-bounces+difan.zhao=guest-tek@lists.freeradius.org]
On Behalf Of Alan DeKok
Sent: November-19-11 1:37 AM
To: FreeRadius users mailing list
Subject: Re: PEAP Inner-tunnel can't match a user in the users file with some
check attributes
Difan Zhao wrote:
I have an issue that whenever I have check
Sent: March-04-11 2:00 AM
To: FreeRadius users mailing list
Subject: Re: Can I group users in the users file like in the SQL database?
Difan Zhao wrote:
Another quick question: Can I group users in the users file and assign
the group reply attributes instead of to each individual user?
No. See
-users-bounces+difan.zhao=guest-tek@lists.freeradius.org]
On Behalf Of Difan Zhao
Sent: March-02-11 9:01 AM
To: FreeRadius users mailing list
Subject: Use Hint file to proxy
Hi experts,
Long time no talk!
I have another dilemma. For some reasons I want to try to use the hints file to
do Proxy
up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 123 to 127.0.0.1 port 16011
Waking up in 4.9 seconds.
[cid:image002.gif@01CBD982.DFF851C0]Difan Zhao M.Eng | CCNA CCNP CCSP | Network
Engineer
T: 403-509-1010 ext 3048 | M: 403-689-7514 | F: 403.509.1011
difan.z
@lists.freeradius.org]
On Behalf Of Phil Mayers
Sent: March-03-11 9:16 AM
To: FreeRadius users mailing list
Subject: Re: Cleartext-Password := %{User-Name} in the users file. Possible?
On 03/03/11 16:10, Difan Zhao wrote:
Hi experts,
I want to try another way to authenticate devices by their MAC
addresses. I
-Through = yes
abc
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = 851
Tunnel-Preference:0 = 0
Thanks!
[cid:image003.gif@01CBD9A2.44D721B0]Difan Zhao M.Eng | CCNA CCNP CCSP | Network
Engineer
T: 403-509-1010 ext 3048 | M: 403-689-7514
to achieve the same result?
Right now my server just forwards the Access-accept to the switch and ignores
all the VLAN attributes associated with the username set in my users file...
Please help!
Thanks!
[cid:image003.gif@01CBD9B9.1BD2FB60]Difan Zhao M.Eng | CCNA CCNP CCSP | Network
Engineer
T
a lot!
[cid:image002.gif@01CBD8B8.490E09F0]Difan Zhao M.Eng | CCNA CCNP CCSP | Network
Engineer
T: 403-509-1010 ext 3048 | M: 403-689-7514 | F: 403.509.1011
difan.z...@guest-tek.commailto:difan.z...@guest-tek.com |
www.guest-tek.comhttp://www.guest-tek.com
The contents of this email
cli 08-00-0F-51-3F-60)
It'd be ideal if it can show the IP of the NAS where the request is coming
from. I know I could configure the client file to have individual IP for each
client instead of entire subnet. However just wondering if there is easy
switch to turn it on lol
Thanks!
Difan Zhao
FreeRadius to automatically forward a copy to the
remote server??
Thanks!
Difan Zhao, M.Eng
Network Engineer
Guest-Tek Interactive Entertainment Inc.
Email: difan.z...@guest-tek.com
Office: +1 (403) 509 1010 ext 3048
Cell: +1 (403) 689 7514
www.guest-tek.com
INTERNET | MEDIA
Hi Alan,
Thank you for the info! I downgraded the samba to 3.0.33 and it works
fine now!
Thanks,
Difan Zhao, M.Eng
Network Engineer
Guest-Tek Interactive Entertainment Inc.
www.guest-tek.com
Email: difan.z...@guest-tek.com
Office: +1 (403) 509 1010 ext 3048
Cell: +1 (403) 689 7514
http
account... The debug output is attached.
Please help!! Thanks!!!
Difan Zhao, M.Eng
Network Engineer
Guest-Tek Interactive Entertainment Inc.
Email: difan.z...@guest-tek.com
Office: +1 (403) 509 1010 ext 3048
Cell: +1 (403) 689 7514
www.guest-tek.com
INTERNET | MEDIA | VOICE
$ {
/etc/raddb/proxy.conf[33]: Invalid regex in realm ~*\.gtcorp\.com$
} # realm ~*\.gtcorp\.com$
I tried many other syntax and I found that I can't put ~ and * together
and if I did the process won't start...
