Hi
I am using the following query for authorization and I
am getting the error 1064 from MySql (PARSE ERROR).
But when I am giving the same query replacing the
variables with values, I am getting the output. Can
someone explain me why.
(select id,UserName,Attribute,Value,op from
=?iso-8859-1?q?Kiran?= [EMAIL PROTECTED] wrote:
I am using the following query for authorization and I
am getting the error 1064 from MySql (PARSE ERROR).
But when I am giving the same query replacing the
variables with values, I am getting the output. Can
someone explain me why.
Look
Title: Foundry command authorization help
I am having some issues with command authorization. Foundry has a
Foundry-Command-String attribute and suspect I am just a chucklehead :-)
Syntax should be
Foundry-Command-String = configure terminal,
Foundry-Command-String = int ethernet 20
From: Kaczmarek, Thaddeus [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Foundry command authorization help
Date: Fri, 21 Nov 2003 11:21:00 -0500
Reply-To: [EMAIL PROTECTED]
This message is in MIME format. Since your mail reader does not understand
this format, some or all
At 11:23 AM 11/21/2003, Dave Mussulman wrote:
First, the Foundry dictionary file that comes with FreeRADIUS doesn't
have those attributes, so you'll need to edit it. What you need to add
is pretty straightforward in Foundry's docs. (I'll submit my dictionary
file to the project when I'm sure
Title: Re: Foundry command authorization help
They came with both versions I have tried, 0.91 and 0.93.
They were in /usr/share/freeradius folder.
Ted
On Fri, 2003-11-21 at 12:43, Chris Parker wrote:
At 11:23 AM 11/21/2003, Dave Mussulman wrote:
First, the Foundry dictionary file
On Tue, 18 Nov 2003, John A. Hengstler wrote:
Greetings.
I have an Cisco as5300 that I am using for Dial customers.
The customer connects, the authentication comes through, but then at the
authorization level the connection gets dropped by the nas..
Are there any suggested attributes
On Tue, 18 Nov 2003, John A. Hengstler wrote:
Greetings.
I have an Cisco as5300 that I am using for Dial customers.
The customer connects, the authentication comes through, but then at the
authorization level the connection gets dropped by the nas..
Are there any suggested
Greetings.
I have an Cisco as5300 that I am using for Dial customers.
The customer connects, the authentication comes through, but then at the
authorization level the connection gets dropped by the nas..
Are there any suggested attributes to put into radgroupreply for ISDN dial
in customers
I am having trouble getting freeradius to return values to my cisco
box. My goal is to be able to capture this data through tcl on the
cisco.
I can authenticate a call using information from radcheck, but the
corresponding values (h323-credit-time) in radreply are not being sent.
radcheck
At 12:28 PM 11/17/2003, Glen wrote:
I am having trouble getting freeradius to return values to my cisco
box. My goal is to be able to capture this data through tcl on the
cisco.
I can authenticate a call using information from radcheck, but the
corresponding values (h323-credit-time) in radreply
I tried this configuration as recommended, to no avail.
id UserName Attributeop Value
11 12345Cisco-VSA=h323-credit-time=10
Maybe I'm missing something; I'm expecting the value to show up in the debug output on
either the cisco or the radius (-X).
At 12:56 PM 11/17/2003, Glen wrote:
I tried this configuration as recommended, to no avail.
id UserName Attributeop Value
11 12345Cisco-VSA=h323-credit-time=10
Maybe I'm missing something; I'm expecting the value to show up in the
debug output on either
Fantabulous!
I looked in dictionary.cisco, saw Cisco-AVPair as the attribute name.
It seems everything I read about how VSA AV-Pairs is starting to click.
For those finding this message in a search, the following works in
FreeRadius v0.91:
id UserName Attributeop Value
11
At 01:58 PM 11/17/2003, Glen wrote:
Fantabulous!
I looked in dictionary.cisco, saw Cisco-AVPair as the attribute name.
It seems everything I read about how VSA AV-Pairs is starting to click.
For those finding this message in a search, the following works in
FreeRadius v0.91:
id UserName
the
pre-defined (part of authorization) authentication type, you should be
capable of defining which EAP subtype the user is trying to use.
EAP can be potentially as simple as CHAP or based on certificates,
kerberos or GSM-SIM cards. so, it's crucial to be able to control that.
you don't want your
hi kostas
We clearly aren't understanding each other :-)
And you didn't read what i asked you to, because you would find out it's exactly
what you want. Evidently i _wasn't_ talking about Auth-Type but about EAP-Type.
