to
show the real user not the anonymous one but then forget to do define policy
for external requests.. other sites also don't want to receive remote
accounting packets so strip the realm out so they won't get
On Sun, Oct 21, 2012 at 12:25 AM, Matthew Newton wrote:
> On Sat, Oct 20, 2012 at 11:17:21PM +0700, Fajar A. Nugraha wrote:
>> Short version, your NAS (172.16.18.82) sends inconsistent user name.
>> It sends "mar...@kl-dfki.de" for access-request, but "markus" for
>> accounting. Fix the NAS. Perio
On Sat, Oct 20, 2012 at 11:17:21PM +0700, Fajar A. Nugraha wrote:
> Short version, your NAS (172.16.18.82) sends inconsistent user name.
> It sends "mar...@kl-dfki.de" for access-request, but "markus" for
> accounting. Fix the NAS. Period.
I don't know about different NASes, but ours send the User
On Sat, Oct 20, 2012 at 7:15 PM, wrote:
> I want to send attributes in the accounting area and put them into the
> radacct table.
> But not without the forwarding of the accounting request.
>
> The transmission of some attribute works in authorize.
>
> Do you understand my problem?
No. I'm havin
Hello,
in the radacct table are saved the authorized sessions of the user. I use
the database schema of daloradius. There is a column with realm, which is
empty. It would be nice, if there is something into to work with it.
And without the full userdetails the accounting is not working. Cause
xylak...@vorsicht-bissig.de wrote:
> So I thought Realm is a Radius Attribute, but now I think its only a
> temporay variable on the radius server. Cause I can't find it on IANA
> Attributes.
That's right. It doesn't ever go into a RADIUS packet.
> Please tell m
Here I'm again, ;-)
so worked on my problem this evening, but all the time without success. :-(
So I thought Realm is a Radius Attribute, but now I think its only a
temporay variable on the radius server. Cause I can't find it on IANA
Attributes.
So this is the wrong way to submit
Hello again,
sorry for the late answer, but I tried to resolve the problem for myself
and learnd more about the process of freeradius.
So my problem is always that the radius doesn't reply the realm of the
authenticated user.
The server dectects the realm and knows about it ( %{Realm} -&g
A quick guess, your mysql user-name is set to be stripped-user-name? Check
sql.conf and dialup.conf
alan
--
This smartphone uses free WiFi around the world with eduroam, now that's what I
call smart.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The user mar...@kl-dfki.de is saved in the mySql database as user markus on
Server B.
So i activate module suffix to check for the realm and then it checks this
user in the database.
This works, but the server answers only, that he knows "markus", not
"mar...@kl-dfki.de".
xylak...@vorsicht-bissig.de wrote:
> Yes I, know. I always read the debug. But I don't know to change it!
The User-Name comes from the user. Log in using a realm, and
FreeRADIUS will use it.
> My biggest problem is, that I can't find any good descriptions about
> free
from O'reilley, but this so about freeradius v1.
So couldy you help me?
Thank you
>
> Original-Nachricht
> Datum: Wed, 10 Oct 2012 10:32:02 -0400
> Von: Alan DeKok
> An: FreeRadius users mailing list
> Betreff: Re: No Realm in table rada
xylak...@vorsicht-bissig.de wrote:
> Authentication and accounting works with realm, but the field realm is
> empty in table radacct.
Does the accounting packet have a username with a realm? The debug
log says "no".
Please *read* the debug log. It has a lot of information
Hello together,
I have setuped a radius system like eduroam with 3 server. I use
"daloradius" for user and accounting management.
Authentication and accounting works with realm, but the field realm is
empty in table radacct.
Furthermore, I want to know how I use / configure Ho
would start off by moving the realm code to rlm_realm. There's
really no reason it should be in the server core.
> There are several approaches to do this.. and I'm guessing you have some
> ideas about this :)
Some. There are also many things I want to do, which I can&#
On Fri, 2012-09-21 at 13:05 +0200, Alan DeKok wrote:
> Wilco Baan Hofman wrote:
> > I'm looking through the code and documentation of freeradius now to see
> > if it is possible to use freeradius with a backend database for realms.
> > I'm looking to implement this if it's not there, in what way
Wilco Baan Hofman wrote:
> I'm looking through the code and documentation of freeradius now to see
> if it is possible to use freeradius with a backend database for realms.
Realms, maybe. It's a lot more difficult with home servers.
> For clients this can be fixed with dynamic clients and over
> I'm looking through the code and documentation of freeradius now to see
> if it is possible to use freeradius with a backend database for realms.
Not to define new realms no.
> For clients this can be fixed with dynamic clients and overwriting
> attributes.. but for realms this does not seem p
Hi,
I'm looking through the code and documentation of freeradius now to see
if it is possible to use freeradius with a backend database for realms.
