Hi,
We're running 1.1.8 on FreeBSD 5.3 and have been delaying the move to
2.x until absolutely necessary. Given the recent libtool22 issues, I'm
thinking it's time to move. Just wondering if people would recommend
moving now to 2.1.9 or waiting a while longer for a stable 2.2?
Thanks
--
Alex
-
Thanks Alan Alan, that's what I wanted to know.
--
Alex
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
We are using Freeradius 1.1.7 to authenticate a large group of users
for one service, with a pgsql backend. I would now like to start using
our radius servers to also authenticate other groups of users for
specific services, e.g. admin users who can access an apache frontend
etc using PAM.
2009/1/2 Alex French a...@evilal.com:
My first thought is to use an attribute like the NAS-Id to identify
the service and require certain user groups for each Nas id in the
clients file.
Sorry, I meant users file.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
that solves my problem
for free (also, it got me to move my code into a perl module, which I
suspect is much more efficient).
Thanks,
Alex
2008/10/8 Alex French [EMAIL PROTECTED]:
Hi all,
I'm using an Exec-Program to do some user-specific stuff when a user
logs out of our network (i.e
2008/10/10 Eric Martell [EMAIL PROTECTED]:
Hi..
I searched thru the forums but not getting the right username after using
regex.
The request I am getting is : [EMAIL PROTECTED] and I need to strip everything
after @ and pass the username as test.
Is there some reason you don't just create
I use an index on acctuniqueid
along with
acct_unique {
key = User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port-Id
}
It works fine for me.
Thanks,
Alex
2008/10/7 Marinko Tarlac [EMAIL PROTECTED]:
acctuniqueid is not unique in default
2008/10/8 [EMAIL PROTECTED]:
Your program should return this. See raddb/modules/echo for instructions.
Ivan,
Sorry, I was not sufficiently clear in my explanation. My program
wants to know if the sql module that ran *before* it failed or
succeded. (And I'm running 1.1.7 not 2.x but the theory
Thanks all for the responses. I will use a DB table for now, and look
at other alternatives once we migrate to 2.x
Alex
2008/10/8 Alan DeKok [EMAIL PROTECTED]:
Alex French wrote:
Sorry, I was not sufficiently clear in my explanation. My program
wants to know if the sql module that ran *before
2008/10/8 Marinko Tarlac [EMAIL PROTECTED]:
create log file on disk and check does it exist or add one column to your
table and write something inside ?
Yes, my fallback solution is to add a column to my radacct table (or
possibly to another, more transient table) that I can do a SELECT FOR
Hi all,
I'm using an Exec-Program to do some user-specific stuff when a user
logs out of our network (i.e. it is invoked with DEFAULT
Acct-Status-Type == Stop).
I'm trying to find a way for it to detect whether the database
accounting module has succeedded in updating the user's accounting
Hi guys,
Sorry if this is slightly OT but I'm hoping someone can advise on an
open-source radius client library in Java for integration with another
project that will be talking to a freeradius server. I have found two,
jradius and tinyradius, but jradius does not seem to be in active
2008/5/12 Alan DeKok [EMAIL PROTECTED]:
http://coova.org/wiki/index.php/JRadius/ClientAPI ?
It's actively supported. Unless there's another jradius out there...
Aha, I was looking at http://jradius-client.sourceforge.net/ which is different.
Thanks for the pointers.
Alex
-
List
Hi,
Not sure if you got this sorted out, but I had the same problem; it
seems that when I upgraded to 1.1.7 the raddb directory itself got
chmod-ed to 700 as well as the config files being chmod 600. Since I
run radiusd as user nobody, hilarity ensued. A few chmods sorted it out.
Thanks,
Alex
Hmmm this might be overly complicated but you could configure realm1
to proxy back to yourself, stripping the realm, then configure each of
the other two as local realms? I imagine there must be a nicer way...
Alex
On 20/08/07, Jeff Crowe [EMAIL PROTECTED] wrote:
Hi all,
Sorry if this
On 19/08/07, Arran Cudbard-Bell [EMAIL PROTECTED] wrote:
Alex French wrote:
This has nothing to do the the radius server. The AP logs out the
user, not the radius server.
Not entirely true.
Yes it is.
See http://wiki.freeradius.org/Disconnect_Messages.
Which says FreeRADIUS server
On 19/08/07, Arran Cudbard-Bell [EMAIL PROTECTED] wrote:
No it's not.
In terms of the RFCs the RADIUS server can have a lot to do with
disassociating someone from an access point.
