Thank both, that's great news.
I really need to teach myself some C..
Cheers
Andy
-Original Message-
From:
freeradius-users-bounces+andy.franks=sath.nhs...@lists.freeradius.org
[mailto:freeradius-users-bounces+andy.franks=sath.nhs.uk@lists.freeradiu
s.org] On Behalf Of
users mailing list
Subject: Re: Case statement error
Franks Andy (RLZ) IT Systems Engineer wrote:
I still get
# Loading authorize {...}
/usr/local/etc/raddb/sites-enabled/default[222]: case statements may
only appear within a switch section
You need to upgrade your binary. You're not using
October 2013 15:26
To: FreeRadius users mailing list
Subject: Re: Case statement error
Franks Andy (RLZ) IT Systems Engineer wrote:
Trying version #d166290 results in
Which is old. The bug has already been fixed.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org
Hi All. I have some code in an sql policy:
sql_check_user_present {
update control {
Tmp-String-0 := %{sql_pwifi:SELECT COUNT(*) from voucher v left
join state s on v.id=s.voucher_id where v.id=s.voucher_id and
v.code='%{User-Name}' and (s.state='Inactive' or s.state='Active')}
}
switch
Yeh, I read that character classes don't need escaping in quite the same
way somewhere, then tried it without escaping but didn't realise it was
down to character position.
I'll give it a try.
Thanks guys.
evluation
Well at least it'll evaluate instead of evluate now.
:-P
-Original
Hi All,
Just a quick question - I've compiled FR3 with pcre regex libraries
and it's working ok. I just can't get it to escape plusses ( + ) though
I've tried between 0 and 6(!) backslashes but all result in:
ERROR: Failed compiling regular expression: bad range inside [] at
offset 10
(0)
Hi,
Just agreeing with Arran really, we've got 5406 procurve switches,
which I believe are similar in software terms to the 2910s and we do the
unlang string Arran has presented here :
update reply {
Egress-VLANID += %{expr:822083584 + %{Tagged-VID}}
}
It works fine, although that may
Hi All,
Just wondering if anyone knew what the expiration date format was back
from eap-tls transactions? I have a cert here that expires 23/07/2015
and FR gives back 150723132302Z.
That's a Z on the end..?
It's certainly not seconds since epoch or Jan 01 - 1601 which is seen in
certain other
Thanks guys, that's great
Andy
From: freeradius-users-bounces+andy.franks=sath.nhs...@lists.freeradius.org
[mailto:freeradius-users-bounces+andy.franks=sath.nhs...@lists.freeradius.org]
On Behalf Of Michael Schwartzkopff
Sent: 25 July 2013 09:38
To: FreeRadius users mailing list
Subject:
= no
}
In the users files I have
DEFAULT ldap1-Ldap-Group == I made this group up
In operation, everything seems to expand ok:
..
(1) files : Searching for user in group I made this group up
rlm_ldap (ldap1): Reserved connection (4)
(1) files : Using user DN from request CN=Franks Andy (RLZ) IT Systems
=sath.nhs.uk@lists.freeradiu
s.org] On Behalf Of Phil Mayers
Sent: 23 July 2013 17:53
To: freeradius-users@lists.freeradius.org
Subject: Re: Ldap query in FR3
On 23/07/13 17:19, Franks Andy (RLZ) IT Systems Engineer wrote:
This will probably be obvious, but I can't see it!
Looks like a bug - the code
2013 18:22
To: FreeRadius users mailing list
Subject: Re: Ldap query in FR3
On 23 Jul 2013, at 17:52, Phil Mayers p.may...@imperial.ac.uk wrote:
On 23/07/13 17:19, Franks Andy (RLZ) IT Systems Engineer wrote:
This will probably be obvious, but I can't see it!
