solved it now another way:
authorize {
auth_log
suffix
mschap
eap {
ok = return
}
if ( (%{User-Name} !~ /@/) || (%{User-Name} =~ /@.*@/))
{
update
when i put the validate_username direct after
server eduroam {
validate_username
authorize {
.
i do not get an error. but it doesnt work. i am just trying around, i know
that the validate_username doesnt make sense when NOT in the authorize
section.
so anyone has an idea
i was trying to reject those double realm.
but i cannot find the right syntax and/or where to put the lines.
i was trying to put this lines in the user file:
DEFAULT User-Name =~ /^...@company.com@.*/
Auth-Type := Reject
that did not work.
when putting:
if (User-Name ~=
mr typo euroregist...@gmail.com wrote:
i was trying to reject those double realm.
but i cannot find the right syntax and/or where to put the lines.
i was trying to put this lines in the user file:
DEFAULT User-Name =~ /^...@company.com@.*/
Auth-Type := Reject
that did not work.
hello alexander,
thanks alot for this piece of code. but now i have a problem with getting
this to work.
in radiusd.conf i have an
$INCLUDE policy.conf
and in my authorize section i got the following:
authorize {
auth_log
validate_username
Hi,
/etc/raddb/sites-enabled/eduroam[9]: Failed to find module
validate_username.
/etc/raddb/sites-enabled/eduroam[2]: Errors parsing authorize section.
hmm, interesting - this looks very much like a post i made here earlier
this month where 3rd-party virtual servers dont seem to pick up
Palmer J.D.F. wrote:
There are three servers in the auth and acct pools, but unless I comment
two of them out (as below) I receive a 'Request Denied' message back in
response to the first access-request packet that is proxied to one of
the auth servers.
? The only way that happens is if
Alan Buxey wrote:
there does seem to be an issue with 2.1.7 - I've had a couple
of reports stating that the proxy doesnt seem to 'stick' to one
remote proxy during EAP (eg with client-balance or client-ip-balance
methods). not sure what has changed since 2.1.6 - but a rollback to 2.1.6
with
Hello all,
i do have a problem with our freeradius configuration and i have no idea how
to solve it.
we do have one realm configured domainname.com which works perfectly. every
user who wants to authenticate with a different realm is proxied to an
outside radius. server. the setup works fine.
Hi,
we do have one realm configured domainname.com http://domainname.com
which works perfectly. every user who wants to authenticate with a
different realm is proxied to an outside radius. server. the setup
works fine.
we do have some mobile devices who send something like:
Hi,
we do have one realm configured domainname.com which works perfectly. every
user who wants to authenticate with a different realm is proxied to an
outside radius. server. the setup works fine.
we do have some mobile devices who send something like:
usern...@company.com@wlan.mnc003.mc
problem is, that we are a university, so they are our people. tousands of
students and teachers. if we deny those users, our helpdesk will get more
work.
is there a way to remove the double entries or do i have to block those?
-euroreg
On Wed, Oct 7, 2009 at 1:50 PM, Alan Buxey
Hi,
problem is, that we are a university, so they are our people.
tousands of students and teachers. if we deny those users, our
helpdesk will get more work.
is there a way to remove the double entries or do i have to block those?
Any chance we are talking about eduroam? In this case: doing
Hi,
Since upgrading FR to 2.1.7 from 2.1.3 and 2.1.1 on our 2 servers
there's been an issue with our proxy pool.
There are three servers in the auth and acct pools, but unless I comment
two of them out (as below) I receive a 'Request Denied' message back in
response to the first access-request
hey,
yes we are talking about eduroam and after reading your post, it seems like
that it is the best
to deny such users.
thanks alot
-euroreg
On Wed, Oct 7, 2009 at 2:44 PM, Stefan Winter stefan.win...@restena.luwrote:
Hi,
problem is, that we are a university, so they are our people.