So please read the dictionary file for the values for EAP-Type.
ok, sorry, i
hi kostas :)
We clearly aren't understanding each other :-)
And you didn't read what i asked you to, because you would find out it's exactly
what you want. Evidently i _wasn't_ talking about Auth-Type but about EAP-Type.
So please read the dictionary file for the values for EAP-Type.
ok, sorry,
Kostas Kalevras [EMAIL PROTECTED] wrote:
ahem... you've sent a patch? where? :)
Hmm, typical :-)
Ok included
It's probably easier just to assume the following:
- ask for default eap type, but allow the user to NAK,
and request another
- if EAP-Type is set to some value, require
hi people
do i ignore something or am i right in the assumption that it is
currently not possible to define different EAP authentication methods on
a per-user basis with the provided onboard configuration?
(would be a nice feature to have john use PEAP during jack has to go for
pure TLS, for
On Thu, 6 Nov 2003, Artur Hecker wrote:
hi people
do i ignore something or am i right in the assumption that it is
currently not possible to define different EAP authentication methods on
a per-user basis with the provided onboard configuration?
(would be a nice feature to have john use
hi kostas
So you only need to set the EAP-Type attribute in the authorize section on a per
user basis and i think it should work.
so what value would i set the EAP-Type attribute to?
i don't want the user X just to grab the EAP-method Y and freeradius to
use it if it finds it in user's
On Thu, 6 Nov 2003, Artur Hecker wrote:
hi kostas
So you only need to set the EAP-Type attribute in the authorize section on a per
user basis and i think it should work.
so what value would i set the EAP-Type attribute to?
See the dictionary file for the values for the EAP-Type
of authorization) authentication type, you should be
capable of defining which EAP subtype the user is trying to use.
EAP can be potentially as simple as CHAP or based on certificates,
kerberos or GSM-SIM cards. so, it's crucial to be able to control that.
you don't want your users to freely choose
Salavat Yalalov [EMAIL PROTECTED] wrote:
And when sql authorization failed it never fall-through to rlm_files
authorization module.
What's wrong?
doc/configurable_failover
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi, all!
I use freeradius 0.9.1 and modules rlm_sql, rlm_sql_counter.
Evereything works fine.
Now I have to add authorization by users file.
How can I do that.
When i add next lines in radius.conf
authorize {
preprocess
suffix
sql
files -- added this line
Does 0.9.1 have support for token pools and
layer 2 tunnel (PPTP, L2TP, ..) authorization ?
What is the roadmap for RADIUSv2 (DIAMETER) support ?
Thanks,
__
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
At 06:52 PM 10/2/2003, Jack J wrote:
Does 0.9.1 have support for token pools and
layer 2 tunnel (PPTP, L2TP, ..) authorization ?
http://www.freeradius.org/features.html
What is the roadmap for RADIUSv2 (DIAMETER) support ?
Uhhh, do you even have a clue what you are asking here? What do you
Dave Mason wrote:
Thanks to you and Alan for the tips. I'll check the latest CVS.
Hopefully there is something in the doc directory or sql.conf comments
about the new behavior? In any case I can study the code. Sorry about
the HTML earlier, I forgot to turn it off.
There is a sample query
Dave Mason wrote:
!DOCTYPE html PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN
Beurk! It's really unreadable with my mail user agent.
Please don't do it anymore.
Wow - that sounds great. I'd like to avoid having a second client
connection to the database. You were right - after my new RLM
Thanks to you and Alan for the tips. I'll check the latest CVS.
Hopefully there is something in the doc directory or sql.conf comments
about the new behavior? In any case I can study the code. Sorry about
the HTML earlier, I forgot to turn it off.
Dave
Nicolas Baradakis wrote:
Dave Mason
your help with this,
Dave
Alan DeKok wrote:
Dave Mason [EMAIL PROTECTED] wrote:
This may seem a bit unusual, but I find myself in a situation where I
need to update the SQL authorization database from a different RLM
module than rlm_sql. That is, in my new RLM I'll want to update the
Dave Mason [EMAIL PROTECTED] wrote:
!DOCTYPE html PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN
Yuck. Can you please post straight text?