Looks like a bug - the code here
Good man
Cheers
Andy
-Original Message-
From:
freeradius-users-bounces+andy.franks=sath.nhs...@lists.freeradius.org
[mailto:freeradius-users-bounces+andy.franks=sath.nhs.uk@lists.freeradiu
s.org] On Behalf Of Arran Cudbard-Bell
Sent: 23 July 2013 20:19
To: FreeRadius users mailing list
Hi,
I'm experimenting with a system involving an access-challenge to a
NAS. It works fine with FR so far on, say, the cisco ipsec vpn client,
which waits a long time until timing out waiting for user input. I'd
like to also discover how other NAS's behave using this and have found
the timeout on
To: freeradius-users@lists.freeradius.org
Subject: Re: Access-challenge timeout on IOS
On 04/07/13 14:34, David Mitton wrote:
Quoting Phil Mayers p.may...@imperial.ac.uk:
On 04/07/13 11:00, Franks Andy (RLZ) IT Systems Engineer wrote:
Hi,
Session-timeout and Idle-timeout
Hi,
Just a quick question : has anyone got the rlm_securid module working
in 3.0? I've managed, after some messing, to get the module to compile,
but after copying the securid mod to mods-available and linking it to
mods-enabled, running freeradius -X gives :
To: FreeRadius users mailing list
Subject: Re: rlm_securid
On 20 Jun 2013, at 21:41, Franks Andy (RLZ) IT Systems Engineer
andy.fra...@sath.nhs.uk wrote:
Hi,
Just a quick question : has anyone got the rlm_securid module
working in 3.0? I've managed, after some messing, to get the module
mailing list
Subject: Re: rlm_securid
you need a break
On Thu, Jun 20, 2013 at 9:41 PM, Franks Andy (RLZ) IT Systems Engineer
andy.fra...@sath.nhs.uk wrote:
Hi,
Just a quick question : has anyone got the rlm_securid module working
in 3.0? I've managed, after some messing, to get the module
] On Behalf Of Alan DeKok
Sent: 13 June 2013 16:02
To: FreeRadius users mailing list
Subject: Re: MSSQL using unixodbc and truncation of characters
Franks Andy (RLZ) IT Systems Engineer wrote:
(by the way is there a nice way to get shot of all these ansi escape
codes from the radius.log? It looks nice
Hi
Do I need to file a bug report or something?
Thanks
Andy
-Original Message-
From:
freeradius-users-bounces+andy.franks=sath.nhs...@lists.freeradius.org
[mailto:freeradius-users-bounces+andy.franks=sath.nhs.uk@lists.freeradiu
s.org] On Behalf Of Alan DeKok
Sent: 13 June 2013 17:57
To:
June 2013 09:19
To: freeradius-users@lists.freeradius.org
Subject: Re: Exec problems in FR3.0
On 06/14/2013 07:39 AM, Franks Andy (RLZ) IT Systems Engineer wrote:
Hi
Do I need to file a bug report or something?
No, the issue was raised on -devel
You can revert:
https://github.com/FreeRADIUS
=sath.nhs...@lists.freeradius.org
[mailto:freeradius-users-bounces+andy.franks=sath.nhs.uk@lists.freeradiu
s.org] On Behalf Of Arran Cudbard-Bell
Sent: 14 June 2013 12:15
To: FreeRadius users mailing list
Subject: Re: Exec problems in FR3.0
On 14 Jun 2013, at 10:09, Franks Andy (RLZ) IT Systems
Ok, so I've compiled 3 from scratch with support for the freetds and unixodbc
modules. I have some issues :
Using the unixodbc driver that was working before gives me this now :
rlm_sql (sql_postauth_lan0): Driver rlm_sql_unixodbc (module rlm_sql_unixodbc)
loaded and linked
rlm_sql
Hi Aaran,
The Sybase driver works for a simple select 123456, but then any
real value gives, .e.g :
rlm_sql (sql_test_mssql): Executing query: 'Select NetworkCardID from
Audit_NetworkCard where macaddress='9C:B7:0D:84:0D:09''
Sybase Server message:
number(208) severity(16) state(1) line(1)
Sorry to send yet more emails with issues. I've moved to FR3 to test SQL
stuff and am having some problems with getting exec modules I previously
used to work. I know I could rewrite these in perl, but they worked
before in FR2.2.1 and I want to solve why they won't work now.
I have an exec
Hi all,
I may again being doing something wrong but I've noticed an odd
problem. I've connected up using the freetds libraries to an MSSQL
server.
iSQL works fine and I can do a query thus :
Select NetworkCardID from Audit_NetworkCard where
macaddress='00:14:22:53:de:58'
+--+
|
Sorry, FR version 2.2.1.