Since upgrading FR to 2.1.7 from 2.1.3 and 2.1.1 on our 2 servers
there's been an issue with our proxy pool.
There are three servers in the auth and acct pools, but unless I comment
two of them out (as below) I receive a 'Request Denied' message back in
response to the first access-request
where would be the best place to deny those users?
we do not have alot of practice with freeradius, so
any help would be appreciated,
kind regards
-euroreg
On Wed, Oct 7, 2009 at 3:03 PM, mr typo euroregist...@gmail.com wrote:
hey,
yes we are talking about eduroam and after reading your
hi,
there does seem to be an issue with 2.1.7 - I've had a couple
of reports stating that the proxy doesnt seem to 'stick' to one
remote proxy during EAP (eg with client-balance or client-ip-balance
methods). not sure what has changed since 2.1.6 - but a rollback to 2.1.6
with exactly the same
Palmer J.D.F. j.d.f.pal...@swansea.ac.uk wrote:
Since upgrading FR to 2.1.7 from 2.1.3 and 2.1.1 on our 2 servers
there's been an issue with our proxy pool.
There are three servers in the auth and acct pools, but unless I comment
two of them out (as below) I receive a 'Request Denied'
mr typo euroregist...@gmail.com wrote:
i do have a problem with our freeradius configuration and i have no idea how
to solve it.
we do have one realm configured domainname.com which works perfectly. every
user who wants to authenticate with a different realm is proxied to an
outside
hi,
there does seem to be an issue with 2.1.7 - I've had a couple
of reports stating that the proxy doesnt seem to 'stick' to one
remote proxy during EAP (eg with client-balance or client-ip-balance
methods). not sure what has changed since 2.1.6 - but a rollback to
2.1.6
with exactly the
Palmer J.D.F. j.d.f.pal...@swansea.ac.uk wrote:
there does seem to be an issue with 2.1.7 - I've had a couple
of reports stating that the proxy doesnt seem to 'stick' to one
remote proxy during EAP (eg with client-balance or client-ip-balance
methods). not sure what has changed since 2.1.6 -
Hello, I am researching my current problem with freeradius not authenticating.
The user is rejected because the name is not found, our AD (w2k3)
sends usernames to freeradius in this format domainname\\username.
I have tried enabling the nt hack under the ldap section with no luck.
reading
Jacob Jarick wrote:
Hello, I am researching my current problem with freeradius not authenticating.
The user is rejected because the name is not found, our AD (w2k3)
sends usernames to freeradius in this format domainname\\username.
That's not a 2-character delimiter. It's a backslash,
How would I then tell radius to remove the domain\\ from domain\\user
On 4/13/07, Alan DeKok [EMAIL PROTECTED] wrote:
Jacob Jarick wrote:
Hello, I am researching my current problem with freeradius not
authenticating.
The user is rejected because the name is not found, our AD (w2k3)
Jacob Jarick wrote:
How would I then tell radius to remove the domain\\ from domain\\user
Configure the ntdomain instance of the realms module, and make
sure it's listed in the authorize section. Then, configure the realm
by name in proxy.conf.
Alan DeKok.
--
http://deployingradius.com
Hi All :
I have a big problem !!
i have a radius server , and 10 clients
how can i make some clients can use [EMAIL PROTECTED]
and some clients just use account ?
my radius server version is 0.9.3
example :
2 clients , one can use [EMAIL PROTECTED] the other just use user account
zack musa [EMAIL PROTECTED] wrote:
when I send User information using Python radius
testing tools, the forwarding server send the access
request to the remote server, then the remote server
sent the access accept back to the forwarding
server..
Not in the debug log you posted.
Use
Hi...
My proxy setup seems to have a problem. I used the
NULL realm option for testing purposes. It looks like
this
realm NULL {
type = radius
authhost = 200.200.230.136:1812
accthost = 200.200.230.136:1813
secret = amin
}
when I send User information using Python radius
testing tools, the
29 matches
Mail list logo