For clients this can be fixed with dynamic clients and overwriting
attributes.. but for realms this does not seem possible. Did I miss
something?
I'
Shaun Lowry wrote:
> Is it possible to have a per-realm post-proxy section?
No. But you can have pre/post proxy sections for home server pools.
See proxy.conf.
> We need to add a
> couple of attributes to our Access-Accepts which vary in content
> depending on which realm w
Hi,
> Is it possible to have a per-realm post-proxy section? We need to
> add a couple of attributes to our Access-Accepts which vary in
> content depending on which realm we've proxied. Otherwise, is there
> an easy way to distinguish realm in the global post-proxy section?
On 13/08/12 17:16, Shaun Lowry wrote:
Is it possible to have a per-realm post-proxy section? We need to add a
couple of attributes to our Access-Accepts which vary in content
depending on which realm we've proxied. Otherwise, is there an easy way
to distinguish realm in the global post-
Is it possible to have a per-realm post-proxy section? We need to add a
couple of attributes to our Access-Accepts which vary in content
depending on which realm we've proxied. Otherwise, is there an easy way
to distinguish realm in the global post-proxy section?
Shaun.
-
List
cmanigan=towerstream@lists.freeradius.org] on
behalf of Phil Mayers [p.may...@imperial.ac.uk]
Sent: Monday, July 23, 2012 11:29 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: Setting realm from called station id regex
On 23/07/12 16:03, Christopher Manigan wrote:
> Hello,
>
>
> I have so
On 23/07/12 16:03, Christopher Manigan wrote:
Hello,
I have some devices that report to radius accounting but do not do any
authentication or authorization. For these sessions in accounting, I would
like to set a realm based on the called station id. The called station id ends
with a
Hello,
I have some devices that report to radius accounting but do not do any
authentication or authorization. For these sessions in accounting, I would
like to set a realm based on the called station id. The called station id ends
with a colon and the SSID. I thought I could write a
Hi,
upgarde to 2.1.12 - it has fixes for proxy errors
as for username - you cannot play with User-Name with EAP - use
Stripped-User-Name - see examples
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rs-bounces+cmanigan=towerstream@lists.freeradius.org
[freeradius-users-bounces+cmanigan=towerstream@lists.freeradius.org] on
behalf of Phil Mayers [p.may...@imperial.ac.uk]
Sent: Thursday, June 28, 2012 12:49 PM
To: freeradius-users@lists.freeradius.org
Subject: Re: EAP fails when proxying
On 28/06/12 17:33, Christopher Manigan wrote:
I am trying to use MSCHAPv2 to authenticate users. This works ok, except when
I try to proxy to a realm. Pasted below is the debug of a user trying to
authenticate. The realm is a prefix of the username. What I see buried in the
debug is
I am trying to use MSCHAPv2 to authenticate users. This works ok, except when
I try to proxy to a realm. Pasted below is the debug of a user trying to
authenticate. The realm is a prefix of the username. What I see buried in the
debug is:
# radiusd -X
FreeRADIUS Version 2.1.11, for host
Beau Sapach wrote:
> I’ve got FreeRADIUS running to proxy requests from a wireless controller
> to a domain controller (NPS). The realm name is being passed to NPS as
> the logon domain, which is fine but I’d like to catch a number of
> different possible realms that users may put in
Hello everyone,
I've got FreeRADIUS running to proxy requests from a wireless controller to a
domain controller (NPS). The realm name is being passed to NPS as the logon
domain, which is fine but I'd like to catch a number of different possible
realms that users may put into the
Hi all,
I'm trying to use different realm into the same server, but I probably
miss something.
I just want to check my users in radcheck table as user@realm, but I
can't get it working. here you are my radcheck table
mysql> select * from radcheck where username
to the remote server. However, I
> > see that the "Realm" Attribute, while logged in the detail file of the
> > local system, is not written to the radrelay detail file and proxied to
> my
> > remote server.
>
> Realm appears in dictionary.freeradius.internal
gt; see that the "Realm" Attribute, while logged in the detail file of the
> local system, is not written to the radrelay detail file and proxied to my
> remote server.
Realm appears in dictionary.freeradius.internal as an internal
attribute, i.e. one that doesn't go
Hi List
I have a working radrelay configuration running on FreeRADIUS Version
2.1.10 for debian linux (squeeze/sid). It successfully duplicates radius
accounting packets from the detail file to the remote server. However, I
see that the "Realm" Attribute, while logged in the detail f
Hi Alan,
thanks for a quick response, would this how it is suppose to be done:
if (User-Name =~ /^(.*)@(.*)/) {
update request {
NT-Domain := "staff"
}
} else {
mschap
}
Thanks in advance
Cheers
Vikash
On
Hi,
>+- entering group MS-CHAP {...}
>[mschap] Told to do MS-CHAPv2 for [2]u...@example.com.au with NT-Password
>[mschap] � � � �expand: --username=%{mschap:User-Name} ->
>--username=[3]u...@example.com.au
>[mschap] No NT-Domain was found in the User-Name.
