Is there any way inside a Handler clause to access the reason for the
current requests failing, as it is accessible via %1 in an AuthLog
clause? I would like to be able to pass back the actual failure reason to
the client instead of the cryptic Reply-Message=Request
Denied. Something along
When i played around with this setup, and i needed to run a few
instances with identical configs but on different IPs, i found using a
GlobalVar to be very useful. set the IP or port in each radius by passing
it via a GlobalVar on the command line, then you can use it to set various
, the username gets stored as [EMAIL PROTECTED]
(original) and jgh (rewritten).
Your session database CountQuery uses the rewritten usernames and the NAS
queries use the original usernames.
regards
Hugh
On Sunday, Mar 16, 2003, at 05:00 Australia/Melbourne, Jeremy Hinton wrote:
Hugh,
i
On Sunday, Mar 16, 2003, at 05:00 Australia/Melbourne, Jeremy Hinton wrote:
Hugh,
i understand what you're saying, but i think you may still not
quite understand the issue i'm trying to describe. Below, i'll try to
show why your solution wouldn't address the problem.
Assume
are making it a bit too complicated below.
regards
Hugh
On Saturday, Mar 15, 2003, at 03:53 Australia/Melbourne, Jeremy Hinton wrote:
Hugh,
I had to postpone work on this for a bit, and am just now
getting back to it. Maybe i'm missing something, but i don't see how
modifying the session
username.
BTW - some NAS's will accept the rewritten username in a User-Name
attribute in the access accept, or you could also use the Class attribute
for the same purpose.
regards
Hugh
On Friday, Feb 28, 2003, at 08:23 Australia/Melbourne, Jeremy Hinton wrote:
Hugh Mike,
While working
Hugh Mike,
While working on locking down multiple logins recently, i noticed an
interesting situation. I have a default realm of visi.net, so logging in as
bob and [EMAIL PROTECTED] are treated the same. I log into the server as bob. i
then try to log in to the server as [EMAIL PROTECTED]
= SQL
/AuthBy
.
/Handler
regards
Hugh
On Tuesday, Feb 25, 2003, at 04:47 Australia/Melbourne, Jeremy Hinton wrote:
Hugh,
Thanks for the idea, but unfortunately the AddToRequest seems to
be out of scope (invalid) in an AuthBy clause. It recognizes it in the
Realm
I just noticed this, and i thought i would post incase any others have
this problem. I was having some difficulty getting multiple login
confirmation on my Bay term servers working, and i tracked it down to the
following. The current release of Net-SNMP snmpget (5.0.7) by default use
SNMP v2,
, at 05:51 Australia/Melbourne, Jeremy Hinton wrote:
Greetings,
I'm trying to figure out of theres a way to log which AuthBy
clause issued the Request-Failed via AuthLogSQL. I use a AuthBy LDAP
primarily, but if that times out i fall back to an AuthBy SQL. When an
auth attempt gets
Greetings,
I'm trying to figure out of theres a way to log which AuthBy clause issued
the Request-Failed via AuthLogSQL. I use a AuthBy LDAP primarily, but if
that times out i fall back to an AuthBy SQL. When an auth attempt gets
rejected, i'd like to know if the AuthBy LDAP timed out and
Hugh crew,
From reading the docs, and my own testing, it looks like the BindAddress
parameter can only accept a single IP. As a result,
it looks like you're limited to either having radiator respond on all IPs,
or just on one. If this is not the case, someone please feel free to
correct me.
Greetings all,
I'm having a bit of a puzzle i cant seem to figure out. I am using an
AuthBy LDAP2 clause to auth with an LDAP server. The LDAP
schema is built as uid=username,cn=realm. Since most of my users log in
w/out specifying a realm, i have a DefaultRealm specified in my Client
I have a feature request for another load balancing AuthBy based on AuthBy
RADIUS. I would like to see AuthBy LEASTCONNS. This would check to see
which radius server had the least pending/outstanding connections, and
would use that server to process the request. Since AuthBy Radius is
I have a question regarding licensing. Is the licensing model per server
or per instance? If i have one physical server running 3 instances of
radiusd, is that 1 or 3 licenses? I would assume 1, but i wanted to make sure.
- jeremy
===
Archive at
to bind with xx,
xxx (server x.x.x.x:389)
Tue Sep 25 21:19:07 2001: DEBUG: LDAP got result for uid=jgh,cn=visi.net
Tue Sep 25 21:19:07 2001: DEBUG: LDAP got cn: Jeremy Hinton
Tue Sep 25 21:19:07 2001: DEBUG: LDAP got hostServer: visi.net
Tue Sep 25 21:19:07 2001: DEBUG: LDAP got sn:
Tue Sep 25
__ __ 0a
30 12: SEQUENCE {
0002 021: INTEGER = 1
0005 617: [APPLICATION 1] {
0007 0A1: ENUM = 0
000A 040: STRING = ''
000C 040: STRING = ''
000E: }
000E: }
// Jeremy HintonVisiNet
Oops, i didn't go far enough into the logs i guess. It looks like
it goes anonymous for the initial search query, and then uses the supplied
username and password to authenticate the actual record lookup later.
Answered my own question ;).
- jeremy
On Fri, 13 Jul 2001, Jeremy Hinton
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
// Jeremy HintonVisionary Systems, Inc.
// [EMAIL PROTECTED] http://www.visi.net
/
...
Code: Accounting-Response
Identifier: 0
Authentic: mwOte@158Q16523-21810195193237
Attributes:
Regards
Clement
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
-
!
// Jeremy HintonSometimes you wake up,
// NOC - VisiNetand sometimes you die.
// [EMAIL PROTECTED]And sometimes when you fall
// www.visi.net/~jgh y o u f l y. Neil Gaiman
===
Archive at http://www.thesite.com.au/~radiator
21 matches
Mail list logo