Hello,
I need to modify proxy-reply auth packet with condition. All i need - if proxy
user enter UserName like
'username#554466' send UserName like 'username' to proxy (its already
work) and check proxy-reply - if it consist av-pair
Ascend-CBCP-Mode=CBCP-Any-Or-No changer this pair value to
ChristosH wrote:
Okay, in the radius.c file they call a function rad_chap_encode() that uses
the password attribute.
Is that what I'm looking for?
Yes.
It's a VALUE_PAIR type, so could I check and modify the password-length and
password-strvalue in that function?
Huh? Why? Do it
Matt Ashfield wrote:
Based on the WIKI FAQ, I found:
The following entry denies access to a group of users. The same restrictions
as above on location in the raddb/users file also apply:
DEFAULT Group == disabled, Auth-Type := Reject
Reply-Message = Your account has been disabled
But
Victor wrote:
proxy.conf:
post_proxy_authorize = yes
In the CVS head you can use postproxy_users file, which is a much
better solution.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List
Hello,
I'm using FreeRADIUS with Coova Chilli in proxy mode with IEEE
802.1Xauthentication (PEAP auth. method to be more specific).
In my network there are 6 Access Point that use TKIP as security protocol.
Now I need that the Supplicants can do roaming between the Access Points.
The IEEE 802.1X
Josh Shamir wrote:
Now I need that the Supplicants can do roaming between the Access Points.
The IEEE 802.1X asserts that can be used two mechanisms to obtain roaming :
- PMK Caching
- Pre Authentication
I would to know how I could implement this mechanisms in my system. Are
requested
Hi,
[EMAIL PROTECTED] wrote:
Oh, by the way, may be this is a little off-topic but can I authenticate
windows xp users through peap without using a certificate?
you COULD decide not to trust or check any certificate. nasty though.
Radius says peap needs tls for windows xp
Hi!
How can I configure radius to always check the group table for a user without
utilizing the Fall-Through parameter in the radreply table for a particular
user??
I tried to use read_groups=yes in the sql.conf but it didn't help.
Thanks in advanced
-tomasz
-
List
Hi!
I'm trying to configure freeradius with rlm_krb5 using mini howto from Enrik
Berkhan http://archives.free.net.ph/message/20060104.153134.68c5be76.en.html
, but i have some troubles.
when i type
radtest [EMAIL PROTECTED] userpass localhost 10 testing123
i got:
Sending
Hi List,
I want to accomplish following task with freeradius:
Users have two possibilities to authenticate
1. Authentication via username ldap password
2. Authentication via username mini Token
What would be a possible solution?
Do the normal authentication with username and password against
Is it possible to specify a range of IP addresses in a huntgroups file?
What I am trying to accomplish is:
1) AAA authentication to our Cisco devices using radius
2) Only allow people in a specific group to access the devices
3) Reject everyone else.
I am using the following:
huntgroups:
Dear all
I have installed freeradius on RHEL with MSSQL server and it is
working fine but now i have facing problem regarding disconnecting of users my
NAS is cisco Router it is l2tp so what i do for this ??? problem ??
and i want to connect my dialupadmin with mssql
hi
i try to proxy eap-ttls request from a freeradius server to another
i use outer identity [EMAIL PROTECTED] and username [EMAIL PROTECTED]
first server proxy to the second a request with anonymous as username
so it don t work
if i use outer identity [EMAIL PROTECTED] ( anoterdomain is local
to
It is possible with a huntgroups like:
gear NAS-IP-Address IPaddress1 , NAS-IP-Address IPaddress2
Group == admin
But I would assign admin group it's address pool and then restict access
with access control lists. That should be the job for the firewall.
Ivan Kalik
Kalik
i try with a user in the users file : same probleme
[EMAIL PROTECTED] and [EMAIL PROTECTED] dont work ( proxy a request with
user-name = anonymous )
[EMAIL PROTECTED] and [EMAIL PROTECTED] works
i have two differents versions of freeradius on the two server
hi
i try to proxy eap-ttls request
satish patel wrote:
Dear all
I have installed freeradius on RHEL with MSSQL server and
it is working fine but now i have facing problem regarding disconnecting
of users my NAS is cisco Router it is l2tp so what i do for this ???
problem ??
You have to do it at the NAS
On Wednesday 28 February 2007 10:40, satish patel wrote:
Dear all
I have installed freeradius on RHEL with MSSQL server and it
is working fine but now i have facing problem regarding disconnecting of
users my NAS is cisco Router it is l2tp so what i do for this ??? problem
??
To kick a user of the Cisco router use:
clear intreface virtual-access number
You can see which number with:
show users
As far as I know Dialup Admin doesn't work with MSSQL, only MySQL and
PostgreSQL.
Ivan Kalik
Kalik Informatika ISP
http://www.kalik.co.yu
Dana 28/2/2007, satish patel
Hello,
I have freeradius 1.1.2 set up to listen on both ports 1812/1813 and
1645/1646. This is simply to separate user and admin login. What I
would like to do is to add logging based on the port. I could add
%{NAS-Port-Type} to the Detail such as:
detailfile =
Dear all,
I just do a fresh installation of FBSD 6.2 and FR 1.1.4
According to http://www.chillispot.org/forum/viewtopic.php?t=37...
--
We still need to add a structure of database which FreeRadius is going to
use. In folder
I've figured out the solution to my own problem...
For the benefit of all, if i understand correctly, when the Windows port
of FreeRadius runs, all the folders created are owned by the system
process, and since it is created in 0666 mode, nobody can delete the
files created within.
To remove
On 3/1/2007, Andrew D [EMAIL PROTECTED] wrote:
how and where to get the structure file ?
Try looking in /usr/local/share/doc/freeradius/examples/
docs for freeradius are in /usr/local/share/doc/freeradius/
Thx Andrew.. I found it at /usr/local/share/doc/freeradius/examples/
Next questions...
Dear
I got ans what to do with cisco router if u want to start
PoD packet of disconnect basicaly it is IOS security feature so defult stop of
disable so u have to start it with
#aaa pod server command
more document on this site :
Dear guys
I have faceing some problem when i installed latest version of
freeradius on RHEL and i start radiusd process after few min my radiusd process
die and killed so why this happend and what is the best option to start radiusd
???
#radiusd --help -- how to start
24 matches
Mail list logo