It sounds like my new RLM module will have some pre-configured
strings for the database access, something like insertRadcheck
%{sql: INSERT into
Dave Mason [EMAIL PROTECTED] wrote:
This may seem a bit unusual, but I find myself in a situation where I
need to update the SQL authorization database from a different RLM
module than rlm_sql. That is, in my new RLM I'll want to update the
radcheck and usergroup tables with data
Hi,
This may seem a bit unusual, but I find myself in a situation where I
need to update the SQL authorization database from a different RLM
module than rlm_sql. That is, in my new RLM I'll want to update the
radcheck and usergroup tables with data that will be used by a
subsequent
From: Thor Spruyt
Sent: Monday, 1 September 2003 11:29 PM
- Original Message -
From: [EMAIL PROTECTED]
Hi.
I'm using FreeRadius 0.9.0 on RedHat Linux 9.
I'm using external program for authorizing users. When authorization is
not
allowed, I'd like to inform my user about
. When authorization
is
not
allowed, I'd like to inform my user about reason of failure so I'm
returning Reply-Message:=Some reason in output from my program.
But, Free Radius always returns external check failed.
The auth.c code always adds a reply-message attribute to the Auth-Reject
Hi.
I'm using FreeRadius 0.9.0 on RedHat Linux 9.
I'm using external program for authorizing users. When authorization is not
allowed, I'd like to inform my user about reason of failure so I'm
returning Reply-Message:=Some reason in output from my program.
But, Free Radius always returns external
- Original Message -
From: [EMAIL PROTECTED]
Hi.
I'm using FreeRadius 0.9.0 on RedHat Linux 9.
I'm using external program for authorizing users. When authorization is
not
allowed, I'd like to inform my user about reason of failure so I'm
returning Reply-Message:=Some reason in output
Hello,
In FreeRADIUS, authorization is done before authentication. Is that a
proper sequence regarding the standard RADIUS concept?
For example, when a user mistypes the password, FreeRADIUS still send
out the attributes to RADIUS client. Would that be an issue (ie,
security, loading
Framed-IP-Address = 192.168.22.2
How can I force radius to check Framed-IP-Address in authorization?
chr Auth-Type := Local, User-Password == chr, Framed-IP-Address = 192.168.22.2
Doh! Cut-n-paste error... make it Framed-IP-Address == 192.168.22.2
Oliver.
-
List
force radius to check Framed-IP-Address in authorization?
thank you!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
In FreeRADIUS, authorization is done before authentication. Is that a
proper sequence regarding the standard RADIUS concept?
For example, when a user mistypes the password, FreeRADIUS still send
out the attributes to RADIUS client. Would that be an issue (ie,
security, loading
Hi All!
freeradius-0.9rc3
FreeBSD 4.7
I try to write external auth script for MS-CHAP users from PPPoE.
But I get strange form of CHAP_PASSWORD attribute. Here expample:
CHAP_CHALLENGE=6857332465513379
CHAP_PASSWORD=0x01a57eeda6a2eab68495c82beb0e53f950
I have tried many examples of auth scripts,
Dmitriy Nikitinskiy [EMAIL PROTECTED] wrote:
I try to write external auth script for MS-CHAP users from PPPoE.
Why? The server already does MS-CHAP.
But I get strange form of CHAP_PASSWORD attribute. Here expample:
CHAP_CHALLENGE=6857332465513379
From aaa.txt in the FreeRADIUS docs directory:
If none of database record for this User-Name matches in check attributes
with request items authorization will fail.The check list may be
required if we need to authenticate users with same name
for different services (for example to treat
and authorization.
2. Since I upgraded CISCO IOS to 12.4.x. The users can not telnet in.
ON Radius server, the RADIUSD -X debug messages show everything normal (I
compared 2 different version of IOS router's login message.)
ON CISCO router. the debug message is:
1w5d: AAA/AUTHEN/LOGIN (0033): Pick method
I am running freeradius ver 0.4 and 0.81 on SUN Salaris 8. I have encounter
the following problem:
1. On CISCO Router (1750) with ISO 12.1.x. I have no problem for users to
telnet into the router via RADIUS authentication and authorization.
2. Since I upgraded CISCO IOS to 12.4.x. The users can
Freeradius with ldap.
The dialupAcces attribute is check in the authorization process or in the
authentication process?
How can I do to select between a dialup access and a vpn access (usind ldap
attribute?)
