Hi All
I have the following in my users file:
DEFAULT User-Name =~ .+\...@example.com, Auth-Type := Accept,
Proxy-To-Realm := DONOTREALM
This Regexp macthes not only user...@example.com but also
user...@example.com.
Is this a bug, or do I have to escape the . in a different way ?
Regards
easyzonecorp.net wrote:
you can not do that after Post-Auth-Type REJECT
you must do after
noresetbytescounter
read on my arti http://www.easyzonecorp.net/network/view.php?ID=1042
Freeradius unlang accept after chap reject.
and then apply it.
i know you can !!
Thx
pawel_221 wrote:
And it works - when user reach transfer limit he gets correct reply message,
but he is rejeceted anyway. It looks like update control doesn't work.
You need to change the reject return code. Do this by adding an
ok to the config:
if (reject) {
ok
Matthias Cramer wrote:
Hi All
I have the following in my users file:
DEFAULT User-Name =~ .+\...@example.com, Auth-Type := Accept,
Proxy-To-Realm := DONOTREALM
This Regexp macthes not only user...@example.com but also
user...@example.com.
Is this a bug, or do I have to escape the
Alan DeKok-2 wrote:
pawel_221 wrote:
And it works - when user reach transfer limit he gets correct reply
message,
but he is rejeceted anyway. It looks like update control doesn't work.
You need to change the reject return code. Do this by adding an
ok to the config:
if
pawel_221 wrote:
It helped - user has rad_recv: Access-Accept packet but does'nt change
Bandwidth. User still have bandwitch which is assigned to his group.
See man unlang. You are putting the bandwidth in the control
list, not the reply list.
Go fix that.
And read man unlang for how
Alan DeKok-2 wrote:
pawel_221 wrote:
It helped - user has rad_recv: Access-Accept packet but does'nt change
Bandwidth. User still have bandwitch which is assigned to his group.
See man unlang. You are putting the bandwidth in the control
list, not the reply list.
Go fix that.
Hi,
I am having a problem where nothing is getting written into radacct on my
database. I can although validate a user on the database using radtest, so i
am guessing dialup.conf (which i haven't touched) is not running the
accounting section. Curently i have not added a NAS, and running locally
Hi,
I am using a FreeRadius server Version 1.0.1 only for accounting with Cisco
gateways.
Now, I want to use the same server with Dialogic gateways.
Dialogic and Cisco have their own RADIUS dictionary.
When I write in a MySQL database the log of accounting, how can I write for
both
Hi,
In order to also return e.g. VLAN IDs (that could be computed from the
inner User-Name in a non-session-resumption enabled config), I can move
the config that sets the VLAN to the outer tunnel post-auth ensure the
inner tunnel sets:
reply:outer User-Name to request:inner User-Name
Hi Alan
Alan DeKok wrote:
Matthias Cramer wrote:
I have the following in my users file:
DEFAULT User-Name =~ .+\...@example.com, Auth-Type := Accept,
Proxy-To-Realm := DONOTREALM
This Regexp macthes not only user...@example.com but also
user...@example.com.
Is this a bug, or do I have
Hello,
every now and then there's a mild interest on this list about enabling
EAP-FAST. In our eduroam RD group, we are currently looking into
EAP-FAST, which naturally includes FreeRADIUS support. Is it worthwhile
posting our results here, for others play with it as well? Or has
everybody
Zhang Shukun escribió:
hi, when i want to start radius in debug mode. error happened.
Failed binding to authentication address * port 1812: Address already
in use
/usr/local/etc/raddb/radiusd.conf[240]: Error binding to port for
0.0.0.0 port 1812
Could you tell me what's wrong?
kill your
hi,
got sql defined in your authenticate section of the inner-tunnel (where EAP
packets by default get proxied to) ?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
pawel_221 wrote:
Alan DeKok-2 wrote:
pawel_221 wrote:
It helped - user has "rad_recv: Access-Accept packet" but does'nt change
Bandwidth. User still have bandwitch which is assigned to his group.
See "man unlang". You are putting the bandwidth
Hi everyone maybe you can help me.