Thanks
andy
_
From: Franks Andy (RLZ) IT Systems Engineer
Sent: 12 June 2013 17:43
To: freeradius-users@lists.freeradius.org
Subject: MSSQL using unixodbc and truncation of characters
Hi all,
I may again being doing
...@lists.freeradius.org
[mailto:freeradius-users-bounces+andy.franks=sath.nhs.uk@lists.freeradiu
s.org] On Behalf Of Arran Cudbard-Bell
Sent: 12 June 2013 17:55
To: FreeRadius users mailing list
Subject: Re: MSSQL using unixodbc and truncation of characters
On 12 Jun 2013, at 17:42, Franks Andy (RLZ) IT Systems
Thanks
Andy
-Original Message-
From:
freeradius-users-bounces+andy.franks=sath.nhs...@lists.freeradius.org
[mailto:freeradius-users-bounces+andy.franks=sath.nhs.uk@lists.freeradiu
s.org] On Behalf Of Franks Andy (RLZ) IT Systems Engineer
Sent: 12 June 2013 18:51
To: FreeRadius users mailing
Of Arran Cudbard-Bell
Sent: 12 June 2013 20:19
To: FreeRadius users mailing list
Subject: Re: MSSQL using unixodbc and truncation of characters
On 12 Jun 2013, at 19:20, Franks Andy \(RLZ\) IT Systems Engineer
andy.fra...@sath.nhs.uk wrote:
Just as an aside - is the rlm_sql_freetds module deprecated
Hi,
Just wondered if someone could explain the reason why, on rejection of
EAP authentication, an access challenge request is sent out to the NAS,
and whether it's something we can control or not?
Thanks
Andy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Of Phil Mayers
Sent: 10 June 2013 16:02
To: freeradius-users@lists.freeradius.org
Subject: Re: EAP post auth reject and access-challenge
On 10/06/13 15:45, Franks Andy (RLZ) IT Systems Engineer wrote:
Hi,
Just wondered if someone could explain the reason why, on rejection
of EAP authentication
(RLZ) IT Systems Engineer wrote:
Questions are - does the exec module return to the
Module-Failure-Message variable or another I can use, and why doesn't
No, sorry. mschap does when it does the internal exec, but the
exec module does not. You might be able to emulate this by wrapping
your
in
PEAP or is it not possible..?
Thanks
Andy
-Original Message-
From:
freeradius-users-bounces+andy.franks=sath.nhs...@lists.freeradius.org
[mailto:freeradius-users-bounces+andy.franks=sath.nhs.uk@lists.freeradiu
s.org] On Behalf Of Franks Andy (RLZ) IT Systems Engineer
Sent: 07 June 2013 13
Hi all,
Trying to use the provided ntlm_auth exec module to authenticate users
where the NAS uses pap, which works fine. I just want to improve my
error reporting and pick up the return string from the failure of the
module, .e.g -
Exec plaintext: NT_STATUS_WRONG_PASSWORD: Wrong Password
+andy.franks=sath.nhs.uk@lists.freeradiu
s.org] On Behalf Of Phil Mayers
Sent: 24 May 2013 08:35
To: freeradius-users@lists.freeradius.org
Subject: Re: Global variables
On 05/23/2013 07:43 PM, Franks Andy (RLZ) IT Systems Engineer wrote:
Seems a bit excessive to do it each request. I know it's
-8695-1506
Mobil: +49-151-15998774
ICQ: 499797758
Skype: nagmat84
Franks Andy (RLZ) IT Systems Engineer andy.fra...@sath.nhs.uk hat
geschrieben:
..Just an update.. might be interesting for people - rebooted the switch
and not all clients were authenticated, but it seems all those that
weren't have 0
Hi,
Me again, I have had a google but it's not produced much, so apologies
if I've overlooked some piece of documentation somewhere.
Is it possible to set global variables at freeradius runtime? The
background is that I want to check against a user's primarygroupid from
AD to make sure they are
What you're after is in the clients - file surely - that's where you
set up the clients and secrets..? Otherwise maybe check if the secret in
your switch is encrypted or not, cisco switches allow input of a 7 or 0
after certain commands to signify encryption or not - from a cisco NAS..
Not sure
DeKok
Sent: 21 May 2013 00:21
To: FreeRadius users mailing list
Subject: Re: Help with chap
Franks Andy (RLZ) IT Systems Engineer wrote:
Thanks for the help.