Thanks
Roberto Pioli
-
List info/subscribe/unsubscribe? See http
On Fri, 4 Apr 2003, Roberto Pioli wrote:
Freeradius with ldap.
The dialupAcces attribute is check in the authorization process or in the
authentication process?
authorization
How can I do to select between a dialup access and a vpn access (usind ldap
attribute?)
Create two different ldap
Deramus, Chris [EMAIL PROTECTED] wrote:
Thanks, I sort of get what you are saying. But where do I define which
sql.conf file to look in?
radiusd.conf? Is it really that hard to find out which file
references sql.conf?
I assume that I would want sql1 for example to
point to sql.conf and
Deramus, Chris [EMAIL PROTECTED] wrote:
I realize how aggravating this must be, but I guess I'm getting confused as
to where you say create two instances of the SQL module.
That isn't documented well...
See 'doc/module_interface', section 2.
When I run radiusd -X it generates the
Yes you can do that now. In your users file put.
DEFAULT NAS-IP-Address == 1.1.1.1, Autz-Type := sql1
DEFAULT NAS-IP-Address == 2.2.2.2, Autz-Type := sql2
Then you can setup two different sql types. Then in authorization in
radius.conf add
autztype sql1 {
sql1
I am trying to use mysql to authorize users. It seems that they are
authorized but never get through because the system looks at the /etc/passwd
file. Attached is the -X output.
rad_recv: Access-Request packet from host 192.168.1.100:1880, id=17,
length=46
User-Name = fred33
John E Murphy [EMAIL PROTECTED] wrote:
I am trying to use mysql to authorize users. It seems that they are
authorized but never get through because the system looks at the /etc/passwd
file. Attached is the -X output.
So configure the server to use a different Auth-Type. It comes
, 2003 5:33 AM
Subject: Re: mysql authorization
John E Murphy [EMAIL PROTECTED] wrote:
I am trying to use mysql to authorize users. It seems that they are
authorized but never get through because the system looks at the
/etc/passwd
file. Attached is the -X output.
So configure
an immediate % Authorization failed.
I'm running my radius server in debug mode and it
appears as if the radius server authenticates the telnet session just fine -
below is the output from the radius server (yes and I know it's showing my
password... but hey - it's not a problem for me!) Below
Okay so I worked out that the problem lies in the
group authorization command in the AAA config. I got this config right out
of the FAQ on the freeradius.org site so I think I've missed where I setup a
radius group. When I remove the authorization statements I can logon just
fine using
w where
I can logon to my Cisco 2611 and authenticate against the freeradius server
just fine IF I'm connected to the console. When I try to connect using
telnet I get an immediate % Authorization failed.
I'm running my radius server in debug
mode and it appears as if the radius
Hello all,
I am trying to authorize PPTP dialins with MS-CHAP or MS-CHAPv2 from a
Cisco nas. I do this by proxying the request to the Radius service that
comes with windows2000. Structure:
[Win2k PPTP Client]
|
[Cisco IOS 12.2.13T]
|
[FreeRadius 8.0]
|
[Win2k IAS
Ramprasad A Padmanabhan [EMAIL PROTECTED] wrote:
I can use authentication with System or LDAP without problems
and when I check accounting using something like
cat acctcheck2 | radclient 192.168.2.212 acct abc
where acctcheck2 contains accnt packet I am able to see the accounting
I running FreeRadius 0.8.1 and LDAP v2.0.1.
I've successfully configured Radius to proxy LDAP authentications. It's
really fast (Kudos!) But I need to return a value from the LDAP query.
How do I do this via the proxy? I don't have the authority to extend the
LDAP schema.
Thanks in advance,
authorization request and
before authorization response.
am i right? or you can explain to me in more detail if i misunderstood
your solution.
regards
Alex Zhang
- Original Message -
*From:* Tim McCracken mailto:[EMAIL PROTECTED]
*To:* [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED
routed to the server via a pam module,
hit the freeradius server, verify the username and password in the database,
and let the person on if their info is correct. First question, is this
possible?
I just got done reading about the differences between authorization and
authentication, and from what I
authorization
and authentication, and from what I gather, freeradius can't do
authentication to an SQL database. Is that correct?
Yes. It won't try to log users into an SQL database.
