.
One more question, have you setup several realms? It will be my case,
and if you have some clues it must be a quick win.
Yes, it will work with multiple realms. There is not much that you need
to other than you need to use HINTS or any other way of rewriting in the
radius server to rewrite
Hi,
I have spent some time reading and trying to configure multiple realms to no
avail.
Basically I currently have one active realm and need to have another realm
configured onto the same radius box. For example dsl.example.com.au is one and
voice.example.com.au is the second.
How can I
Shawky Skaff wrote:
Basically I currently have one active realm and need to have another
realm configured onto the same radius box. For example
dsl.example.com.au is one and voice.example.com.au is the second.
You need to configure two realms.
How can I configure the second? I know it’s
On Jul 26, 2011, at 4:36 PM, Alan DeKok wrote:
Charles Plater wrote:
Is there any way to try multiple realms inside an update control
statement? What I want to do is try proxying to one realm, and if that
fails trying the credentials via the local ream. Thanks in advance.
Read raddb
Charles Plater wrote:
If I'm reading raddb/proxy.conf correctly home_server_pool allows for
fail-over and load-balancing configurations.
Yes.
In my case I was to try the
same credentials against multiple servers.
RADIUS doesn't do that. It's a *terrible* idea.
What I'm looking at
On 27 Jul 2011, at 17:14, Charles Plater wrote:
On Jul 26, 2011, at 4:36 PM, Alan DeKok wrote:
Charles Plater wrote:
Is there any way to try multiple realms inside an update control
statement? What I want to do is try proxying to one realm, and if that
fails trying the credentials via
Is there any way to try multiple realms inside an update control statement?
What I want to do is try proxying to one realm, and if that fails trying the
credentials via the local ream. Thanks in advance.
--
Charles Plater
Lead Application Technical Analyst
Internet Services
+1-313-577-4620
ab3
Charles Plater wrote:
Is there any way to try multiple realms inside an update control
statement? What I want to do is try proxying to one realm, and if that
fails trying the credentials via the local ream. Thanks in advance.
Read raddb/proxy.conf. Look for the home server pool section
Greetings freeradius list members,
I'm hoping one of the more experienced FR2 users might shed some light
on a query I have, historically
i've only worked with radiator so i am very much a novice with FR2.
Is it possible to auth different realms off different database server
types within the
Hi,
apples.com auth's off a mysql db
pears.com auth's off Active Directory
yes. set a virtual server as the server in the proxy.conf
or use unlang to update the realm details and send it to a new
virtual server. that VS will only have the relevant engines
configured in it
alan
-
List
We have just installed FreeRADIUS and have basic functionality working for ISP
and Hotspot applications.
For the ISP application, we would like to specify the realms supported on a NAS
basis. Is this feasible and how would one go about configuring it.
Thanks in advance...
-
List
On 1/6/2010 12:13 PM, Nalin Mistry wrote:
We have just installed FreeRADIUS and have basic functionality working for ISP
and Hotspot applications.
For the ISP application, we would like to specify the realms supported on a NAS
basis. Is this feasible and how would one go about configuring
Okay, perfect that was part of the answer I needed, Thanks!
I guess I now have two more questions:
1. Is there a way to manually specify a proxy or Realm in the authorize
section?
2. Is there a way to modify the Realms file to find a realm find the realm
domain.name in from within
Hi,
Okay, perfect that was part of the answer I needed, Thanks!
I guess I now have two more questions:
1. Is there a way to manually specify a proxy or Realm in the authorize
section?
2. Is there a way to modify the Realms file to find a realm find the realm
domain.name in from within
1. Is there a way to manually specify a proxy or Realm in the authorize
section?
Yes.
update control {
Proxy-To-Realm := some_realm
}
2. Is there a way to modify the Realms file to find a realm find the realm
domain.name in from within user.domain.name. Whenever I try I only get
the
Great I'll try the update control..