I guess my problem is solved! This is just FYI! Thanks again for your
help!
Difan Zhao
==
...
authorize {
preprocess
chap
mschap
GTCORP
Suffix
...
}
Thanks!!
Difan Zhao, M.Eng
Network Engineer
Guest-Tek Interactive Entertainment Inc.
Email: difan.z...@guest-tek.com mailto:difan.z...@guest-tek.com
Office: +1 (403) 509 1010 ext 3048
Cell: +1 (403) 689 7514
the following query in PostSQL and it found the orginal
entry successfully...
select * from radcheck where username = 'GTCORP\\dzhao'
I am wondering if there is a setting to automatically add another \ in
the %{SQL-User-Name} if there is already a \ in it??
Thanks!
Difan Zhao, M.Eng
Network
\\dzhao'
I am wondering if there is a setting to automatically add another \ in
the %{SQL-User-Name} if there is already a \ in it??
Thanks!
Difan Zhao, M.Eng
Network Engineer
difan.z...@guest-tek.com
www.guest-tek.com
Office: 403-509-1010 ext 3048
Cell: 403-689-7514
-Original Message
list:
safe-characters =
\...@abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz0123456789.-_:
/
Any ideas? Thank you!
Difan Zhao, M.Eng
Network Engineer
difan.z...@guest-tek.com
www.guest-tek.com
Office: 403-509-1010 ext 3048
Cell: 403-689-7514
-Original Message-
From:
freeradius-users
WHERE Username = '=24enab15=24' ORDER
BY id
Then I changed the username to this =24enab15=24 and now it works.
I am just curious how freeradius or %{SQL-User-Name} treats special characters
in username... Is there a way to treat them AS-IS?
Thank you!
Difan Zhao, M.Eng
Network Engineer
Guest
a question for you. It has a :0 following the
Tunnel-Type. What is it for? I just removed it and it still works.
However in the Radius -X debug it still has the :0 appending the
attribute name. Any idea??
Thanks,
Difan Zhao M.Eng
Network Engineer
difan.z...@guest-tek.com
www.guest-tek.com
Office
-Group-Id:0 = 3,
Tunnel-Preference = 0x00
Other switch vendor may use different attributes.
I add these attributes in the users file. I am not using SQL. Don't
know how to pull the attributes via sql...
Hope it helps,
Difan Zhao M.Eng
Network Engineer
difan.z...@guest-tek.com
. Thanks again!
Difan Zhao
Network Engineer
difan.z...@guest-tek.com
www.guest-tek.com
Office: 403-509-1010 ext 3048
Cell: 403-689-7514
-Original Message-
From:
freeradius-users-bounces+difan.zhao=guest-tek@lists.freeradius.org
[mailto:freeradius-users-bounces+difan.zhao=guest-tek
attributes? Anyway to work
around this problem?
Alan, I think you told me once that it's not easy to fool the NAS to
accept all requests... Is this one of the case we are talking about??
Thank you and have a good weekend!
Difan Zhao
Network Engineer
difan.z...@guest-tek.com
www.guest
{
# attr_filter.access_reject
Auth-Type := Accept
}
}
And obviously it's not working... Any ideas how I should configure it? Thank
you!
Difan Zhao
Network Engineer
difan.z...@guest-tek.com
www.guest-tek.com
Office: 403-509-1010 ext 3048
Cell: 403-689-7514
-
List
they don't like to see
failed on their laptops. It's kind of important... I will really
appreciate if you can come up with a solution for it...
Thank you!
Guest-tek, Difan Zhao
difan.z...@guest-tek.com
www.guest-tek.com
Office: 403-509-1010 ext 3048
Cell: 403-689-7514
-Original Message-
From
and I like it a lot! Your support is also very
much appreciated! Thanks a lot
Guest-tek, Difan Zhao
difan.z...@guest-tek.com
www.guest-tek.com
Office: 403-509-1010 ext 3048
Cell: 403-689-7514
-Original Message-
From:
freeradius-users-bounces+difan.zhao=guest-tek@lists.freeradius.org
.
Enseo_stb Cleartext-Password := password
Any advice?? Thank you!!