Anecdotally, before I get into serious discovery, I've been running
the freeradius process in extra debugging mode -xx. I'd read
Just confirming that I've tested this in the past and it works, but I
believe the poster of the article is dubious about a production
environment. When I tried it on wifi it took a second or so more to
authenticate for some reason, so we eventually went with eap-tls instead
because of this and
] On Behalf Of Phil Mayers
Sent: 21 May 2013 08:06
To: freeradius-users@lists.freeradius.org
Subject: Re: Help with chap
On 05/21/2013 07:55 AM, Franks Andy (RLZ) IT Systems Engineer wrote:
Can I just use the authorize section to set the password to be the
same as the username, i.e. the mac address
-
From:
freeradius-users-bounces+andy.franks=sath.nhs...@lists.freeradius.org
[mailto:freeradius-users-bounces+andy.franks=sath.nhs.uk@lists.freeradiu
s.org] On Behalf Of Franks Andy (RLZ) IT Systems Engineer
Sent: 21 May 2013 22:27
To: FreeRadius users mailing list
Subject: RE: Help with chap
-
From:
freeradius-users-bounces+andy.franks=sath.nhs...@lists.freeradius.org
[mailto:freeradius-users-bounces+andy.franks=sath.nhs.uk@lists.freeradiu
s.org] On Behalf Of Alan DeKok
Sent: 20 May 2013 14:01
To: FreeRadius users mailing list
Subject: Re: Help with chap
Franks Andy (RLZ) IT Systems
Hi,
I seem to frequent this forum, hopefully one day I'll be answering some
questions, not asking them.
I've recently got into mac based auth on a procurve 5406. It does either chap
or peap-mschap authentication, and i'm using ntlm_auth for the mschap2 when
using peap. It worked brilliantly
@lists.freeradiu
s.org] On Behalf Of Alan DeKok
Sent: 18 May 2013 13:37
To: FreeRadius users mailing list
Subject: Re: Help with chap
Franks Andy (RLZ) IT Systems Engineer wrote:
... It worked brilliantly in testing, but come
production, when i reboot the switch or clear the authentication
[mailto:freeradius-users-bounces+andy.franks=sath.nhs...@lists.freeradius.org]
On Behalf Of Alan DeKok
Sent: 11 May 2013 14:26
To: FreeRadius users mailing list
Subject: Re: Inner tunnel post auth question
Franks Andy (RLZ) IT Systems Engineer wrote:
My FR version is 2.1.10+dfsg-3build2_amd64
Hi,
This may have come up before but I can't find any solutions :
I'm using a NAS which always performs EAP/MSCHAP2 authentication, so
I've stripped the sites-enabled/default right down to pretty much just
include the eap stuff for authorisation/authentication, and am doing all
the rest inside
all the
details :-(
On 10 May 2013, at 13:53, Franks Andy (RLZ) IT Systems Engineer
andy.fra...@sath.nhs.uk wrote:
Hi,
This may have come up before but I can't find any solutions :
I'm using a NAS which always performs EAP/MSCHAP2 authentication, so
I've stripped the sites-enabled
Hi All,
I have a hopefully fairly straightforward question. We have a network
switch, a procurve 5406 that we're doing mac based port authentication
on. The switch sends radius attributes including the NAS-Port-ID. I want
to be able to reply with tagged and untagged vlans for the ports once
Hi all,
I keep coming back with questions - hopefully I'll be able to answer
someone else's soon!
I am trying to run a simple command to fire off a network backup each
time an admin logs off a switch via accounting. I'm only testing this as
a concept for now.
I have rancid installed on another
something
Franks Andy (RLZ) IT Systems Engineer wrote:
The problem is it doesn’t work. I can run the script from a shell prompt
and the backup functions fine, the variables outputting to the
testssh.out file and the ssh command running ok. Freeradius fires the
script off ok after an accounting
Hi All,
I've looked around the internet a bit and obviously looked at the wiki
page and configuration page for rlm_cache and can't quite understand how
it works. Does anyone have any practical examples of simply storing an
attribute/value pair or pairs and then check the value later in the
[mailto:freeradius-users-bounces+andy.franks=sath.nhs.uk@lists.freeradiu
s.org] On Behalf Of Arran Cudbard-Bell
Sent: 18 September 2012 23:05
To: FreeRadius users mailing list
Subject: Re: unlang time / date comparison
On 18 Sep 2012, at 22:38, Franks Andy \(RLZ\) IT Systems Engineer
andy.fra
Hi,
Hopefully a simple question. I've looked around for a while but can't
find the answer to this.