Ideally, what I would like, is to have a database holding all the
usernames and passwords (holding in clear
Alan,Thats what I thought, but the definition of Authorization and Authentication got me a little confused. New question now... I have the MySQL database set up with a test account (username test, password test). When I run radiusd xxp 1645 and try radtest test test localhost:1645 0 testing
Shannon Johnson [EMAIL PROTECTED] wrote:
That's what I thought, but the definition of Authorization and
Authentication got me a little confused. New question now...
...
rlm_sql (sql): User not found in radgroupcheck
rlm_sql (sql): User not found
rlm_sql (sql): Released sql socket id: 2
Shannon
Shannon Johnson [EMAIL PROTECTED] wrote: That's what I thought, but the definition of Authorization and Authentication got me a little confused. New question now.. rlm_sql (sql): User not found in radgroupcheck rlm_sql (sql): User not found rlm_sql (sql): Released sql socket
Shannon,
My users file isn't very large. I'm not going to pretend to know what
most of this means, but suffice it to say that I don't have any dial-in
users, so I'm not sure that the PPP, CSLIP, or SLIP parts apply. If they
don't, should I comment them out?
If there is something in your
Shannon Johnson [EMAIL PROTECTED] wrote:
My users file isn't very large. I'm not going to pretend to know what
most of this means,
That would appear to be the foundation of your problems wrth the
SQL module. The SQL configuration mirrors the 'users' file, so if you
don't understand the
lf Of Alex
ZhangSent: Wednesday, January 15, 2003 9:28 PMTo:
[EMAIL PROTECTED]Subject:
Authorization
Hi,
I'm trying to use freeradius0.8.1 and oracle
with quintum box to build aprepaid voip system.
currently, i havea problem:
ican not modify or insert the
h323-credit-time i
Hi,
I've set up freeradius 0.8 so that users like
john@test get authenticated from a remote RADIUS
server, i.e., freeradius works as a proxy. This is
working well, so no problem here. But: the remote
server only returns authentication data (un/pw
ok/bad), I have authorization data in my local DB
like
john@test get authenticated from a remote RADIUS
server, i.e., freeradius works as a proxy. This is
working well, so no problem here. But: the remote
server only returns authentication data (un/pw
ok/bad), I have authorization data in my local DB
(Session-Timeout etc). How could I add
? for example with radclient ?
It's working ok, yes. I get the authentication data
from the remote server but don't know how to add
authorization data from local db to reply?
On Wed, 27 Nov 2002, Jukka Lehti wrote:
Hi,
I've set up freeradius 0.8 so that users like
john@test get authenticated
Evren, i think you misunderstand the question: Jukka wanted to know how
to ADD authorization data to the response sent by the remote server. The
remote server _doesn't_ send any authorization data, it's not supposed
to and there is nothing to be done about it, at least not by Jukka.
his
forward all the data received from the server. Thats
also another reason why I thought proxy dont receive anything.
Evren
On Wed, 27 Nov 2002, Artur Hecker wrote:
Evren, i think you misunderstand the question: Jukka wanted to know how
to ADD authorization data to the response sent
when you connect it
directly? for example with radclient ?
It's working ok, yes. I get the authentication data
from the remote server but don't know how to add
authorization data from local db to reply?
On Wed, 27 Nov 2002, Jukka Lehti wrote:
Hi,
I've set up freeradius 0.8 so
Jukka wanted to know how to ADD authorization data
to the response sent by the remote server. The
remote server _doesn't_ send any authorization data,
it's not supposed to and there is nothing to be done
about it, at least not by Jukka.
his question is how to mangle the response adding
Artur Hecker [EMAIL PROTECTED] wrote:
his question is how to mangle the response adding authorization data...
Jukka, i think you should take a loot at postproxying available in
freeradius 0.8 or in the snapshots (not sure about that).
No. Once the reply is received from the home server
Hi all,
I'm looking to find a way to dynamically append (or rewrite) attribute
values on proxy server for request responses. This is the basic case where
home server will only authenticate the user, and we need to define the
authorisation data at the proxy server (the home server does not know
Dear all,
Can we call the authorize script directory from
radiusd.conf?
Raymond
attributes
to configure list you have to add these attributes into check table with
':=' (T_OP_SET) or '+=' (T_OP_ADD) operation.
ADK 2. Which item must be set into check list in mschap authorization?
ADK With hope, Alex
ADK -
ADK List info/subscribe/unsubscribe? See http://www.freeradius.org/list
additional steps to proxy request if we use
FreeRADIUS as a proxy): authorization and authentication.
