On 14 Sep 2011, at 03:27, 2394263740 wrote:
> Arran,
>
> I'm using PEAP. Do you have any suggestion to grant access?
PEAP uses MSCHAPv2 as the inner method, and MSCHAPv2 requires that the client
and the server both know the password, else authentication will fail.
One option is to set some static credentials for when the database is offline.
But honestly that'll just cause more trouble, because A) Users won't remember
what the emergency credentials were, and B) even if they do enter the new
password, half of them will screw up re-entering their original password when
the service returns to normal.
You could also dump the list of SQL users out into a password file and use that
instead? Same syntax that I posed before, but change:
> update control {
> Auth-Type := 'Accept'
> }
To an instance of the password module.
-Arran
>
> Thanks!
>
>
> ------------------ Original ------------------
> From: "freeradius-users"<[email protected]>;
> Date: Tue, Sep 13, 2011 11:59 PM
> To: "freeradius-users"<[email protected]>;
> Subject: Freeradius-Users Digest, Vol 77, Issue 50
>
> Send Freeradius-Users mailing list submissions to
> [email protected]
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.freeradius.org/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
> [email protected]
>
> You can reach the person managing the list at
> [email protected]
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
>
> 1. Grant Access ( 2394263740 )
> 2. Re: Grant Access (Arran Cudbard-Bell)
> 3. Quick enable/disable user account. ( 2394263740 )
> 4. Re: Quick enable/disable user account. (Alan DeKok)
> 5. Re: Quick enable/disable user account. (Arran Cudbard-Bell)
> 6. RE: Quick enable/disable user account. (Tim Sylvester)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 13 Sep 2011 23:07:31 +0800
> From: " 2394263740 " <[email protected]>
> Subject: Grant Access
> To: " freeradius-users " <[email protected]>
> Message-ID: <[email protected]>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hello,
> I'm using free radius server 2.1.11 on Linux Enterprise Server 6.1.
> OS: Linux Enterprise Server 6.1
> Radius: free radius server 2.1.11
> Database: Mysql
>
> When the system goes wrong, I would like temporary grant all access request.
>
> Which means during the service is down, any username/password will be grant
> access.
>
> Can you please advise the solution?
>
> Thanks!
>
> Tom
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110913/89760c49/attachment.html>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 13 Sep 2011 17:16:02 +0200
> From: Arran Cudbard-Bell <[email protected]>
> Subject: Re: Grant Access
> To: FreeRadius users mailing list
> <[email protected]>
> Message-ID: <[email protected]>
> Content-Type: text/plain; charset="iso-8859-1"
>
>
> On 13 Sep 2011, at 17:07, 2394263740 wrote:
>
> > Hello,
> > I'm using free radius server 2.1.11 on Linux Enterprise Server 6.1.
> > OS: Linux Enterprise Server 6.1
> > Radius: free radius server 2.1.11
> > Database: Mysql
> >
> > When the system goes wrong, I would like temporary grant all access request.
> >
> > Which means during the service is down, any username/password will be grant
> > access.
> >
> > Can you please advise the solution?
>
> sql
> if(fail){
> update control {
> Auth-Type := 'Accept'
> }
> }
>
> This will not work for protocols like PEAP. But should work for PAP, and CHAP.
>
> -Arran
>
> Arran Cudbard-Bell
> [email protected]
>
> RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time.
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110913/b2a99bf6/attachment.html>
>
> ------------------------------
>
> Message: 3
> Date: Tue, 13 Sep 2011 23:32:43 +0800
> From: " 2394263740 " <[email protected]>
> Subject: Quick enable/disable user account.
> To: " freeradius-users " <[email protected]>
> Message-ID: <[email protected]>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hello,
> I'm using free radius server 2.1.11 on Linux Enterprise Server 6.1.
> OS: Linux Enterprise Server 6.1
> Radius: free radius server 2.1.11
> Database: Mysql
>
>
>
> Sometime, I need disable a user account in mysql database. And then enable it
> later on after some check complete.
>
>
>
> Can you please advise how to toggle such status?
>
>
>
> There're may be multiple solutions, please advise them all, so I can choose a
> one most fit the needs.
>
>
>
> Thanks!
>
>
>
> Tom
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110913/3f186dfc/attachment.html>
>
> ------------------------------
>
> Message: 4
> Date: Tue, 13 Sep 2011 17:39:48 +0200
> From: Alan DeKok <[email protected]>
> Subject: Re: Quick enable/disable user account.
> To: FreeRadius users mailing list
> <[email protected]>
> Message-ID: <[email protected]>
> Content-Type: text/plain; charset=ISO-8859-1
>
> 2394263740 wrote:
> > Sometime, I need disable a user account in mysql database. And then
> > enable it later on after some check complete.
> >
> > Can you please advise how to toggle such status?
>
> See the MySQL documentation for how to write to rows in MySQL.
>
> > There're may be multiple solutions, please advise them all, so I can
> > choose a one most fit the needs.
>
> Try harder.
>
> Alan DeKok.
>
>
> ------------------------------
>
> Message: 5
> Date: Tue, 13 Sep 2011 17:42:54 +0200
> From: Arran Cudbard-Bell <[email protected]>
> Subject: Re: Quick enable/disable user account.
> To: FreeRadius users mailing list
> <[email protected]>
> Message-ID: <[email protected]>
> Content-Type: text/plain; charset="iso-8859-1"
>
> No. You're treating this like paid support. Go and find out the answer for
> yourself, this is not a FeeRADIUS question.
>
> -Arran
>
> Arran Cudbard-Bell
> [email protected]
>
> RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time.
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110913/1d2cbd68/attachment.html>
>
> ------------------------------
>
> Message: 6
> Date: Tue, 13 Sep 2011 08:59:15 -0700
> From: "Tim Sylvester" <[email protected]>
> Subject: RE: Quick enable/disable user account.
> To: "'FreeRadius users mailing list'"
> <[email protected]>
> Message-ID: <[email protected]>
> Content-Type: text/plain; charset="us-ascii"
>
> Set Auth-Type := Reject in radcheck.
>
>
>
> http://deployingradius.com/documents/configuration/auth_type.html
>
>
>
> Tim
>
>
>
>
>
> From:
> freeradius-users-bounces+tim.sylvester=networkradius....@lists.freeradius.or
> g
> [mailto:freeradius-users-bounces+tim.sylvester=networkradius.com@lists.freer
> adius.org] On Behalf Of 2394263740
> Sent: Tuesday, September 13, 2011 8:33 AM
> To: freeradius-users
> Subject: Quick enable/disable user account.
>
>
>
> Hello,
> I'm using free radius server 2.1.11 on Linux Enterprise Server 6.1.
> OS: Linux Enterprise Server 6.1
> Radius: free radius server 2.1.11
> Database: Mysql
>
>
>
> Sometime, I need disable a user account in mysql database. And then enable
> it later on after some check complete.
>
>
>
> Can you please advise how to toggle such status?
>
>
>
> There're may be multiple solutions, please advise them all, so I can choose
> a one most fit the needs.
>
>
>
> Thanks!
>
>
>
> Tom
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110913/044b7e97/attachment.html>
>
> ------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
> End of Freeradius-Users Digest, Vol 77, Issue 50
> ************************************************
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Arran Cudbard-Bell
[email protected]
RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
