Jonathan Gazeley wrote:
I'm running FreeRADIUS 2.1.1.
My config block in the post-auth section of the inner-tunnel server
currently reads:
update outer.reply {
User-Name := testing-%{User-Name}
}
FR does indeed appear to be using this block:
Just
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alan DeKok wrote:
Jonathan Gazeley wrote:
I'm running FreeRADIUS 2.1.1.
My config block in the post-auth section of the inner-tunnel server
currently reads:
update outer.reply {
User-Name := testing-%{User-Name}
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arran Cudbard-Bell wrote:
Alan DeKok wrote:
Jonathan Gazeley wrote:
I'm running FreeRADIUS 2.1.1.
My config block in the post-auth section of the inner-tunnel server
currently reads:
update outer.reply {
User-Name :=
Arran Cudbard-Bell wrote:
As far as i'm aware this has never worked,
Weird. I know I tested it before it went in.
I'll try to take a look at it before 2.1.4.
Alan, If the last round of the EAP conversation didn't require data to
be sent to the inner server the outer.User-Name attribute
identical to yours.
But with this change I still get the outer identities in my accounting
logs. Any ideas what's up?
OK, I've solved my problem at least. I had to apply use_tunneled_reply =
yes in the ttls section as well as the peap section. The majority of our
users use peap so I mistakenly
identities in my accounting
logs. Any ideas what's up?
You can then apply your authorisation policy in post-auth where it
should be already :P .
The reason for authorising before we authenticate is because the
database query for authorisation is much faster then the request to the
AD controllers
Jonathan Gazeley wrote:
Sorry to 'bump' my previous post. I'm at a loss as to why FreeRADIUS
expands the username as expected, but why this username never makes it
back to the NAS. Does anyone have any ideas?
No idea... is there anything else that's over-writing the User-Name?
Alan DeKok.
No - this is a completely standard FreeRADIUS configuration. Nothing
relating to rewriting anything has been changed.
In the debug log posted in one of my earlier messages, it appears the FR
server sends an Access-Challenge packet from the inner server using my
statically set outer ID
Sorry to 'bump' my previous post. I'm at a loss as to why FreeRADIUS
expands the username as expected, but why this username never makes it
back to the NAS. Does anyone have any ideas?
Thanks,
Jonathan
Jonathan Gazeley wrote:
I'm running FreeRADIUS 2.1.1.
My config block in the post-auth
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jonathan Gazeley wrote:
No - this is a completely standard FreeRADIUS configuration. Nothing
relating to rewriting anything has been changed.
In the debug log posted in one of my earlier messages, it appears the FR
server sends an
Alan DeKok wrote:
Update the reply. In the inner-tunnel server, post-auth
section, add:
...
update outer.reply {
User-Name = %{User-Name}
}
...
When added in the inner-tunnel server, this block has no effect on the
content of the Access-Accept packets (as shown
Jonathan Gazeley wrote:
When added in the inner-tunnel server, this block has no effect on the
content of the Access-Accept packets (as shown by radiusd -X).
Which version are you running? Is it *using* that entry you added?
Alan DeKok.
-
List info/subscribe/unsubscribe? See
I'm running FreeRADIUS 2.1.1.
My config block in the post-auth section of the inner-tunnel server
currently reads:
update outer.reply {
User-Name := testing-%{User-Name}
}
FR does indeed appear to be using this block:
expand: testing-%{User-Name} -
Hello all,
Am Mittwoch, den 28.01.2009, 11:06 + schrieb Jonathan Gazeley:
Alan DeKok wrote:
Update the reply. In the inner-tunnel server, post-auth section, add:
...
update outer.reply {
User-Name = %{User-Name}
}
...
Done this, doesn't
Alan DeKok wrote:
Update the reply. In the inner-tunnel server, post-auth section, add:
...
update outer.reply {
User-Name = %{User-Name}
}
...
Done this, doesn't seem to work. I guess the NAS doesn't accept it.
Tell the NAS which
Update the reply. In the inner-tunnel server, post-auth section, add:
...
update outer.reply {
User-Name = %{User-Name}
}
...
Done this, doesn't seem to work. I guess the NAS doesn't accept it.
Post the debug. Lets see what name is in the Access-Accept
Jonathan Gazeley wrote:
I have an existing FreeRadius setup for an 802.1x wireless network.
Currently the accounting is done to a MySQL database. Presently, the
username appearing in these records is the outer identity. I want to use
the authenticated inner identity, such that I can rely on my
Thanks for your reply.
I've just got round to looking at your SQL statement - I take it you've
had to edit your queries in dialup.conf to get it to insert some extra
fields? If you wouldn't mind, could you post your changes to the
query/queries?