>[mschap] � � � �
On Fri, Oct 7, 2011 at 10:01 PM, Robert Roll wrote:
> +++[control] returns noop
>
> Does this mean it did NOT set the value local in Proxy-To-Realm ?
>
> Thanks,
>
> Robert
>
>
>
> pre-proxy {
>
> if( "%{Packet-Src-IP-Address}" == '160.36.1
Below is my pre-proxy paragraph.. Below that is some output..
It just continues to loop..
It looks like the the test is working..
I don't know if it is meaningful or not, but..
+++[control] returns noop
Does this mean it did NOT set the value local in Proxy-To-Realm ?
Thanks,
Robert
roll=utah@lists.freeradius.org
> [freeradius-users-bounces+robert.roll=utah@lists.freeradius.org] On
> Behalf Of Arran Cudbard-Bell [a.cudba...@freeradius.org]
> Sent: Thursday, October 06, 2011 12:58 PM
> To: FreeRadius users mailing list
> Subject: Re: canceling/redirecting
On Fri, Oct 7, 2011 at 8:28 PM, Robert Roll wrote:
> Good thought, but it doesn't seem to do the trick, but thanks..
Really? Where did you put it, in authorize?
It should work in pre-proxy
>
>>Why don't you just avoid starting the proxy in the first place...
>
> I want to actually proxy to a re
y, October 06, 2011 12:58 PM
To: FreeRadius users mailing list
Subject: Re: canceling/redirecting realm in pre-proxy ?
On 6 Oct 2011, at 20:19, Robert Roll wrote:
> There seems to be some comments about being able
> to "cancel" a proxy in the pre-proxy section..
>
> # When th
, but I am not seeing it ?
update control {
Proxy-To-Realm := 'local'
}
Maybe... I'm not sure if it'll work. Why don't you just avoid starting the
proxy in the first place...
-Arran
Arran Cudbard-Bell
a.cudba...@freeradius.org
Betelwiki, Betelwiki, Betelwiki http://
There seems to be some comments about being able
to "cancel" a proxy in the pre-proxy section..
# When the server decides to proxy a request to a home server,
# the proxied request is first passed through the pre-proxy
# stage. This stage can re-write the request, or decide to
# cancel the pr
Hey thanks! :)
From: Phil Mayers
To: freeradius-users@lists.freeradius.org
Sent: Thursday, September 1, 2011 10:04 PM
Subject: Re: Proxying Based on Criteria Other Than REALM
On 01/09/11 14:53, det.explo...@yahoo.com wrote:
>> Hi,
>>
>>
On 01/09/11 14:53, det.explo...@yahoo.com wrote:
Hi,
Is it possible to proxy based on a group the user belongs to? Or
attribute? Or based on NAS from where the request was received?
Aside from REALM, is there any other criteria that can be used to
decide whether or not to proxy a request
> From: "det.explo...@yahoo.com"
> Date: September 1, 2011 9:51:33 PM GMT+08:00
> To: FreeRadius users mailing list
>
> Hi,
>
> Is it possible to proxy based on a group the user belongs to? Or attribute?
> Or based on NAS from where the request was receive
> It should be set in the configuration of the "realm" module.
> Where does it say that "suffix" is deprecated?
Sorry, my misread again!
# As of 2.0. the old-style "realms" file is deprecated, and is not
# used by FreeRADIUS.
Having never used freeradius
Rich Graves wrote:
> I found the documentation of what needs to be done to support both NTDOMAIN\
> and @realm styles in the same vhost. In sites-available/inner-tunnel, it says:
>
> # If you are using multiple kinds of realms, you probably
> # want to set &qu
1812
+- entering group authorize {...}
++[preprocess] returns ok
[pap] WARNING! No "known good" password found for the user. Authentication may
fail because of this.
++[pap] returns noop
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "adsl.xnet.co.nz" for
I found the documentation of what needs to be done to support both NTDOMAIN\
and @realm styles in the same vhost. In sites-available/inner-tunnel, it says:
# If you are using multiple kinds of realms, you probably
# want to set "ignore_null = yes" for a
On 26 Aug 2011, at 11:16, Barry Murphy wrote:
> Hey guys,
>
> We're an ISP providing ADSL services ourselves and on behalf of our
> wholesalers. I have a bunch of realms that are LOCAL and proxied which work
> with no issues. I'm trying to add realms of competitors to our radius so when
> cus
= "ip:dns-servers=14.1.33.1 120.136.0.25"
DEFAULT Realm == "ihug.co.nz", Auth-Type := Accept
None work and all look for a username. So in the above scenarios I want
anyth...@dsl.xnet.co.nz or whate...@ihug.co.nz to authenticate and be assigned
an IP address from the pool and
arleton.edu, ADS\user, and bare
> username get authenticated with mschapv2. Otherwise, regex realm *@*.*
> gets routed to the eduroam upstream radius hierarchy.
