You can use Session-Timeout attribute in your radreply sql table like:
+-+---+-++-+---+
| id | UserName | Attribute | op | Value |
+-+---+-++-+---+
| | 257 | test | Session-Timeout | := | 1800|
Hi,
vijay Auth-Type := Local, Cleartext-Password == 123qwe,
1 ^ 2
1 is wrong. you dont need it.
2 is wrong, operator should be := , not ==
Above mentioned is my configuration. when i try to connect client with SSH
it is not
In an accounting server, I would like to be able to parse the Class
attribute with a regexp to pull parts out. However the standard dictionary
defines it as 'octets' which makes it hard to parse - and I'd like to avoid
modifying the dictionary if possible.
Copying it to a 'string' attribute
Just add the line:
ATTRIBUTE Class 25 string
to the end of raddb/dictionary. It will override the type defined in
the standard dictionaries, which you may not want to fiddle with too
much.
On Thu, Jan 27, 2011 at 2:45 PM, Brian Candler b.cand...@pobox.com wrote:
Brian Candler wrote:
I notice that recently a %{integer:...} expansion was added. Is there
perhaps a case for a corresponding %{string:...} expansion?
Yes.
Editing the dictionaries is not recommended, as it can have additional
side effects. Adding %{string:Class} is pretty specific.
The python module is currently catching NO exceptions. There are no try/except
blocks. Right now I just have the module simply printing something and
returning OK for everything...just as a proof of concept.
Thanks though,
--Brian
From:
McCann, Brian wrote:
The python module is currently catching NO exceptions. There are no
try/except blocks. Right now I just have the module simply printing
something and returning “OK” for everything…just as a proof of concept.
IIRC, the python libraries do trap signals, for a variety of
Hi experts,
I'm wondering if it's possible for the radius.log file to show the NAS IP
instead of the client name (which is IP range in my case).
Currently the log looks like:
Thu Jan 27 11:53:15 2011 : Auth: Login incorrect: [08000f513f60/08000f513f60]
(from client 10.143.115.0/24 port 50303
Difan Zhao wrote:
I’m wondering if it’s possible for the radius.log file to show the NAS
IP instead of the “client” name (which is IP range in my case).
Read radiusd.conf, look for msg_goodpass
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
For years, we've been doing simple EAP-TLS with various versions of
FreeRADIUS. Now, a new requirement has come down to me such that radius
will have to reject certain valid client certs based on a string in the
Subject field of the client cert.
I've met this need (using 2.1.11 from git) with a
hi,
you are authenticating...and then rejecting in the post-auth
stage. you really need to break the process in the authentication
stage.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 1/27/2011 1:14 PM, Alan Buxey wrote:
you are authenticating...and then rejecting in the post-auth
stage. you really need to break the process in the authentication
stage.
Thanks. That's actually my goal. But unlang isn't allowed in
authenticate{}, and my attempts to sneak it into the
On 01/27/2011 06:04 PM, Matt Garretson wrote:
For years, we've been doing simple EAP-TLS with various versions of
FreeRADIUS. Now, a new requirement has come down to me such that radius
will have to reject certain valid client certs based on a string in the
Subject field of the client cert.
On 1/26/2011 23:49, piston wrote:
Hi
Is that possible to reset the sql counter every 30 minute?
Basically, i need to get user free access of 20 minutes, after 20
minutes NAS will logout the user.
And the user is allow to login again after 30 minute.
Thanks
-
List
On 1/27/2011 1:24 PM, Matt Garretson wrote:
Thanks. That's actually my goal. But unlang isn't allowed in
authenticate{}, and my attempts to sneak it into the authentication
phase via the tls{} section in eap.conf didn't seem to work.
Any other ways to do it?
Replying to myself here I
On 1/27/2011 3:41 PM, Matt Garretson wrote:
The XP client still tries three times (duh), but at least radius.log reflects
a failure:
Error: TLS_accept: error in SSLv3 read client certificate B
Error: rlm_eap: SSL error error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no
Hi,
i prepare freeradius with eap/peap and the users file that works fine.
Now i setup a sql database,
i can use radtest or radeapclient to check the user and password in the
database and it works fine,
but if i try to connect to freeradius the request will be rejected and i
have no idea why
On 1/27/2011 3:03 PM, Phil Mayers wrote:
I've met this need (using 2.1.11 from git) with a simple bit of unlang
in post-auth{}:
if ( %{TLS-Client-Cert-Subject} =~ /OU=Evil/ ) {
reject
}
Just put this in the authorize section? If it's early in the EAP
conversation, TLS-Client-*
Hello,
https://github.com/alandekok/freeradius-server/blob/stable/raddb/modules/smsotp
Are there any daemons available that can be used by the freeradius rlm_smsotp
plugin?
Or do I need to write my own..
Thanks!
-- Pasi
-
List info/subscribe/unsubscribe? See
Hi,
I have a problem with passwor-matching. Everything seams to be all
right, but radius still won't accept shared_secret.
I use radius with mysql-database for ssh authenticate. If I try to
authenticate with radtest on server (10.10.10.11) - it works fine. If I
try to authenticate vom client
part --
An HTML attachment was scrubbed...
URL:
lt;https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110127/1b123166/attachment.htmlgt;
--
Message: 3
Date: Wed, 26 Jan 2011 23:49:38 -0800 (PST)
From: piston lt;pisto
21 matches
Mail list logo