; FreeRadius users mailing list
Subject: Re: Proxy Question
On Wed, Apr 25, 2012 at 09:19:58AM -0400, David Peterson wrote:
> I have a more of an abstract question as to proxy functionality. Can
> you do the following:
>
>
> b...@bob.com password test
>
> bob.com ->
On Wed, Apr 25, 2012 at 09:19:58AM -0400, David Peterson wrote:
> I have a more of an abstract question as to proxy functionality. Can you do
> the following:
>
>
> b...@bob.com password test
>
> bob.com -> proxy to localhost
> b...@bob.com - reply Access Deny
>
> This would be the norm for th
I have a more of an abstract question as to proxy functionality. Can you do
the following:
b...@bob.com password test
bob.com -> proxy to localhost
b...@bob.com - reply Access Deny
This would be the norm for that realm, just deny everyone.
Except for bob's boss:
b...@bob.com password gooduse
The error on the other side is Invalid_Auth_Type. It is set to only
accept MsCHAPv2 which is fine. I guess the next question is do I need
to set a default auth type for the realm and if so how can I do that
without mucking up the other realms?
On Sat, 2011-06-04 at 07:58 +0200, Alan DeKok wrote
Doty, Seth wrote:
> Currently I have a wireless setup that terminates the outer tunnel
> locally then queries AD to get group/user data. This happens for the
> realm named after the domain,the default realm, and NULL realm and works
> perfectly. What I need to do now is add a new realm (testrealm
Currently I have a wireless setup that terminates the outer tunnel
locally then queries AD to get group/user data. This happens for the
realm named after the domain,the default realm, and NULL realm and works
perfectly. What I need to do now is add a new realm (testrealm)that
terminates the eap t
adius users mailing list'
Subject: RE: new to freeradius - proxy question
Ivan, from the new freeradius proxy I authenticate with/without the realm
using radtest and those packets look the same to me.
[EMAIL PROTECTED] radtest ectest 123 xxx.xxx.65.239:1645 11 QuincY
Sending Access-Request o
drop tcp dstport = 25"
X-Ascend-Data-Filter = "ip in forward 0"
Framed-Routing = None
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of [EMAIL PROTECTED]
Sent: Tuesday, October 21, 2008 11:14 AM
To: FreeRadius users mailing l
>But for users login in without a realm I notice a lot of stop records but
>the curious thing is that I see some with Ascend-Disconnect-Cause =
>PPP-PAP-Auth-Failed. So now im wondering if the proxy at 2.2.2.2 is doing
>something to the packets leaving for 3.3.3.3 that's causing it to fail
>without
Hoping someone can help me or point me in the right direction.
We currently are running a Livingston radius server that does realm and DNIS
proxying. For obvious reasons we want to replace this server with
freeradius.
My current setup is like this.
Livingston radius proxy - let's say it's 1.1.1.
Brian Walters wrote:
> but the authhost and accthost entries can be listed next to each other
> for each realm. I just wanted to make sure there wasn't a short cut of
> allowing a home server to be both. Even with adding 2 entries for each
> home server (1 auth, 1 acct) it's still a big saving with
On Tue, 2007-05-15 at 18:46 +0200, Geoffroy Arnoud wrote:
> Even in 1.1, FreeRADIUS makes the distinction between
> auth and acct hosts for remote servers, when marking
> them dead.
Indeed!
but the authhost and accthost entries can be listed next to each other
for each realm. I just wanted to ma
> Brian Walters wrote:
> > With the new 2.0 release do we have to make 2
> entries for each home
> > server? 1 for auth packets and 1 for acct packets?
>
> Yes, because they are *different* servers. They
> may be different
> programs that share no memory or configuration.
>
> Or, you can con
Brian Walters wrote:
> With the new 2.0 release do we have to make 2 entries for each home
> server? 1 for auth packets and 1 for acct packets?
Yes, because they are *different* servers. They may be different
programs that share no memory or configuration.
Or, you can continue to use the old
With the new 2.0 release do we have to make 2 entries for each home
server? 1 for auth packets and 1 for acct packets?
--
Brian
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jory Privett wrote:
> I have a new FreeRadius server that I set up and everything is working
> great, well all most. What I want to do is have it check a local file and
> if the user is not there then to proxy the request to another server. I can
> make it check the local file or proxy the r
I have a new FreeRadius server that I set up and everything is working
great, well all most. What I want to do is have it check a local file and
if the user is not there then to proxy the request to another server. I can
make it check the local file or proxy the request successfully, I can'
Roberto Greiner <[EMAIL PROTECTED]> wrote:
> Actually I don't wan't it to be proxied
So when you originally said you wanted it to be proxied...
If you want people to be able to help you, tell them what you really
want to do.
Alan DeKok.
--
http://deployingradius.com - The web site
Roberto Greiner wrote:
Alan DeKok wrote:
Roberto Greiner <[EMAIL PROTECTED]> wrote:
Show the *full* log.
rad_recv: Access-Request packet from host E.F.G.H:4126, id=4, length=62
User-Name = "[EMAIL PROTECTED]"
Is this the log from the home server? If so, why? You a
Roberto Greiner wrote:
You've marked that realm as something that shouldn't be proxied.
Why do you expect it to be proxied?
Actually I don't wan't it to be proxied, only that it removes the realm
part to handle it locally. But it's comparing the full entry (with
realm) against the data
Alan DeKok wrote:
> Roberto Greiner <[EMAIL PROTECTED]> wrote:
>
>>> Show the *full* log.