Thanks a lot,
Jonathan
Alexander Clouter
* Jonathan Gazeley jonathan.gaze...@bristol.ac.uk [Wed, 21 Jan 2009 09:55:04
+]:
Thanks for your reply.
Not a problem.
I've just got round to looking at your SQL statement - I take it you've
had to edit your queries in dialup.conf to get it to insert some extra
fields? If you
Hi,
* Jonathan Gazeley jonathan.gaze...@bristol.ac.uk [Thu, 15 Jan 2009 15:31:19
+]:
I have an existing FreeRadius setup for an 802.1x wireless network.
Currently the accounting is done to a MySQL database. Presently, the
username appearing in these records is the outer identity. I
I have an existing FreeRadius setup for an 802.1x wireless network.
Currently the accounting is done to a MySQL database. Presently, the
username appearing in these records is the outer identity. I want to use
the authenticated inner identity, such that I can rely on my accounting
data e.g.
I see any detail-%Y%m%d log files but only auth-detail-%Y%m%d files.
What am I doing wrong?
My config files:
radiusd.conf:
prefix = /usr/local-2.0.2
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = ${prefix}/var
sbindir = ${exec_prefix}/sbin
logdir =
Is your NAS sending accounting packets?
Ivan Kalik
Kalik Informatika ISP
Dana 25/4/2008, Sergio Belkin [EMAIL PROTECTED] piše:
I see any detail-%Y%m%d log files but only auth-detail-%Y%m%d files.
What am I doing wrong?
My config files:
radiusd.conf:
prefix = /usr/local-2.0.2
exec_prefix =
Good Point :D
Port 1813 is filtered, thanks Ivan I'll see if modifying that it works.
2008/4/25, Ivan Kalik [EMAIL PROTECTED]:
Is your NAS sending accounting packets?
Ivan Kalik
Kalik Informatika ISP
Dana 25/4/2008, Sergio Belkin [EMAIL PROTECTED] piše:
I see any detail-%Y%m%d log
With FreeRadius, Is it possible to log accounting data to both SQL and to
standard Radius files? We would like to upgrade our Cistron Radius to
FreeRadius, and our accounting system (Rodopi)uses standard Radius logs,
but we would like to switch to SQL.
Thanks,
Kevin.
Kevin Hemsley [EMAIL PROTECTED] wrote:
With FreeRadius, Is it possible to log accounting data to both SQL and
to standard Radius files?
Yes.
Just list detail and sql in the relevant accounting sections.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
locally with the DEFAULT entry on my users file
and replicating the accounting logs on the remote radius server
radius.domain.tld
Is this approach fine?
Thanks in advance,
Juan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Stephan
von Krawczynski
Sent: Friday, July 09, 2004 10:40 PM
To: [EMAIL PROTECTED]
Subject: Re: Feeding accounting logs into mysql
On Fri, 9 Jul 2004 16:19:30 +0300 (EEST)
Kostas Kalevras [EMAIL PROTECTED] wrote:
On Fri, 9 Jul 2004, Stephan von
I have the same problem with Stephan. But my priority now is how to
re-install the Radius database without re-installing the whole Freeradius
package. Or can anybody supply me with its data structure so that I could
reconstruct it manually.
this can be done on many ways.
a. you can use a
Stephan von Krawczynski [EMAIL PROTECTED] wrote:
Yes, that would be handy indeed. The only thing I don't get about
this is why there is no mode for radrelay to feed the given detail
file and then just exit.
Submit a patch. It shouldn't be too difficult.
Alan DeKok.
-
List
Hello all,
has anybody a script at hand for feeding some (old) freeradius accounting log
files into a mySQL db?
I know I read somewhere about such a script...
Thanks for any hints
Stephan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Fri, 9 Jul 2004, Stephan von Krawczynski wrote:
Hello all,
has anybody a script at hand for feeding some (old) freeradius accounting log
files into a mySQL db?
I know I read somewhere about such a script...
I would suggest just using radrelay with a properly configured radius server.
I just happen to have such a script.. it's based of something I found a
year or so back, and modified quite a bit. It does the job for me. Unless
you use USR/3com/name_of_the_week Total Control, you'll probably need to
do some modifications.
On Fri, 9 Jul 2004, Stephan von Krawczynski wrote:
On Fri, 9 Jul 2004 16:19:30 +0300 (EEST)
Kostas Kalevras [EMAIL PROTECTED] wrote:
On Fri, 9 Jul 2004, Stephan von Krawczynski wrote:
Hello all,
has anybody a script at hand for feeding some (old) freeradius accounting
log files into a mySQL db?
I know I read somewhere about such a
34 matches
Mail list logo