Hi Tobi,
you need to process lt.attrs in a loop. It's not a real Lua table, it's a user data pretending to be a table, so # doesn't work.
For example:
for k, v in pairs(lt.attrs) do
if ((k == "acc
Hi Neil
thanks for the hint with the dovecot config, adding this and I can see that
> ... attrs={local_ip="XX.XX.XX.XX"} ...
is now logged by wforce daemon. Then I tried to access that value from
wforce with the following testcode
> if (#lt.attrs > 0)
> then
> return 7, "ip_local", "ip_local"
From dovecot, you can add any additional attributes you like using the
auth_policy_request_attributes configuration setting, e.g.
By default in 2.3.1 this looks like:
login=%{requested_username} pwhash=%{hashed_password} remote=%{rip}
device_id=%{client_id} protocol=%s
But you can add addition
Hi
I wonder if the information about the origin of report or allow can be
accessed somehow. lt.remote gives the IP of the client trying to login
but is there anything in lt which gives the ip of the system that
connects to wforced?
Thanks and have a good one
--
tobi
gure?
>>
>>
>> Cheers
>>
>> tobi
>> Am 14.05.19 um 17:14 schrieb Neil Cook via dovecot:
>>> Hi Tobi,
>>>
>>> This looks like you haven’t included the libmaxmind libraries before
>>> running configure. GeoIP support is only compi
t;>
>> tobi
>> Am 14.05.19 um 17:14 schrieb Neil Cook via dovecot:
>>> Hi Tobi,
>>>
>>> This looks like you haven’t included the libmaxmind libraries before
>>> running configure. GeoIP support is only compiled in if it finds the
>>> righ
ds the
>> right libs.
>>
>> This would be libmaxminddb-dev on Ubuntu for example.
>>
>> Neil
>>
>>>> Hi list
>>>>
>>>> hope it's okay to ask weakforced questions here as well, but I could not
>>>> find a
d libraries before
> running configure. GeoIP support is only compiled in if it finds the
> right libs.
>
> This would be libmaxminddb-dev on Ubuntu for example.
>
> Neil
>
>>> Hi list
>>>
>>> hope it's okay to ask weakforced questions here as well,
Hi Tobi,
This looks like you haven’t included the libmaxmind libraries before running
configure. GeoIP support is only compiled in if it finds the right libs.
This would be libmaxminddb-dev on Ubuntu for example.
Neil
>> Hi list
>>
>> hope it's okay to ask weakforced
Hi list
hope it's okay to ask weakforced questions here as well, but I could not
find a dedicated mailinglist for wforce.
I want to enable GeoIP lookups in my wforce daemon. In a first step I
installed luarocks and lua-compat53 to install mmdblua module.
Then I added
newGeoIP2DB(&qu
tus":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"
In weakforced you have
webserver("0.0.0.0:8084", "THIS-IS-THE-PASSWORD-FOR-WFORCE")
Thus, you make the base64 blob as
~$ echo -n wforce:THIS-IS-THE-PASSWORD-FOR-WFORCE | base64
d2ZvcmNlOlRISVMtSVMtVEhFLVBBU1NXT1JELUZPUi1XRk9SQ0U=
And in dovecot you put
auth_poli
t:8084/?command=report
Mar 07 09:32:15 auth: Debug: policy(ouruser,127.0.0.1,):
Policy server request JSON:
{"device_id":"","login":"ouruser","protocol":"imap","pwhash":"68","remote&qu
wforce is the username always.
auth_policy_hash_nonce should be set to a pseudorandom value that is
shared by your server(s). Weakforced does not need it for anything.
auth_policy_server_api_header should be set to Authorization: Basic
without the < >.
Aki
On 6.3.2019 20.42, Robert
:8084/?command=allow]: Finished sending payload
Mar 06 13:32:16 auth: Debug: http-client[1]: peer 127.0.0.1:8084: No more
requests to service for this peer (1 connections exist, 0 pending)
Mar 06 13:32:16 auth: Debug: http-client[1]: conn 127.0.0.1:8084 [0]: Got
401 response for request [Req2: POST
https://github.com/PowerDNS/weakforced.
I see instructions at the Authentication policy support page,
https://wiki2.dovecot.org/Authentication/P
We have dovecot-1:2.3.3-1.fc29.x86_64 running on Fedora 29. I'd like to
test wforce, from https://github.com/PowerDNS/weakforced.
I see instructions at the Authentication policy support page,
https://wiki2.dovecot.org/Authentication/Policy
I see the Required Minimum Configur
1:11, Aki Tuomi escribió:
Did you miss the closing quote from api_header? Also, can you turn on
auth_debug=yes?