>>>
>> rad_recv: Access-Request packet from host E.F.G.H:4126, id=4, length=62
>> User-Name = "[EMAIL PROTECTED]"
>>
>
> Is this the log from the home server? If so, why? You alrea
Roberto Greiner <[EMAIL PROTECTED]> wrote:
> > Show the *full* log.
>
> rad_recv: Access-Request packet from host E.F.G.H:4126, id=4, length=62
> User-Name = "[EMAIL PROTECTED]"
Is this the log from the home server? If so, why? You already said
the username wasn't stripped, so showi
Alan DeKok wrote:
> Roberto Greiner <[EMAIL PROTECTED]> wrote:
>
>> But when I send a user with the test.com domain, it wasn't stripped. The
>> radiusd -X log below shows the behavior:
>>
>
> Show the *full* log.
rad_recv: Access-Request packet from host E.F.G.H:4126, id=4, length=62
Roberto Greiner <[EMAIL PROTECTED]> wrote:
> But when I send a user with the test.com domain, it wasn't stripped. The
> radiusd -X log below shows the behavior:
Show the *full* log.
> modcall[authorize]: module "files" returns notfound for request 0
> radius_xlat: '[EMAIL PROTECTED]'
ok..
Hy,
I'm having a small problem with the proxy.conf file.
I added the following entry to proxy.conf:
realm test.com{
type= radius
authhost= LOCAL
accthost= LOCAL
secret = foobar
strip
}
But when I send a user wi
Reynold McGuire wrote:
It gets to the pre-proxy, adds the domain after the user name, but doesn't
strip out the 'DOMAIN'
Set "
Do you see any evidence that the 'ntdomain' is actually doing anything? I
don't see much of anything except the one line 'modcall[authorize]: module
"ntdomain" r
ng to be assigned a request
--- Walking the entire request list ---
Sending Access-Reject of id 130 to 10.8.1.254 port 32933
Waking up in 1 seconds...
Threads: total/active/spare threads = 5/0/5
--- Walking the entire request list ---
---CUT---
--
==
Reynold McGuire
Network
ing up in 6 seconds...
rad_recv: Access-Reject packet from host 10.18.1.37:1812, id=0, length=24
Proxy-State = 0x3430
Processing the post-proxy section of radiusd.conf
modcall: entering group post-proxy for request 0
modcall[post-proxy]: module "eap" returns noop for request 0
mo
Ok.
I can see that... Now what about the syntax problem? :)
-R
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Phil Mayers
Sent: Friday, April 21, 2006 1:22 PM
To: FreeRadius users mailing list
Subject: Re: Proxy Question
Bjørn Mork wrote
Bjørn Mork wrote:
"Reynold McGuire" <[EMAIL PROTECTED]> writes:
How can I get freeRadius to see "domain.com\username" and convert that to
"[EMAIL PROTECTED]" and proxy that off?
If you need both styles:
modules {
..
realm suffix {
format = suffix
ing up in 6 seconds...
rad_recv: Access-Reject packet from host 10.18.1.37:1812, id=0, length=24
Proxy-State = 0x3430
Processing the post-proxy section of radiusd.conf
modcall: entering group post-proxy for request 0
modcall[post-proxy]: module "eap" returns noop for request
"Reynold McGuire" <[EMAIL PROTECTED]> writes:
> How can I get freeRadius to see "domain.com\username" and convert that to
> "[EMAIL PROTECTED]" and proxy that off?
If you need both styles:
modules {
..
realm suffix {
format = suffix
delimiter = "@"
How's everyone doing?
I have a proxy question / problem.
I am attempting to get freeRadius to basically proxy via realm. This one
radius server is going to be the proxy to all other radius servers...
I am able to proxy correctly using the following in proxy.conf
---CUT---
Realm ad.domai
I figured out what it was. The situation only arises if the nas-ip address
value is set to localhost (tested with radtest) in the auth-request. In
every other request with real nas-ip values the problem doesnt appear.
Maybe its interesting to know why and somebody got an idea?
> Hello list,
>
>
>
Hello list,
i got a proxy configuration in which all auth requests for a specific realm
is proxied to another radius server. The problem is that if this radius
server isnt reachable the server is marked as dead and every further auth
request is sucessfully authenticated locally in cause of a u
[EMAIL PROTECTED] wrote:
People might be able to do more if they had configs and debug output (-X)
--
Groeten, Regards, Salutations,
Thor Spruyt
M: +32 (0)475 67 22 65
E: [EMAIL PROTECTED]
W: www.thor-spruyt.com
www.salesguide.be
www.telenethotspot.be
-
List info/subscribe/unsubscribe? See h
>
>
>> [EMAIL PROTECTED] wrote:
>>> Greetings. I am using freeradius and want to do the following:
>>> 1. proxy authentication to a secondary server for two-factor
>>> authentication
>>> 2. if the user is authenticated via the home server, add attributes
>>> via
>>> definitions from the local fr
> [EMAIL PROTECTED] wrote:
>> Greetings. I am using freeradius and want to do the following:
>> 1. proxy authentication to a secondary server for two-factor
>> authentication
>> 2. if the user is authenticated via the home server, add attributes via
>> definitions from the local freeradius ser
[EMAIL PROTECTED] wrote:
> Greetings. I am using freeradius and want to do the following:
> 1. proxy authentication to a secondary server for two-factor authentication
> 2. if the user is authenticated via the home server, add attributes via
> definitions from the local freeradius server from a
Greetings. I am using freeradius and want to do the following:
1. proxy authentication to a secondary server for two-factor authentication
2. if the user is authenticated via the home server, add attributes via
definitions from the local freeradius server from a sql database
I can do either 1 o
40 matches
Mail list logo