Thank you Alan for your support.
I have one question now, in the realm part test_cpe.com I want to
maintain this realm in the user name for accounting. for Example
MAC@test_cpe.com it should not remove the suffix.
On Fri, Feb 25, 2011 at 7:39 PM, Alan DeKok al...@deployingradius.com wrote:
Waqas
Waqas Toor wrote:
Thank you Alan for your support.
I have one question now, in the realm part test_cpe.com I want to
maintain this realm in the user name for accounting. for Example
MAC@test_cpe.com it should not remove the suffix.
Read raddb/proxy.conf. This is documented. Read the realm
Yes. Do something like this:
{
my %static_global_hash = ();
sub post_auth {
...
}
...
}
static_global_hash will then be available on each call to the subs so you can
store some kind of state between requests that you handle.
The trick is placing the whole lot into a {} block. Perl can be odd
Thanks Alan for the tip, this has solved my problem.
Amit
On Sun, Feb 27, 2011 at 10:47 PM, Alan DeKok al...@deployingradius.comwrote:
Amit Nath wrote:
I am attempting to authenticate end-users via EAP-TTLS (with EAP-MD5) as
the inner method.
I have noticed that the Access-Accept Message
I don't think it will make a difference since the perl module is
instantiated for every request. Unless I mis-understood something.
Earlier I tried similar to what you suggested - without the {}. but it
didn't work.
On Mon, Feb 28, 2011 at 3:49 AM, Dean, Barry b.d...@liverpool.ac.uk wrote:
Hello there,
Judging from the website and the archives in the mailing
list, native support for Radsec is planned on FR. Is there anyone actively
working on this? Is there any timescale for this to be streamed on the main
codebase?
Thanks a lot in advance,
Vinh Nguyen vhn2...@gmail.com wrote:
I don't think it will make a difference since the perl module is
instantiated for every request. Unless I mis-understood something.
It is instantiated only once in a mod_perl type of way. If you want
more instances, then you need to use threads (since
Panagiotis Georgopoulos wrote:
Judging from the website and the archives in the mailing
list, native support for Radsec is planned on FR. Is there anyone
actively working on this? Is there any timescale for this to be streamed
on the main codebase?
Early summer.
It won't
Kyle Jake Plimack wrote:
I've configured radius to use ldap for authorization and authentication.
Authorization works fine, but will allow access to authorized users
without a correct password.
No.
Why? ldap stores passwords using SSHA encryption.
That doesn't change anything.
Is
Hi,
Judging from the website and the archives in the mailing
list, native support for Radsec is planned on FR. Is there anyone actively
working on this? Is there any timescale for this to be streamed on the
main codebase?
when its done(TM) is there a reason for
Is there a good howto on setting up freeradius to work with Open
Directory?
(Freeradius will be on stand alone box)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Should I post the debug log here, or a pastebin, or...?
--J
-Original Message-
From:
freeradius-users-bounces+mcnuttj=missouri.edu@lists.freeradius
.org
[mailto:freeradius-users-bounces+mcnuttj=missouri@lists.fr
eeradius.org] On Behalf Of Alan DeKok
Sent: Sunday, February
Removing the shared secrets, LDAP user passwords, etc. was the redacting I was
talking about. That, and removing the thousands of messages related to other
users' auth attempts, if I had had to do this on a production server.
Fortunately, that wasn't necessary. I was able to get a valid debug
Hi,
Is there a good howto on setting up freeradius to work with Open
Directory?
(Freeradius will be on stand alone box)
..needs to be on same box as Open directory IIRC (at which
point it just works (tm) )
alan
-
List info/subscribe/unsubscribe? See
Hi,
Should I post the debug log here, or a pastebin, or...?
quick answer? post it here
want to wait until someone can be bothered to go to some random web page?
pastebin
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Removing the shared secrets, LDAP user passwords, etc. was the redacting I
was talking about. That, and removing the thousands of messages related to
other users' auth attempts, if I had had to do this on a production server.
you can use radmin do get a full debug of a single client/NAS
That is the one post I did find, but thought it was based on the users
setup.
Thanks
On 02/28/2011 02:50 PM, Alan Buxey wrote:
Hi,
Is there a good howto on setting up freeradius to work with Open
Directory?
(Freeradius will be on stand alone box)
..needs to be on same box as Open
hi,
in your campus-eap virtual server you are not making a call to
eg the prefix module (put straight after the preprocess module)
ie
preprocess
suffix
ntdomain
do this in the authorization and preacct sections to handle these better
alan
-
List info/subscribe/unsubscribe? See
I did very similar to your example before but it didn't do it.
I perl module name is .pl instead of .pm like yours
is it possible you can show me your radius.conf - related to perl section?
thanks.
On Mon, Feb 28, 2011 at 1:40 PM, Alexander Clouter a...@digriz.org.ukwrote:
Vinh Nguyen
I don't have a modules/prefix file. I have a preprocess file, which is called
at the top of the authorize section of the campus-eap virtual server (this is
the default, I believe).
From the debug log, request 9:
server campus-eap {
+- entering group authorize {...}
++[preprocess] returns ok
Thank you Alan^2 for your reply!
Cheers,
Panos
Ps. it's good to know that RADSecProxy works fine and is stable..