It can, but it doesn't. Not freeradius.
Look, we can go back and forth on this, but the poor guy wants to know
This has nothing to do the the radius server. The AP logs out the
user, not the radius server.
Alex
On 09/08/07, wow lala [EMAIL PROTECTED] wrote:
hi , any one can tell me , how to logout user???
i use freeradius to my radius server ,i`m testing 802.1x and user login
success with username
Hi guys,
As far as I can see from 1.1.7, this was never rolled into the code.
Can I suggest simply adding an index like this by default:
ALTER TABLE radacct ADD constraint radacct_unique_session UNIQUE (
acctuniqueid);
Then the composition of acctuniqueid can still be set in the unique id
On 23/05/07, Rio Yang [EMAIL PROTECTED] wrote:
NAS (Aptilo) --- FreeRADIUS --- JuniperSBR (Funk)
(FreeRadius proxy to JuniperSBR)
The error message occurred between FreeRADIUS and JuniperSBR.
But then you need to set the same shared secret on the FreeRadius
server and the JuniperSBR,
On 14/05/07, Clark J. Wang [EMAIL PROTECTED] wrote:
I have two RADIUS servers rad_1 and rad_2. For some users rad_1 needs to
forward the requests to rad_2 and I want to add some prefix like `QA/' to
User-Name before forwarding to rad_2. Does FreeRADIUS support that? And how
to configure?
You
Hi,
I'm not sure who maintains the web interface to the CVS tree, but it's
giving a 500 Internal Server Error at the moment.
Alex
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 22/08/06, Alan DeKok [EMAIL PROTECTED] wrote:
i.e. put the attributes into perl hashes, and then make those perlhashes definitive for the new values of the attributes.This wouldinvolve throwing away the previous attributes entirely.So you wouldhave to be *very* careful about modifying the
Yes, this is due to the way rlm_perl works by default (new pairs
can be added but existing ones not changed). Look back a week or so in
the mailing list archives to the problem I was having. There is a patch
on the list that will allegedly make it into HEAD. The patch works
nicely for me.
AlexOn
,On 15/08/06, Boian Jordanov
[EMAIL PROTECTED] wrote:On Monday 14 August 2006 21:27, Alex French wrote:
Boian, Thanks, if you have a patch that actually implements the hash for the operator etc, that would be great (in fact, why not just submit it as a feature). If it's just to change the operator
On 02/08/06, Colm Ennis [EMAIL PROTECTED] wrote:
hiya,does anyone know if users/sql authentication based on the NAS-Port-Idfield possible? and if so how?Colm,What are you going to authenticate? If they can use any username/password, then are you just checking whether a port is active or inactive?
On 13/08/06, Boian Jordanov [EMAIL PROTECTED] wrote:
On Friday 11 August 2006 20:18, Alex French wrote: Hi, Does anyone know if anything was done on the issue below? I'm looking for this functionality too, and I'd prefer not to have to recompile the module
if the feature is available in HEAD
Hi,Does anyone know if anything was done on the issue below?
I'm looking for this functionality too, and I'd prefer not to have to
recompile the module if the feature is available in HEAD or similar
(although I can't see that...).
Thanks,AlexOn 22/06/06, Kenneth Marshall [EMAIL PROTECTED] wrote:
All,
I updated my own checkrad script to access a simple www interface on
an access point (using a nastype of www). Other people might want
to do something similar, and may find my patch a useful basis for
hacking their own. Patch (diff -c) against checkrad v 1.33 attached.
Thanks,
Alex
Hi,
I may be missing something, but is the deletestalesessions directive
unimplemented in rlm_sql?
My scenario is that I'm implementing Simultaneous-Use but I don't want
session_zap() to be invoked at all (I have my own external script to
tidy things up, preserve counters etc).
I belive that this
Hi all,
I've seen this question asked before on the list, but can't figure out
the answer despite much searching of the list and reading the source.
I would like to remove some vendor-specific attributes from accounting
requests that I proxy
outbound (remove them completely, not just set the
All,
I'm having a problem getting slashrealm (/) and atsuffix (@)
realms to co-exist. If I configure them both, only the first one
seems to work.
For example, here I'm trying to use a realm wibble. With the
configuration below, it will work as wibble/alex but not [EMAIL PROTECTED]
If I
Guy,
That would be a really neat feature for us, too.
If you're considering implementing it, I have a feature request: it
would be great if there was also the option to have a complete
logfile containing all realms, in addition to the broken-out files.
This would allow for easier debugging
33 matches
Mail list logo