Aki
On 16 January 2019 at 12:05 alberto bersol wrote:
Hi Aki,
I've configured in this way:
vm-weakforced:~# printf 'wforce:super' | base64
d2ZvcmNlOnN1cGVy
vm-
Did you miss the closing quote from api_header? Also, can you turn on
auth_debug=yes?
Aki
> On 16 January 2019 at 12:05 alberto bersol wrote:
>
>
> Hi Aki,
>
> I've configured in this way:
>
> vm-weakforced:~# printf 'wforce:super' | base64
> d2Zvc
Hi Aki,
I've configured in this way:
vm-weakforced:~# printf 'wforce:super' | base64
d2ZvcmNlOnN1cGVy
vm-weakforced:~# cat /etc/dovecot/conf.d/95-policy.conf
auth_policy_server_url = http://localhost:8084/
auth_policy_hash_nonce = some random string
auth_policy_se
base64
Aki
> On 16 January 2019 at 10:06 alberto bersol wrote:
>
>
> Hi,
> I'm trying to set Weakforced with Dovecot and I cannot log in policy
> server. This is the config:
>
> /root/weakforced/wforce/wforce.conf
> ---
> ...
>
Hi,
I'm trying to set Weakforced with Dovecot and I cannot log in policy
server. This is the config:
/root/weakforced/wforce/wforce.conf
---
...
webserver("0.0.0.0:8084", "super")
...
/etc/dove
On Thu, Aug 17, 2017 at 1:16 AM, Teemu Huovila
wrote:
> Below is an answer by the current weakforced main developer. It overlaps
> partly with Samis answer.
>
> ---snip---
> > Do you have any hints/tips/guidelines for things like sizing, both in a
> > per-server sense (
Below is an answer by the current weakforced main developer. It overlaps partly
with Samis answer.
---snip---
> Do you have any hints/tips/guidelines for things like sizing, both in a
> per-server sense (memory, mostly) and in a cluster-sense (logins per sec ::
> node ratio)? I'
> On 16 Aug 2017, at 21.34, Mark Moseley wrote:
>
> Cool, good to know.
>
> Do you have any hints/tips/guidelines for things like sizing, both in a
> per-server sense (memory, mostly) and in a cluster-sense (logins per sec ::
> node ratio)? I'm curious too how large is quite large. Not looking
On Tue, Jul 18, 2017 at 10:40 PM, Aki Tuomi wrote:
>
>
> On 19.07.2017 02:38, Mark Moseley wrote:
> > I've been playing with weakforced, so it fills in the 'fail2ban across a
> > cluster' niche (not to mention RBLs). It seems to work well, once you've
&g
On 04.08.2017 23:10, Daniel Miller wrote:
> On 8/4/2017 12:48 PM, Daniel Miller wrote:
>> On 8/3/2017 6:11 AM, Teemu Huovila wrote:
>>>
>>> On 02.08.2017 23:35, Daniel Miller wrote:
Is there explicit documentation available for the (probably trivial)
configuration needed for Dovecot an
On 8/4/2017 12:48 PM, Daniel Miller wrote:
On 8/3/2017 6:11 AM, Teemu Huovila wrote:
On 02.08.2017 23:35, Daniel Miller wrote:
Is there explicit documentation available for the (probably trivial)
configuration needed for Dovecot and Wforce? I'm probably missing
something that should be perfe
On 8/3/2017 6:11 AM, Teemu Huovila wrote:
On 02.08.2017 23:35, Daniel Miller wrote:
Is there explicit documentation available for the (probably trivial)
configuration needed for Dovecot and Wforce? I'm probably missing something
that should be perfectly obvious...
Wforce appears to start wi
On 02.08.2017 23:35, Daniel Miller wrote:
> Is there explicit documentation available for the (probably trivial)
> configuration needed for Dovecot and Wforce? I'm probably missing something
> that should be perfectly obvious...
>
> Wforce appears to start without errors. I added a file to d
Is there explicit documentation available for the (probably trivial)
configuration needed for Dovecot and Wforce? I'm probably missing
something that should be perfectly obvious...
Wforce appears to start without errors. I added a file to dovecot's conf.d:
95-policy.conf:
auth_policy_server_
On 19.07.2017 02:38, Mark Moseley wrote:
> I've been playing with weakforced, so it fills in the 'fail2ban across a
> cluster' niche (not to mention RBLs). It seems to work well, once you've
> actually read the docs :)
>
> I was curious if anyone had playe
I've been playing with weakforced, so it fills in the 'fail2ban across a
cluster' niche (not to mention RBLs). It seems to work well, once you've
actually read the docs :)
I was curious if anyone had played with it and was *very* curious if anyone
was using it in high traffic
33 matches
Mail list logo