-Original Message-
From: freeradius-users-
bounces+panos=comp.lancs.ac...@lists.freeradius.org [mailto:freeradius-
Hi,
* Vinh Nguyen vhn2...@gmail.com [2011-02-28 15:17:30-0600]:
is it possible you can show me your radius.conf - related to perl section?
http://lists.freeradius.org/pipermail/freeradius-users/2010-September/msg00529.html
Cheers
--
Alexander Clouter
.sigmonster says: Support Mental
Hi,
I don't have a modules/prefix file. I have a preprocess file, which is
called at the top of the authorize section of the campus-eap virtual server
(this is the default, I believe).
just add ntdomain as i said
read the realm module for description about fall through
alan
-
List
I'll try it, but I've read it, and I don't see how this (from realm module):
#
# 'domain\user'
#
realm ntdomain {
format = prefix
delimiter = \\
}
Is going to apply to this:
User-Name = host/doit-tcb-agl.col.missouri.edu
--J
-Original Message-
From:
First, is your last name really McNutt? And, have you ever been by the house
near MU that has camels and zebras in the front yard?
- Original Message -
From: McNutt, Justin M. [mailto:mcnu...@missouri.edu]
Sent: Monday, February 28, 2011 04:52 PM
To: FreeRadius users mailing list
Attempted and failed. Can authenticate users, but host authentication still
fails.
Uncommented ntdomain from both the authorize and preacct sections of
/etc/raddb/sites-available/campus-eap. Same behavior as before.
--J
-Original Message-
From:
Yes, and no, respectively. My wife has taken the kids there, but I have never
been.
--J
-Original Message-
From:
freeradius-users-bounces+mcnuttj=missouri.edu@lists.freeradius
.org
[mailto:freeradius-users-bounces+mcnuttj=missouri@lists.fr
eeradius.org] On Behalf Of Gary
Hi,
I'll try it, but I've read it, and I don't see how this (from realm module):
#
# 'domain\user'
#
realm ntdomain {
format = prefix
delimiter = \\
}
Is going to apply to this:
User-Name = host/doit-tcb-agl.col.missouri.edu
ignore me. i'm tired. yes, this
Ha, sweet...
- Original Message -
From: McNutt, Justin M. [mailto:mcnu...@missouri.edu]
Sent: Monday, February 28, 2011 05:53 PM
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Subject: RE: New User and AD Question: OT hijack
Yes, and no, respectively. My wife
I'm setting up an Ubuntu server (10.04LTS amd64) with FreeRadius (v2.1.8
from apt-get) to use as an authenticator against Active Directory for
our HP ProCurve switches. I've gotten the server on to our Active
Directory domain, and have begun the setup of the FreeRadius server.
I've even managed
Read the doc on ntlm_auth. There's an option like require membership of.
I'll leave the other question to someone more knowledgable as I was/am in a
similar position.
- Original Message -
From: Moe, John [mailto:j...@hatch.com.au]
Sent: Monday, February 28, 2011 06:00 PM
To:
ignore me. i'm tired. yes, this is a little bit of pain.
I understand. I wondered about that when I saw the ac.uk. You must be working
hours similar to mine. (That is, all of them.)
you'll be best off using a bit of unlang eg
(put this in the authorize section of your main virtual
PS: you'll likely need to use the SID of the group, I could not get it working
with the group name - YMMV.
- Original Message -
From: Gary Gatten [mailto:ggat...@waddell.com]
Sent: Monday, February 28, 2011 06:14 PM
To: 'freeradius-users@lists.freeradius.org'
That looks like Perl. Perl, I can deal with. I do have multiple domains to
attack. If I can come up with something generic that works for at least two
domains, I'll post it here. Looks predictable enough. I'm thinking along
the lines of something like this:
# BOL, host, a slash,
# BOL, host, a slash, one or more non-dot characters, a dot,
# one or more non-whitespace chars, EOL.
if ( User-Name =~ /^host\/([^\.])+\.(\S+)$/i ) {
switch %{2} {
case 'my-domain-string-1' {
update control {
On 27/02/2011 18:08, McNutt, Justin M. wrote:
New member to the list, here. I have a question about AD computer-based
authentication. Basically, how is it accomplished?
I have Googled and Googled, but only found references to the fact that it
*can* be done (mostly from archives of this list),
Hi Guys
I am new to Freeradius and have got it working with Mysql , however run into an
issue whereby I am seeing this for all requests
rlm_pap: WARNING! No known good password found for the user. Authentication
may fail because of this.
++[pap] returns noop
auth: No authenticate method
something is very strange in my case.
I used the global variable like you pointed out. Then I tested the logic and
it seems like the hash variable isn't cache properly. The data is not
cached. I gave up and tried again in couple hours. And then it magically
worked. now the hash variable is
Chris Kilian wrote:
I am new to Freeradius and have got it working with Mysql , however run
into an issue whereby I am seeing this for all requests
rlm_pap: WARNING! No known good password found for the user.
Authentication may fail because of this.
This is in the FAQ. Set up a sample
Moe, John wrote:
Now, I've read a lot of configuration pages (for Ubuntu, Samba, Winbind,
and FreeRadius, to name a few) in the last few days, and my head's
spinning a bit, and I'd like to make sure I'm doing this right, and I've
managed to grasp a few things...
The definitive guide is
40 matches
Mail list logo
