Hegedus Gabor írta:
t...@kalik.net írta:
now I have just one output, this:
Exec-Program output: Tunnel-Private-Group-Id = vlan20
no need /n
That is OK.
and the users file contains:
DEFAULT auth-type = Accept
Tunnel-Type = VLAN,#both are fix, send everytime, when
OK, took me a while but here is the SQL dump and the Debug output. One thing
that's interesting is that I only seem to get my reply attributes from the
radgroupreply table when I am coming from the allowed client-ip-address,
when coming from any other IP I still get an accept but I get not reply
Only problem I see with this approach is that I have to assign every user to
two groups now in radusersgroup table.
Or.. Is there a better way?
--Todd R.
-Original Message-
From:
freeradius-users-bounces+tjrlist=lightwavetech@lists.freeradius.org
Thanks.. I assumed that if something didn't match in the group that there
was a reject. I was unsure how to make it reject if something didn't match
in the group.
I just figured out how to do this I think.
I set up another group called dialusers-denied and then assigned the user to
two groups
Anton Borisov wrote:
I used Start and Stop in accounting for some DNS registrations of my
clients, like this:
~# cat acct_users
...
...
DEFAULT Realm == 'dyndns', Acct-Status-Type == Start, Acct-Type
:= BILL
...
and this works in 1.1.7 !
But for 2.1.1 - this does not work.
Only problem I see with this approach is that I have to assign every user to
two groups now in radusersgroup table.
Or.. Is there a better way?
Well, different. Don't know about better: use huntgroups.
onlythisgroup Client-IP-Address == some address
SQL-Group ==
Thank you for your reply.
Yes, yes.
I have uncommented exec in post-auth section in
/etc/raddb/sites-enabled/default config.
So, another way in 2.1.1 - I've configured this program only with
accounting module.
Some examples:
/etc/raddb/sites-enabled/default
accounting {
...
...
Acct-Type
@inner-tunnel file:
post-auth{
#exec# if remove comment nothing change
get-vlan
}
Why not send the Tunnel-Private-Group-Id in tunneled, accept packet?
No idea. Since it's working in users file and not listed as a module try:
post-auth {
update reply {
get-vlan
}
El lun, 22-12-2008 a las 23:43 +0100, t...@kalik.net escribió:
Why User-Password? Freeradius version?
Freeradius' version is 1.1.7
It should be Cleartext-Password.
This change make that Calling-Station-Id function?
Is it possible to check mac address and password at the same time?
I
Hi,
I'm trying to update NAS-Port in the MySQL database after the user logs
in, using the postauth_query query.
The query I tried looks like this:
postauth_query = UPDATE radcheck SET radcheck.value='%{NAS-Port}' \
WHERE radcheck.username = '%{User-Name}' \
The query I tried looks like this:
postauth_query = UPDATE radcheck SET radcheck.value='%{NAS-Port}' \
WHERE radcheck.username = '%{User-Name}' \
and radcheck.attribute='NAS-Port'
More important is how does it look in the debug. Is it
I added:
authorize {
...
Autz-Type DEVICES {
devices
}
...
}
to sites-available/default and everything now works, MAC authentication from
one device and 802.1x from other. The configuration is complex to say the least
but works great!
Kent
Kent L. Nasveschuk
Systems
I'm using FR 1.1.7 with acct_users but what if you have more complicated
scripts and you're using it on Interim-Updates. Every time when
Interim-Update triggers, this script has to connect to do something
(database connection, do this, do that )...
Is there any other way to something like
t...@kalik.net wrote:
The query I tried looks like this:
postauth_query = UPDATE radcheck SET radcheck.value='%{NAS-Port}' \
WHERE radcheck.username = '%{User-Name}' \
and radcheck.attribute='NAS-Port'
More important is how does it
El mar, 23-12-2008 a las 14:32 +0100, t...@kalik.net escribió:
This change make that Calling-Station-Id function?
Is it possible to check mac address and password at the same time?
Yes.
I changed to Cleartext-Password and rdcheck is like that:
mysql select * from radcheck where UserName =
Thanks a lot
It'working :-)
[sql] expand: %{User-Name} - be...@host.com
[sql] sql_set_user escaped user -- 'be...@host.com'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username =
Enrique Acosta wrote:
But radius.log is reporting this:
Stop looking at radiusd.log. Look at the debug output, as suggested
in the FAQ, README, INSTALL, and nearly daily on this list.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I'm trying to get freeradius v2.1.3 to compile on a Solaris 9 box. I
have openssl installed in /usr/local/ssl/openssl and have pointed the
includes and libraries at that directory. I still get compile errors
during install.
Perl is v5.6.1
OpenSSL is v0.9.6e
./configure runs fine without any
mysql select * from radcheck where UserName = 'jvidal';
+-+--+++---+
| id | UserName | Attribute | op | Value |
+-+--+++---+
| 116 | jvidal | Cleartext-Password | := |
Hi,
I'm trying to set my server up to authenticate everyone in an 802.1x/PEAP
environment without regard to the credentials they provide. Can this be done
with FreeRadius? I'm on version 2.1.3.
Thanks!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
JR Mayberry maybe...@loonybin.net wrote:
I'm not really sure if I'm doing this right, maybe someone can provide
guidance. I have two problems a) how to structure my directory and b) how to
do
two lookups in rlm_ldap.
But, effectively, LDAP is our authorization store and I'm proxying
I'm trying to set my server up to authenticate everyone in an 802.1x/PEAP
environment without regard to the credentials they provide.
And the point of doing PEAP is? If you don't want to authenticate users
- then don't. Leave your ports open and let anyone connect.
Ivan Kalik
Kalik Informatika
The default supplicant behavior in Windows XP is PEAP using the logged-in
user's credentials. I use 802.1x for VLAN switching and I use other methods to
identify which VLAN a machine should be in, so I don't care to validate a
username/password. Can FreeRADIUS authenticate everyone in an
23 matches
Mail list logo