As for Realms file, I did try using prefix instead of suffix, but in the
case of username.domain.name, it says that the Realm is username and the
Stripped User name is domain.name
Thanks
Bob
On Tue, Oct 20, 2009 at 10:21 AM, Ivan Kalik t...@kalik.net wrote:
Okay, just to update everyone and for others that might search this
mail-listing:
I have finally gotten it, using the code below in the authorize section I
can send host authentication to multiple proxies based on domain name
if ( User-Name =~ /^host\//i ) {
if ( User-Name =~
Hi,
if ( User-Name =~ /^host\//i ) {
if ( User-Name =~ /\\.first\\.domain$/i ) {
update control {
Proxy-To-Realm := first.domain
}
}
if ( User-Name =~ /\\.second\\.domain$/i ) {
update control {
Oops, just a typo :)
Anyway I have tested it with one domains, (I will have more in the future)
but in theory it should work and my testing using RADNTPING and RADIUS -X
shows that it should.
Thanks
Bob
On Tue, Oct 20, 2009 at 12:36 PM, Alan Buxey a.l.m.bu...@lboro.ac.ukwrote:
Hi,
}
}
Thanks
Bob
On Thu, Oct 15, 2009 at 3:38 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
Hi,
What I want to do is proxy requests based on being in multiple realms.
For
example:
Realm1/username.Realm2
so long as the second part with always be username.realm2 (and you dont get
Perfect, I think that is exactly what I want, but I'm hoping you might be
able to help me with the syntax. I am trying this, but is doesn't seem to
work:
# - From the proxy.conf file:
realm host {
if ( Stripped-User-Name =~ .*\.domain\.name ) {
pool = adradius
nostrip
What I want to do is proxy requests based on being in multiple realms. For
example:
Realm1/username.Realm2
Where is Realm1 is host AND Realm2 is some.fqdn then proxy to
xxx.xxx.xxx.xxx
Specifically what I am doing is trying to use FreeRadius to proxy for AD
Domains. I want to enable host based
Hi,
What I want to do is proxy requests based on being in multiple realms. For
example:
Realm1/username.Realm2
so long as the second part with always be username.realm2 (and you dont get
into user.name.realm2 then you can use 2.1.x with unlang to configure what
you need. you need to use
On Tue, 28 Jul 2009, Ivan Kalik wrote:
Thankyou for the reply and suggestion. I've been interstate and just back
now to try it.
Create two mschap module instances, mschap_co1 with first ntlm_auth line
and mschap_co2 with second one.
ok.
Then create redundancy inside Auth-Type
MS-CHAP
radiusd.conf[723] Failed to link to module 'rlm_mschap_co1': Shared object
rlm_mschap_co1.so not found, required by radiusd
radiusd.conf[1949] Unknown module mschap_co1.
radiusd.conf[1949] Failed to parse mschap_co1 entry.
Did you create 3 instances of mschap using aliases like below?
I have used
ntlm_auth --request-nt-key --username=user --password=xxx
--domain=COMPANY1.LOCAL --require-membership-of=COMPANY1-VPN-USERS
ntlm_auth --request-nt-key --username=otheruser --password=xxx
--domain=COMPANY2.LOCAL --require-membership-of=COMPANY2-VPN-USERS
and I get
I've inherited a system which now needs changed and I can't seem to make it do
it! I'm sure it can, but I'm just not familiar enough with FreeRadius to know
how to coax it into doing what I need.
Its a fairly old system, FreeRADIUS Version 1.1.3
Remote users connect to the host using
Great, it does the trick :)
It was simplier than I thought.
Another question: is it safe to write into the same sql
server\database\table by 2 radius servers authenticating the same realm?
--
Andrea Cerrito
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Andrea Cerrito wrote:
How can I let the proxy write in a db just the realm DEF and GHI and ignore
the realm ABC?
Do *conditional* logging to SQL. See Acct-Type, which lets you
conditionally call a module.
I think it can be done in the post-proxy section of the radius.conf... But
how?
