RE: freeradius and ADSL-Agent-Circuit-Id

2010-07-28 Thread Tim Sylvester
> Tim Sylvester wrote: > > Try the following: > > > > Add this to the top of the Authorize section: > > > > > > if ADSL-Agent-Circuit-Id { > > update request { > > User-Name := "%{ADSL-Agent-Circuit-Id}" > > User-Password :

Re: freeradius and ADSL-Agent-Circuit-Id

2010-07-28 Thread Mike
Tim Sylvester wrote: Try the following: Add this to the top of the Authorize section: if ADSL-Agent-Circuit-Id { update request { User-Name := "%{ADSL-Agent-Circuit-Id}" User-Password := "%{ADSL-Agent-Circuit-Id}"

RE: freeradius and ADSL-Agent-Circuit-Id

2010-07-28 Thread Tim Sylvester
us@lists.freeradius.org > [mailto:freeradius-users- > bounces+tim.sylvester=networkradius@lists.freeradius.org] On Behalf > Of Mike > Sent: Wednesday, July 28, 2010 3:37 PM > To: FreeRadius users mailing list > Subject: Re: freeradius and ADSL-Agent-Circuit-Id >

Re: freeradius and ADSL-Agent-Circuit-Id

2010-07-28 Thread Mike
Johan Meiring wrote: On 2010/07/21 11:00 AM, Alan DeKok wrote: authorize { ... if (ADSL-Agent-Circuit-Id&& \ ("%{sql: select ...}")) { update control { Auth-Type := Accept } } else { reject } } I disagree with the logic sli

Re: freeradius and ADSL-Agent-Circuit-Id

2010-07-21 Thread Alan DeKok
Johan Meiring wrote: > I disagree with the logic slightly. > In my opinion it will also be rejected if ADSL-Agent-Circuit-Id does not > exist. Yes. It all depends on what you want. > As fas as I understand, the desireable result is: > If the ADSL-Agent-Circuit-Id does *not* exist, normal authe

Re: freeradius and ADSL-Agent-Circuit-Id

2010-07-21 Thread Johan Meiring
On 2010/07/21 11:00 AM, Alan DeKok wrote: authorize { ... if (ADSL-Agent-Circuit-Id&& \ ("%{sql: select ...}")) { update control { Auth-Type := Accept } } else { reject

Re: freeradius and ADSL-Agent-Circuit-Id

2010-07-21 Thread Alan DeKok
Johan Meiring wrote: > I'm 100% sure my syntax is wrong today (I'm not an unlang master yet), but > the idea should work. > > Opinions? Close. - You need to "update" a specific list. - you need double quotes around string values - the parser is *very* specific. Follow the examples in "man un

Re: freeradius and ADSL-Agent-Circuit-Id

2010-07-20 Thread Johan Meiring
On 2010/07/20 10:50 PM, Mike wrote: authorize { if %{ADSL-Agent-Circuit-Id} { update request { User-Name := "%{ADSL-Agent-Circuit-Id}" Password := "%{ADSL-Agent-Circuit-Id}" } } Make sure that to add the User-Name (ADSL-Agent-Circuit-Id) to radcheck and set the password to the value of ADSL-Age

RE: freeradius and ADSL-Agent-Circuit-Id

2010-07-20 Thread Tim Sylvester
> This opens up a security hole I wish to avoid - if someone knows what > my > circuit Id's look like, and that database is used in any context where > a > user can send an id/password to authenticate that does NOT have > ADSL-Agent-Cirtcuit-Id in it, then I've created a bunch of known user > id's

RE: freeradius and ADSL-Agent-Circuit-Id

2010-07-20 Thread Tim Sylvester
> This opens up a security hole I wish to avoid - if someone knows what > my > circuit Id's look like, and that database is used in any context where > a > user can send an id/password to authenticate that does NOT have > ADSL-Agent-Cirtcuit-Id in it, then I've created a bunch of known user > id's

Re: freeradius and ADSL-Agent-Circuit-Id

2010-07-20 Thread Mike
Tim Sylvester wrote: Ad this into the authorize section: authorize { if %{ADSL-Agent-Circuit-Id} { update request { User-Name := "%{ADSL-Agent-Circuit-Id}" Password := "%{ADSL-Agent-Circuit-Id}" }

RE: freeradius and ADSL-Agent-Circuit-Id

2010-07-20 Thread Tim Sylvester
Ad this into the authorize section: authorize { if %{ADSL-Agent-Circuit-Id} { update request { User-Name := "%{ADSL-Agent-Circuit-Id}" Password := "%{ADSL-Agent-Circuit-Id}" } } Make sure that to ad