I'd like to be able to take a date/time from a sql database, use unlang
(not a module) to compare it to the current time and make a decision
based on the fact that it's, for example, less or more
Hi All,
I've been following Thomas Glanzmann's work on sms/email otp with
freeradius and can see it could REALLY save our organisation a lot of
money (we're using securid tokens exclusively ATM). I'm trying to work
out something to suit us and at the same time be helpful to others into
making
Hi
I have a seemingly simple thing I need to do, however it doesn't
seem to be working. In the users file I do a quick match to see if a
user is in the regex list I put in (this is for overrides of an ldap
group, determining higher privileges, but still basic access for the
group users),
Ok, that makes sense, would work better I think if I had an include file
similar to the users file in a sense, which I assume I can do but not tried in
the middle of a section, I could then ditch the users file. Problem is users
is kind of nice, plus it's marginally easier to read for the less
, and apologies for sending so many emails in one go.
Andy
-Original Message-
From: freeradius-users-bounces+andy.franks=sath.nhs...@lists.freeradius.org
[mailto:freeradius-users-bounces+andy.franks=sath.nhs...@lists.freeradius.org]
On Behalf Of Franks Andy (RLZ) IT Systems Engineer
Sent
Hi,
Hope this is a quick request for someone to answer, been googling and
can't find the reply.
I've altered the post-auth sql recording data a bit from the standard
schema - I wanted to record some of the details of the request packet
without relying on the NAS to do proper accounting, which I
...@lists.freeradius.org
[mailto:freeradius-users-bounces+andy.franks=sath.nhs.uk@lists.freeradiu
s.org] On Behalf Of Matthew Newton
Sent: 21 August 2012 14:21
To: FreeRadius users mailing list
Subject: Re: Recording post auth sql data
On Tue, Aug 21, 2012 at 01:33:00PM +0100, Franks Andy (RLZ) IT Systems
Hi again,
Thanks for everyone's input on the last question I asked today.
I have another : we are running cisco 1100/1200 series Aps with multiple
SSIDs. Depending on ldap groups users are assigned a VLAN which
corresponds to the internal or DMZ based network. The issue is that if a
user is in
Hi - thanks for the reply
I have a relatively new version of IOS and I can't see the attribute coming
through, either on freeradius or using the debug radius command on the AP. I
wonder if it's something you have to set in the AP that's non default.
As an aside, I wonder if there's an internal
doesn't make it through to the radius server.
Anyone any ideas?
-Original Message-
From: freeradius-users-bounces+andy.franks=sath.nhs...@lists.freeradius.org
[mailto:freeradius-users-bounces+andy.franks=sath.nhs...@lists.freeradius.org]
On Behalf Of Franks Andy (RLZ) IT Systems Engineer
Sent
That works fine. However I'm still intrigued about why the other
method fails, and I also presume this method doesn't allow multiple
attribute types to be updated as per the exec-program-wait script in
the example documentation?
Yes
Maybe it's not supported? Must admit I am a
On 08/01/2012 10:52 PM, Franks Andy (RLZ) IT Systems Engineer wrote:
user on a specific client machine. The Ldap-Group doesn't see the
primary group as it's set to do amemberof lookup. Other groups are
seen fine.
Yes. Sadly this is an AD-specific behaviour, and there's no way
Hi,
I've got another query to do with this issue.
I'm trying to follow up running an external script that could feasibly
update a control value within freeradius.
It's working fine to push the variable outwards, and recording that
passed variable to a file using the bash redirect , however I've
[mailto:freeradius-users-bounces+andy.franks=sath.nhs.uk@lists.freeradiu
s.org] On Behalf Of Alan DeKok
Sent: 02 August 2012 17:19
To: FreeRadius users mailing list
Subject: Re: Tricky problem with ldap and primary groups in AD
Franks Andy (RLZ) IT Systems Engineer wrote:
and am assigning the Reply-Message
Hi All,
I've been searching for half the day and can't find an answer for a
question I have. I'm new to freeradius and so far am finding it a
rewarding challenge.
I have freeradius 2.1.10 up and running, querying AD via ldap and
authenticating with ntlm_auth fine.
I'm using Ldap-Group checks
69 matches
Mail list logo