Hi to this list,
I'm using freeradius from few weeks, and now I need a little help to
understand how to configure a proxied configuration to do what I need.
My situation:
[ Proxy Frontend ] -- REALM ABC proxied to [ My Radius Server ]
|
|-
Attualmente non sono in sede. Per richieste urgenti contattare lo 800 919299 o
inviare una mail a [EMAIL PROTECTED] oppure a [EMAIL PROTECTED]
Cordiali Saluti
Giuseppe Parlato
Area Network
mailto:[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See
Scott Lambert [EMAIL PROTECTED] wrote:
I was thinking about putting everything into mysql/postgresql databases.
That gets a little harder, because you effectively have 3 passwords
for the user, and want any one of them to work. Th eserver sn't
really set up to do that right now...
It could
Le Fri, Aug 11, 2006 at 02:48:33PM -0400, Alan DeKok ecrivait:
Scott Lambert [EMAIL PROTECTED] wrote:
I was thinking about putting everything into mysql/postgresql databases.
That gets a little harder, because you effectively have 3 passwords
for the user, and want any one of them to
Francois-Xavier GAILLARD [EMAIL PROTECTED] wrote:
It's a bit tricky, any easier way Alan ?
I'm not sure... the main problem is that multiple people with the
same name are dialing into the same NAS equipment. So they really are
the same person, but with many possible valid passwords.
It's a
Le Fri, Aug 11, 2006 at 06:09:21PM -0400, Alan DeKok ecrivait:
Francois-Xavier GAILLARD [EMAIL PROTECTED] wrote:
It's a bit tricky, any easier way Alan ?
I'm not sure... the main problem is that multiple people with the
same name are dialing into the same NAS equipment. So they really
On Sat, Aug 12, 2006 at 01:06:38AM +0200, Francois-Xavier GAILLARD wrote:
Le Fri, Aug 11, 2006 at 06:09:21PM -0400, Alan DeKok ecrivait:
Francois-Xavier GAILLARD [EMAIL PROTECTED] wrote:
It's a bit tricky, any easier way Alan ?
I'm not sure... the main problem is that multiple people
Scott Lambert [EMAIL PROTECTED] wrote:
Would I be able to setup three mysql entries in the way that Alan
suggested for the LDAP setup, but with a different query specified for
each realm which includes the realm in the selection criteria of query?
If the users are logging in with different
to
search google for pointers on how to accomplish this. Unfortunately,
the search terms I have been trying are pretty much useless. multiple
realms, multiple domains combined with or without one NAS, same
NAS ...
If anyone has pointers to documentation that tells me why it can't be
done or how to do
Attualmente non sono in sede. Per richieste urgenti contattare lo 800 919299 o
inviare una mail a [EMAIL PROTECTED] oppure a [EMAIL PROTECTED]
Cordiali Saluti
Giuseppe Parlato
Area Network
mailto:[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See
Scott Lambert [EMAIL PROTECTED] wrote:
I've been using GNU-RADIUS and asked this question on the GNU-RADIUS
list last week but didn't get any responses.
They haven't had a release for 2 years now...
I need to merge dial-up numbers and bring the DSL aggregation together
in order to reduce
Attualmente non sono in sede. Per richieste urgenti contattare lo 800 919299 o
inviare una mail a [EMAIL PROTECTED] oppure a [EMAIL PROTECTED]
Cordiali Saluti
Giuseppe Parlato
Area Network
mailto:[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See
On Thu, Aug 10, 2006 at 05:26:39PM -0400, Alan DeKok wrote:
Scott Lambert [EMAIL PROTECTED] wrote:
I need to merge dial-up numbers and bring the DSL aggregation together
in order to reduce costs. That means, I will have potentially three
users with the username of bob trying to login on
Hello everyone! I am serious newbie and I apologize for my poor netiquette.
I am such a newbie that I cannot tell you what version of free radius that I
am running for I know not where to look.