I have a small network of about 10 windows XP machines. I need to set these
machines up so that my users can log into any of these machines.
For me the simplest solution to solve this would be a windows 2003 server
domain controller. Unfortunately due to
On Mon, Jan 18, 2010 at 11:51:28AM -0700, Bryan Boone wrote:
I have a small network of about 10 windows XP machines. I need to set
these machines up so that my users can log into any of these machines.
I was told that a Radius server could accomplish the same thing for me.
Is this true?
On Mon, Jan 18, 2010 at 10:51 AM, Bryan Boone bryan-bo...@msn.com wrote:
I have a small network of about 10 windows XP machines. I need to set
these machines up so that my users can log into any of these machines.
For me the simplest solution to solve this would be a windows 2003 server
At 02:01 PM 1/18/2010, Eric Swanson wrote:
On Mon, Jan 18, 2010 at 10:51 AM, Bryan Boone
mailto:bryan-bo...@msn.combryan-bo...@msn.com wrote:
For me the simplest solution to solve this would be a windows 2003
server domain controller. Unfortunately due to some corporate
restrictions I cannot
On Mon, Jan 18, 2010 at 11:29 AM, freerad...@corwyn.net wrote:
At 02:01 PM 1/18/2010, Eric Swanson wrote:
On Mon, Jan 18, 2010 at 10:51 AM, Bryan Boone mailto:
bryan-bo...@msn.combryan-bo...@msn.com wrote:
For me the simplest solution to solve this would be a windows 2003 server
domain
: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
Url :
https://lists.freeradius.org/pipermail/freeradius-users/attachments/20100118/6f89fcce/attachment.bin
--
Message: 3
Date: Mon, 18 Jan 2010 15:52:14 +0100
From: Fernando fber
Hi guys thanks for the info.
The restrictions are licensing with a windows server.
I didn't realize you could setup Samba to be a domain controller.
thanks for the help. I think I will try the Samba route.
thanks again.
Date: Mon, 18 Jan 2010 11:39:00 -0800
Subject:
So I reverted to the default conf by copying the confs from the source
package. I was forced to alter two lines.
$diff eap.conf /etc/freeradius/eap.conf
155c155
private_key_file = ${certdir}/server.pem
---
private_key_file = ${certdir}/server.key
$diff users
So I reverted to the default conf by copying the confs from the source
package. I was forced to alter two lines.
$diff eap.conf /etc/freeradius/eap.conf
155c155
private_key_file = ${certdir}/server.pem
---
private_key_file = ${certdir}/server.key
$diff users
Hi,
I'm not the ultimate FreeRADIUS authority, but I think you'll find RADIUS is
a poor solution for this, if indeed a solution at all.
I'd say the same thing - SAMBA on a Linux box will easily do this in the
'windows way'.
to use FreeRADIUS to control windows login (ie system login) you
hi,
nostrip in the example.com in proxy.conf
set the auth to LOCAL
this will then get handled locally and the inner-tunnel will
deal with the EAP properly.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I edited proxy.conf to include:
realm example.com {
nostrip
}
and I edited users to read:
user Auth-Type := Local
but no beans, back to the 200+ Proxy-State attributes and a DoS. I also
tried a few capitalizations of the word 'local' just in case it was
sensitive to that,
Huckle Berry wrote:
I edited proxy.conf to include:
realm example.com http://example.com {
nostrip
}
and I edited users to read:
user Auth-Type := Local
Delete that. You don't need it.
but no beans, back to the 200+ Proxy-State attributes and a DoS.
Sorry but
Huckle Berry wrote:
Maybe proxy to itself was a bad way to describe it, you can interpret
the output yourself if you'd like. I took the last 4096 lines of output
... from an endless loop which repeats the same thing.
Why not send the *top* of the output, before it starts to loop back to
For all I know, the top of the output could be 10,000 (or more) lines up.
Funny thing about endless loops, they tend to go on for quite a while. If
you want, I'll post my conf files, which should be the same as the top of
the output, no? The example.com realm should be in proxy.conf if you want
30 matches
Mail list logo