Authorization is a process of obtaining information about user from
external source (file, database or LDAP), and check that information in
request is enough to authenticate user
in mschap authorization?
With hope, Alex
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Aaron T. Weiker [EMAIL PROTECTED] wrote:
Would it be possible to get this put in with the documentation?
See 'doc/aaa.txt' from the current CVS.
I took the liberty of adding articles (the, an), which Russion
doesn't generally use in the same places as in English.
Alan DeKok.
-
List
On Mon, 8 Jul 2002, Ray Hillman wrote:
Hi,
I am hoping that I can configure freeradius 0.6
to allow authentication via LDAP using different
filters depending upon the IP address of the
client.
I realise that I can create multiple instances
of the LDAP module, but I'm unsure of how
to
Hi,
I am hoping that I can configure freeradius 0.6
to allow authentication via LDAP using different
filters depending upon the IP address of the
client.
I realise that I can create multiple instances
of the LDAP module, but I'm unsure of how
to relate each instance to a particular
IP address.
Hi list,
I'm wondering how sql authorization pass to be ignored when my proxy
access-request is accepted.
Now after successfull proxy accept my sql authorization module tries to
authorize the user once more:
rad_recv: Access-Accept packet from host xx.xx.xx.xx:1812, id=12, length=63
attribute to authorize users. however, this approach has its
drawbacks.
1. Since authorization is based on an user attribute, all users have to have
the radiusprofile object class, which increases overhead in direct
proportion to the number of users.
Overhead?
I don't think you add any overhead
3. It is not possible to know exactly how many users can access a
particular
service. Like, if it was based on group or OU membership, a look at the
dial-up group/OU will tell me just how many people can dial into the
network. I can also find out who can dialup by looking at the group
has its
drawbacks.
1. Since authorization is based on an user attribute, all users have to have
the radiusprofile object class, which increases overhead in direct
proportion to the number of users.
2. It is not possible to grant or deny a particular service to a group of
users to reflect changing
On Mon, 17 Jun 2002, Adi Linden wrote:
To re-phrase my question to include everything I want to do...
I want to set a daily limit per user in an LDAP attribute. If the daily
limit is reached, the users connection needs to be terminated and further
login be refused until the next day...
On Mon, 17 Jun 2002, Najeh Ben Nasrallah wrote:
Hi All,
I'm using freeradius 0.5 + openldap 2.x
I've problem setting ldap authorization using the Calling-Station-Id
attribute
the ldap module authorization seems to ignore the check items
OK, do a cvs update. The latest ldap module
On Fri, 14 Jun 2002, Adi Linden wrote:
How can I assign the Max-Daily-Session value in the raddb/users file as
a default for users that do not have this in their LDAP entry? Both of the
following do not work:
DEFAULT
Max-Daily-Session = 1800,
Reply-Message = Default
I am assuming this is done with rlm_count. How can I retrieve the
timelimit from ldap and use it in radius?
counter {
filename = ${raddbdir}/db.counter
key = User-Name
count-attribute = Acct-Session-Time
reset =
On Wed, 12 Jun 2002, Adi Linden wrote:
No you can't. Both have to point to valid DN's in your tree. The
profile_attribute is an attribute contained in the user entry pointing to the
profile to be applied for the user, while User-Profile contains the profile to
be applied in special cases
You can create normal groups in your ldap tree. Then you can do group searches
like this in your users file:
DEFAULT Ldap-Group == admins
Done that, I get the following error when running radiusd -s -xxx:
Module: Loaded files
files: usersfile = /usr/local/etc/raddb/users
Oops, answered my own question. I was working with freeradius-0.5.
DEFAULT Ldap-Group == admins
This works just fine using a cvs checkout.
Adi
On Thu, 13 Jun 2002, Adi Linden wrote:
You can create normal groups in your ldap tree. Then you can do group searches
like this in your
I am looking at using freeradius to authenticate and authorize dialup
users. All the users are in an LDAP databse. There are a few things I need
to be able to do and I am wondering if freeradius will support it.
- Authenticate user by doing a bind to the LDAP server using the users
username
On Wed, 12 Jun 2002, Adi Linden wrote:
I am looking at using freeradius to authenticate and authorize dialup
users. All the users are in an LDAP databse. There are a few things I need
to be able to do and I am wondering if freeradius will support it.
- Authenticate user by doing a bind to
1 - 100 of 131 matches
Mail list logo
