Hi,
I finally found what was the problem. I have read the rlm_sql but
it doesn't show how to limit access by groups. In fact, what i was
trying to do is to run two instances of coova chilli on a machine,
create two groups of users on freeradius database, one for the first
chilli and one a
Jens W. Skov - JS Consult wrote:
> I’m trying to set up external authentication from our router to a
> OSX-server.
>
> I have it working fine if the user is an admin-user on the mac, but if
> I try with a normal user I get:
>
> Auth: rim_opendirectory: User is authorized.
> Auth: rim_opendire
Steve Brown wrote:
> I'm not, and that would explain it nicely; I mentioned in my initial
> message "legacy Freeradius 1.1.2 platform". Is there any way of
> achieving the same end result in v1.x without Unlang?
Unlang isn't in 1.1.x, and is *documented* as not being in 1.1.x. You
can't just tr
Hi,
are you running the preprocess module? if not, then Huntgroups arent looked at
or populated
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
upgarde to 2.1.12 - it has fixes for proxy errors
as for username - you cannot play with User-Name with EAP - use
Stripped-User-Name - see examples
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Fri, Jun 29, 2012 at 12:09 AM, lscrlstld wrote:
> Hi,
>
> I use the policy configs to provide redundant and load-balance to update
> the pool-name.
>
> It´s work fine!
Does it?
> The policy.conf
> policy {
> update_ctlr_PN1 {
> update control {
> P
> ++- if (!Huntgroup-Name) returns ok ++? if (Huntgroup-Name == "list")
> (Attribute Huntgroup-Name was not found)
>
>the problem seems to be your huntgroup.. Can you post your huntgroup
>definitions?
>--
>Jens Weibler
>IT-Services
Hi,
In huntgroup I just have:
...
# Usuario = xxx xxx
l
Thanks for pointing those things out to me. I am no longer proxying back to
myself like that, and I've told the sql module to use stripped user name when
possible and it looks like it's all working now.
Best wishes,
Chris
From: freeradius-users-bounces+c
Hi,
I use the policy configs to provide redundant and load-balance to update
the pool-name.
It´s work fine! But I have same questions...
- Is it the correct way to do it? Is it the better way, considering a
performance in high usage?
- Why the virtual module created in the policy and control upda
On 28/06/12 17:33, Christopher Manigan wrote:
I am trying to use MSCHAPv2 to authenticate users. This works ok, except when
I try to proxy to a realm. Pasted below is the debug of a user trying to
authenticate. The realm is a prefix of the username. What I see buried in the
debug is:
# r
On 28/06/12 17:13, Steve Brown wrote:
On 28/06/12 14:34, Steve Brown wrote:
Is there any way of achieving the same end result in v1.x without Unlang?
If there was a way to simply respond to an accounting request with an
'Accept', like you can with Auth, could I do something like:
You might
"%{User-Name}"
}
} # modules
} # server
server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Checking session {...} for mor
} # modules
} # server
server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Checking session {...} for more modules to load
Module: Checking post-pr
On 28/06/12 14:34, Steve Brown wrote:
Is there any way of achieving the same end result in v1.x without Unlang?
If there was a way to simply respond to an accounting request with an
'Accept', like you can with Auth, could I do something like:
acct_users:
DEFAULT Acct-Status-Type == Interim
On Thu, Jun 28, 2012 at 8:22 PM, Taz Manian wrote:
> I did check the wiki , i have been on it for the last 3 days trying to
> figure this out
>
> I did a search for Pool-Name and i got 4 different results as below
>
> http://wiki.freeradius.org/search?q=Pool-Name
>
> http://wiki.freeradius.org/Rlm
On 28/06/12 14:03, Alan DeKok wrote:
Check that you're using version 2? It looks like you're using version
1. "Unlang" is only supported in version 2.
I'm not, and that would explain it nicely; I mentioned in my initial
message "legacy Freeradius 1.1.2 platform". Is there any way of
achi
Taz Manian wrote:
> I checked each one of them and not one said anything about radcheck or
> radreply.
Because they give examples for the "users" file. They don't give
examples for SQL, LDAP, external programs, Perl, Python, etc.
The "users" file example has the Pool-Name on the first line.
Hello,
After three month having stable situation, the ISP home servers has
started again to loose packet and to have slow response time, then our
freeradius proxies has began to crash again.
We've reproduced the crash with the Git version.
Here's the output that I got with gdb
Going to the
I did check the wiki , i have been on it for the last 3 days trying to figure
this out I did a search for Pool-Name and i got 4 different results as below
http://wiki.freeradius.org/search?q=Pool-Name
http://wiki.freeradius.org/Rlm_sqlippool
http://wiki.freeradius.org/Rlm_ippool
http://wiki.fr
Steve Brown wrote:
> Thanks for the pointer. This is actually what I started with :(
>
> I still get the error "Error: /etc/raddb/radiusd.conf[1433]: Line is not
> in 'attribute = value' format"; line 1433 is this actual 'if ((' line.