>
If you are going 'eduroam' you really need to reject *everything*
eduroam SSID/802.1X related that is not of the
cated with mschapv2.
Otherwise, regex realm *@*.* gets routed to the eduroam upstream radius
hierarchy.
I configured bufffered-sql for logging.
It all "works." Except... I noticed that my entries appeared in SQL-land as
ADS=0Dgraves. So, it seems that the ADS\ realm is recognize
other provider terminates "fred
3g mobile device" on their lns and issues the framed ip and route requests -
I also send the accounting data to them as well
Easy:
authorize {
if (User-Name == Fred) {
update control {
Proxy-To-Realm := OTHER_PROVIDER
}
}
}
...then define t
Guys
Looking for some help in the following scenerio
Fred tries to authenticate a 3g mobile broadband device and I don't have
there id on my radius database so I need to send to another provider who has
the account on their radius database. The other provider terminates "fred
3g mobile device"
ient.
>
> Be sure to create an "instance" of type sql per client/realm.
> eg.
> client1_sql sql {
> .
> lots of configuration parameter (configurable per client, including
> server/database/tables/queries)
> .
> }
>
> In the main server configuratio
Hi Dave,
I have not tested this, but I will try it as soon as I have a chance..
Create a sql.conf file per client.
Be sure to create an "instance" of type sql per client/realm.
eg.
client1_sql sql {
.
lots of configuration parameter (configurable per client, including
serve
At my place of employment we have a web frontend to our radius server. This
frontend will be used by several different clients. We want to store each
client's usernames/passwords and MAC addresses in their own database. The
database name will be the client's realm name.
The reason we
Yes! Finally.. Thanks Alan & Alan. I missed the obvious conf files...
instantiate section in radiusd.conf didn´t contain sql.
Thanks again to this great FreeRadius list!
/M
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/FR-2-1-6-add-realm-to-User-Name-before-Prox
Mika wrote:
> Hello.
> Removed sql from the authorize section and got the below error (unknown
> module sql..).
Add "sql" to the "instantiate" section of "radiusd.conf"
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> Hello.
> Removed sql from the authorize section and got the below error (unknown
> module sql..).
> What else could i have missed?
you're calling SQL somwehere in your authorize config - check all your
config files for anything mentioning sql. since you arent running that module
then anyt
message in context:
http://freeradius.1045715.n5.nabble.com/FR-2-1-6-add-realm-to-User-Name-before-Proxy-by-listening-port-tp3303117p3389818.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mika wrote:
> Do i need to use the queries/definitions in dialup.conf?
No.
> Does the User-Name need to exist in the SQL database to be able to add a
> realm to it?
No.
> server SERVER-21000 {
> authorize {
> preprocess
> pap
> sql
Why is "
That explains why the variables did not work. Thanks Alan.
I still can´t get my sql queries working though with the below config.
Do i need to use the queries/definitions in dialup.conf?
Does the User-Name need to exist in the SQL database to be able to add a
realm to it?
I would like the server
Mika wrote:
> Hello.
> Seems that the variables (Tmp-String-0) do not work at all. Even without
> sql.
You can't add a new attribute *and* use it in the same "update" section.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
}
server SERVER-21000 {
authorize {
preprocess
pap
update request {
Tmp-String-0 = "testrealm"
User-Name := "%{User-Name}@%{Tmp-String-0}"
}
update control {
Proxy-To-Realm := "AUT-OTP02"
}
}
}
--
Hello.
Both uppercase and lowercase seem to work fine with isql command-line, so i
think my odbc and freetds config is ok.. see below.
I am wondering if there is something wrong with the way i am trying to use
variablenames?
If i change the variable "realm" to something else the serve
Mika wrote:
> [sql] SQL query error; rejecting user
The text is not a valid SQL query. Maybe the SELECT needs to be
uppercase?
How does it work if you type the query into an SQL command-line tool?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello.
I am having some problems with the below configuration that does not work.
I have configured a virtual server on port 21000 that is to receive
Access-Request packets, the server is to look for a realm in a mssql
database before another query is done for the authentication server to proxy
Marius Pesé wrote:
> switched stripping off in radiusd on server1 and restarted the daemon but
> nothing seems to have changed.
That doesn't make sense.
> Server1's DB still has the stripped username in username field and the realm
> in realm field, server2 has the st
27;s DB still has the stripped username in username field and the realm
> in realm field, server2 has the stripped username but no realm.
> Should I send a debug output or can you tell from the top of your head where
> I went wrong?
debug output from server1 should show whether (and
1 - 100 of 792 matches
Mail list logo