Difan Zhao
Network Engineer
difan.z...@guest-tek.com
www.guest-tek.com http://www.guest-tek.com/
Office: 403-509-1010 ext 3048
Cell: 403-689-7514
image002.jpg
rad_recv: Access-Request packet from host
-users-bounces+difan.zhao=guest-tek@lists.freeradius.org
[mailto:freeradius-users-bounces+difan.zhao=guest-tek@lists.freeradi
us.org] On Behalf Of Difan Zhao
Sent: Wednesday, December 30, 2009 12:19 PM
To: FreeRadius users mailing list
Subject: RE: MAC authentication bypass --- How
amIsupposedto
but nothing is shown
whether the value has been successfully updated or not... Is this about
right or it's actually showing at somewhere else and I am looking at the
wrong place?? Thank you!
Guest-tek, Difan Zhao
difan.z...@guest-tek.com
www.guest-tek.com
Office: 403-509-1010 ext 3048
Cell
So I assume that none of you guys use MS Exchange server then... Do you
guys all hate MS and support open source?? I am a windows guy but I am
on your side!!
Arran, you found the problem! Now it works! Thank you!
Guest-tek, Difan Zhao
difan.z...@guest-tek.com
www.guest-tek.com
Office: 403-509
-Password}) {
ok
}
else{
reject
}
}
}
Guest-tek, Difan Zhao
difan.z...@guest-tek.com
www.guest-tek.com
Office: 403-509-1010 ext 3048
Cell: 403-689-7514
rad_recv: Access-Request
?
Thank you!
Guest-tek, Difan Zhao
difan.z...@guest-tek.com
www.guest-tek.com
Office: 403-509-1010 ext 3048
Cell: 403-689-7514
rad_recv: Access-Request packet from host 172.17.254.100 port 1645, id=45,
length=157
User-Name = 00a0080806bd
User-Password = 00a0080806bd
Difan Zhao would like to recall the message, MAC authentication bypass --- How
am Isupposedto?edit?theusersfile to include multiple MAC addresses??.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, Difan Zhao
difan.z...@guest-tek.com
www.guest-tek.com
Office: 403-509-1010 ext 3048
Cell: 403-689-7514
From:
freeradius-users-bounces+difan.zhao=guest-tek@lists.freeradius.org
[mailto:freeradius-users-bounces+difan.zhao=guest-tek@lists.freeradi
us.org
to be the same as the User-Name. Am I doing it right?
How can I convert it to lower cases or do I need to do it at all??
PS the MAC addresses will all start with 00-A0-08.
Thank you and merry Christmas!!
Guest-tek, Difan Zhao
difan.z...@guest-tek.com
www.guest-tek.com
Office: 403-509-1010
Lol Thank you Arran... You found the problem! Now it's good. Thanks
again!
Guest-tek, Difan Zhao
difan.z...@guest-tek.com
www.guest-tek.com
Office: 403-509-1010 ext 3048
Cell: 403-689-7514
-Original Message-
From:
freeradius-users-bounces+difan.zhao=guest-tek@lists.freeradius.org
of. I am a
Cisco guy and I have some Linux experience but no programming
experience. Can any of you recommend me a book about how to use
FreeRadius? I think that will stop me asking stupid questions...
Thank you!
Difan Zhao
Network Engineer
difan.z...@guest-tek.com
www.guest-tek.com
So...,
Alan suggested using unlang. I am actually reading un-language (5). If I
use it, where or what file do I put your script in?
=Script that Alan
wrote
authorise {
if(%{User-Name} =~ /[0-9a-z]{12}/i
Hi Alan,
Thank you very much for quick response!
Actually you are right. The password is in MD5 hash, not in clear text!
I may not be able to use the guest VLAN (the vlan the device will be put in
after failed or timeout 802.1x request) because I need to use this vlan for
some other
Hey Ivan,
Thank you very much for your help! Now it works beautifully!
My next step is to integrate FreeRadius with my Windows domain to use
Windows AD for authentication. I am sure I will more questions for you
guys!
Thank you!
Guest-tek, Difan Zhao
difan.z...@guest-tek.com
www.guest
Cleartext-Password := 00a0080806bd
I appreciate any advice!! Thank you guys!!
Difan Zhao, CCNP
Network Engineer
difan.z...@guest-tek.com
www.guest-tek.com http://www.guest-tek.com/
Office: 403-509-1010 ext 3048
Cell: 403-689-7514
image001.jpgrad_recv: Accounting-Request
40 matches
Mail list logo