It is running on red hat 9 box with mysql.
Currently we resell dial-up access; we have to provide the
You should probably look into the strip realms config item since you
only want a single username for all realms.
--
Lewis Bergman
Texas Communications
4309 Maple St.
Abilene, TX 79602-8044
Off. 325-691-1301
Cell 325-439-0533
fax 325-695-6841
-
List info/subscribe/unsubscribe? See
: Adding multiple realms
You should probably look into the strip realms config item since you
only want a single username for all realms.
--
Lewis Bergman
Texas Communications
4309 Maple St.
Abilene, TX 79602-8044
Off. 325-691-1301
Cell 325-439-0533
fax 325-695-6841
-
List info/subscribe
Hi!
I would like to have freeradius behave like this:
- realm 'alwaysok' would always accept authentication
- realme 'checkthis' would always check against mysql
Since now I'd have done this by telling freeradius to proxy one of the
realms to another freeradius the would behave accordingly
Normando Marcolongo [EMAIL PROTECTED] wrote:
I would like to have freeradius behave like this:
- realm 'alwaysok' would always accept authentication
- realme 'checkthis' would always check against mysql
Sure, but they're not really realms.
Is there a more elegant way of doing this?
Yes.
I have an ISP scenario using freeradius 1.0.1. to
authenticate dialup
customers on our single domain. We use a Mysql backend.
We have added a second domain for a national dialup service. A 3rd
party providing the POPS will pass radius requests to our
radius servers.
Question:
On Thu, 2 Dec 2004, Christian Reeves wrote:
I have an ISP scenario using freeradius 1.0.1. to
authenticate dialup
customers on our single domain. We use a Mysql backend.
We have added a second domain for a national dialup service. A 3rd
party providing the POPS will pass radius
Alan,
Thanks for your quick response. I put several more hours of testing
in after I made this posting and determined it is almost certainly
not a radius issue, but probably a PAM or Kerberos issue, so I am
starting to dig deeper in those areas. The LDAP information is
interesting and may
I am new to this list and am hoping for some assistance with my freeradius
configuration. Please forgive me if this is a stupid qustion, but I am
stumped.
Background:
Red Hat 9.0
Freeradius (from RH)
The RPMs that seem most relevant are:
freeradius-0.9.3-1
krb5-libs-1.2.7-14
I have a freeradius server accepting proxy requests for
multiple Called-Station-Ids
I would like the SQL database field realm to
properly reflect what realm it is actually proxying for.
The problem is that if I put Called-Station-Id in the users
file and put the realm information in
PROTECTED] [mailto:freeradius-
[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: Monday, February 23, 2004 12:38 PM
To: [EMAIL PROTECTED]
Subject: Re: Multiple realms
Anson Rinesmith [EMAIL PROTECTED] wrote:
I would like the SQL database field realm to properly reflect what
realm it is actually
Anson Rinesmith [EMAIL PROTECTED] wrote:
DEFAULT Called-Station-Id == 2345678901, Realm := isp1.net
In both users and acct_users
And I still get DEFAULT put in the realm field in my database.
Then read the debug log to see where the DEFAULT realm is coming from.
Alan DeKok.
-
List
Sent: Monday, February 23, 2004 2:46 PM
To: [EMAIL PROTECTED]
Subject: Re: Multiple realms
Anson Rinesmith [EMAIL PROTECTED] wrote:
DEFAULT Called-Station-Id == 2345678901, Realm := isp1.net
In both users and acct_users
And I still get DEFAULT put in the realm field in my database
1) Use preproxy.
2) Yes correct.
Jyran Glucky
- Original Message -
From: Dave Mason [EMAIL PROTECTED]
To: freeradius mailing list [EMAIL PROTECTED]
Sent: Monday, January 12, 2004 7:11 PM
Subject: questions about multiple realms and proxy
Hi,
This may be in a FAQ or earlier thread
56 matches
Mail list logo
