[EMAIL PROTECTED] wrote:
I cant see WHY the VLAN info needs to reach other sites at all...perhaps
the National Proxy should be stripping out such things? anyway, if memory
Alan,
your logic sounds fine but it has two flaws:
1. you should not depend on someone whom you cannot control to do
Is it possible to delete entire attributes with rlm_attr_rewrite?
Tomasz
--
Tomasz Wolniewicz
[EMAIL PROTECTED]http://www.uni.torun.pl/~twoln
Uczelniane Centrum Informatyczne InformationCommunication Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus
and a mess to
administer.
Is there a better trick to solve this?
Tomasz
-- Tomasz Wolniewicz [EMAIL PROTECTED]
http://www.uni.torun.pl/~twoln Uczelniane Centrum Informatyczne
InformationCommunication Technology Centre Uniwersytet Mikolaja
Kopernika Nicolaus Copernicus University, pl. Rapackiego 1
Alan DeKok napisaĆ(a):
Tomasz Wolniewicz [EMAIL PROTECTED] wrote:
Our university radius server sets VLAN information based on user
attributes form the LDAP directory.
This works fine when the system is used internally. However when our
user authenticates while visiting another institution
Alan DeKok wrote:
Can you not key off of the NAS information, and *not* add VLAN data,
then?
I am not sure what you mean by that. Using NAS information is the only
thing that came to our minds, that is we create a large hunt group
containing all local NASes and add VLAN data only when this
there I
would guess that the first 4 bytes of the Vendor-Specific value should be
the Vendor-Id. But this seems strange that these Ids should be so high and
that they should be different. Am I missinterpreting something?
Tomasz
--
Tomasz Wolniewicz
[EMAIL PROTECTED]http
suggestions.
Best Regards,
Raza.
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Tomasz
to go?
Tomasz
On Wed, Dec 22, 2004 at 11:14:31AM -0500, Alan DeKok wrote:
Tomasz Wolniewicz [EMAIL PROTECTED] wrote:
Does someone have an idea how to switch off LDAP for processing of the
outer part of the EAP-TTLS message?
Put ldap into an Atz-Type block, and configure the server to call
whenever eap returns updated, unfortunately this does not work with
TTLS in which case the outer identity is THE one that we are interested in.
Does someone have an idea how to switch off LDAP for processing of the
outer part of the EAP-TTLS message?
Tomasz
--
Tomasz Wolniewicz
[EMAIL
it to NULL or something could be acceptable.
Yours
Tomasz
On Tue, Nov 30, 2004 at 01:40:26PM +0200, Kostas Kalevras wrote:
On Tue, 30 Nov 2004, Tomasz Wolniewicz wrote:
I am using the groupmembership_attribute to add users to certain groups,
unfortunately rlm_ldap will always also run a subtree
the
groupmembership_filter to (objecClass = nosuchclass), this way with
indexing over the object class the negative reply to this search should be
quick enough, but still I would prefer to simply save this extra call.
Perhaps there is some way that I have overlooked?
Yours
Tomasz
--
Tomasz Wolniewicz
[EMAIL
Of Tomasz Wolniewicz
Sent: Tuesday, July 13, 2004 21:30
To: [EMAIL PROTECTED]
Subject: EAP-TTLS proxying
I hope this is not a totally stupid question.
Suppose a user [EMAIL PROTECTED] wants to access the network at org-2 by
authenticating at org-1 via the proxy mechanism
I hope this is not a totally stupid question.
Suppose a user [EMAIL PROTECTED] wants to access the network at org-2 by
authenticating at org-1 via the proxy mechanism.
Suppose we want to use PAP-TTLS.
It would seem natural that the proxying is done on the basis of the outer
identity and the
13 matches
Mail list logo