It works for me.
Check that you're using version 2? It l
On Thu, Jun 28, 2012 at 7:34 PM, Andrei Petru Mura wrote:
> id | username | attribute | op | value
>
> -++++
> 167 | test1 | Password | := | test1
> 168 | test1
Andrei Petru Mura wrote:
> Now in my database. I have in "radcheck" table two rows:
>
>id | username | attribute| op | value
>
> -++++
> 167 | test1 | Password
On Thu, Jun 28, 2012 at 7:26 PM, Michell wrote:
> Hello,
>
> to some time ago informed me that the ippool not work properly with mysql.
It works just fine
> As it is now?
> I'm not sure what the problems were occurring, but informed me that it
> worked better and smoothly only in postgres.
IIRC
Hi Alan,
Thanks for the pointer. This is actually what I started with :(
I still get the error "Error: /etc/raddb/radiusd.conf[1433]: Line is not
in 'attribute = value' format"; line 1433 is this actual 'if ((' line.
accounting {
if ((Acct-Status-Type == Interim-Update) && (User-Name =
Michell wrote:
> to some time ago informed me that the ippool not work properly with
> mysql. As it is now?
"someone somewhere said something". That's not helpful.
Read the documentation and examples distributed with FreeRADIUS. They
give you the CORRECT answers.
In this case, raddb/sql/
I'm running FreeRADIUS in conjunction with PostgreSQL 9.1. Snippet from
radiusd.conf:
modules {
...
$INCLUDE sql/postgresql/counter.conf
...
}
in my sql/postgresql/counter.conf, I have the following:
sqlcounter dailycounter {
counter-name = Daily-Session-Time
check-name
Steve Brown wrote:
> Reading the unlang man page, I've tried:
>
> accounting {
>
>if ( ("%{Acct-Status-Type}" = "Interim-Update") &&
> ("%{User-Name}" =~ "/@domain/") ) {
That's wrong on a number of levels. The documentation says you can
just refer to an attribute by name. And use '=
Hello,
to some time ago informed me that the ippool not work properly with mysql.
As it is now?
I'm not sure what the problems were occurring, but informed me that it
worked better and smoothly only in postgres.
They try to succeed in this scenario freeradius / mysql?
Thanks for listening,
Mich
Hi all,
I need to stop proxying Interim Accounting for a particular domain on
our legacy Freeradius 1.1.2 platform.
Reading the unlang man page, I've tried:
accounting {
if ( ("%{Acct-Status-Type}" = "Interim-Update") &&
("%{User-Name}" =~ "/@domain/") ) {
update cont
On Thu, Jun 28, 2012 at 7:08 PM, Fajar A. Nugraha wrote:
> On Thu, Jun 28, 2012 at 7:03 PM, Taz Manian wrote:
>> so i know is readying that - i then have a pool set up in radippool
>
> Also, IMHO you should just use rlm_sqlipool. It's easier to setup and debug.
Sorry, I somehow read "radippool"
On Thu, Jun 28, 2012 at 7:03 PM, Taz Manian wrote:
> Hi Guys,
>
>
>
> Im having a problem with Ippools with freeradius2 and i cant seem to get any
> username to get an address from the pool.
>
> 90% of the usernames will have static IP's but i want a few to be in a pool
> but i really am stumped -
Hi Guys, Im having a problem with Ippools with freeradius2 and i cant seem to
get any username to get an address from the pool.90% of the usernames will have
static IP's but i want a few to be in a pool but i really am stumped - i tried
putting username@realm
Framed-Pool
:=
EZPOOL into the
Hi,
> For some reason, it is working now, I did only tiny changes though.
well..you made changes... obviously they were beneficial
> - the differences between the WiKi
> https://confluence.terena.org/display/H2eduroam/How+to+deploy+eduroam+on-site+or+on+campus
> and the cookbook
> http://www.edu
Hi,
Thank you to Stefan, Scot and Alan who took time to reply to me.
For some reason, it is working now, I did only tiny changes though.
What I still don't understand:
- the differences between the WiKi
https://confluence.terena.org/display/H2eduroam/How+to+deploy+eduroam+on-site+or+on+campus
a
On 28.06.2012 09:07, Scott Armitage wrote:
> All,
>
> I was after some clarification about the implementation of CUI in freeRADIUS.
>
>
> My first point is the use of Client IP Address. I notice that client IP
> Address makes a regular appearance but I'm wondering whether it should.
> Looki
Hi,
> I have been running my FreeRADIUS server with out problem for several
> years, identifying to an openLdap backend.
>
> I managed to configure a test WiFi access point to identify with
> 802.1x against that same radius/ldap server.
>
> But I have a problem to configure eduroam, so I would b
All,
I was after some clarification about the implementation of CUI in freeRADIUS.
My first point is the use of Client IP Address. I notice that client IP Address
makes a regular appearance but I'm wondering whether it should. Looking at the
cui.conf the post-auth insert adds the Client IP A
37 matches
Mail list logo
