> Tim Sylvester wrote:
> > Try the following:
> >
> > Add this to the top of the Authorize section:
> >
> >
> > if ADSL-Agent-Circuit-Id {
> > update request {
> > User-Name := "%{ADSL-Agent-Circuit-Id}"
> > User-Password :
Tim Sylvester wrote:
Try the following:
Add this to the top of the Authorize section:
if ADSL-Agent-Circuit-Id {
update request {
User-Name := "%{ADSL-Agent-Circuit-Id}"
User-Password := "%{ADSL-Agent-Circuit-Id}"
us@lists.freeradius.org
> [mailto:freeradius-users-
> bounces+tim.sylvester=networkradius@lists.freeradius.org] On Behalf
> Of Mike
> Sent: Wednesday, July 28, 2010 3:37 PM
> To: FreeRadius users mailing list
> Subject: Re: freeradius and ADSL-Agent-Circuit-Id
>
Johan Meiring wrote:
On 2010/07/21 11:00 AM, Alan DeKok wrote:
authorize {
...
if (ADSL-Agent-Circuit-Id&& \
("%{sql: select ...}")) {
update control {
Auth-Type := Accept
}
}
else {
reject
}
}
I disagree with the logic sli
Johan Meiring wrote:
> I disagree with the logic slightly.
> In my opinion it will also be rejected if ADSL-Agent-Circuit-Id does not
> exist.
Yes. It all depends on what you want.
> As fas as I understand, the desireable result is:
> If the ADSL-Agent-Circuit-Id does *not* exist, normal authe
On 2010/07/21 11:00 AM, Alan DeKok wrote:
authorize {
...
if (ADSL-Agent-Circuit-Id&& \
("%{sql: select ...}")) {
update control {
Auth-Type := Accept
}
}
else {
reject
Johan Meiring wrote:
> I'm 100% sure my syntax is wrong today (I'm not an unlang master yet), but
> the idea should work.
>
> Opinions?
Close.
- You need to "update" a specific list.
- you need double quotes around string values
- the parser is *very* specific.
Follow the examples in "man un
On 2010/07/20 10:50 PM, Mike wrote:
authorize {
if %{ADSL-Agent-Circuit-Id} {
update request {
User-Name := "%{ADSL-Agent-Circuit-Id}"
Password := "%{ADSL-Agent-Circuit-Id}"
}
}
Make sure that to add the User-Name (ADSL-Agent-Circuit-Id) to
radcheck and
set the password to the value of ADSL-Age
> This opens up a security hole I wish to avoid - if someone knows what
> my
> circuit Id's look like, and that database is used in any context where
> a
> user can send an id/password to authenticate that does NOT have
> ADSL-Agent-Cirtcuit-Id in it, then I've created a bunch of known user
> id's
> This opens up a security hole I wish to avoid - if someone knows what
> my
> circuit Id's look like, and that database is used in any context where
> a
> user can send an id/password to authenticate that does NOT have
> ADSL-Agent-Cirtcuit-Id in it, then I've created a bunch of known user
> id's
Tim Sylvester wrote:
Ad this into the authorize section:
authorize {
if %{ADSL-Agent-Circuit-Id} {
update request {
User-Name := "%{ADSL-Agent-Circuit-Id}"
Password := "%{ADSL-Agent-Circuit-Id}"
}
Ad this into the authorize section:
authorize {
if %{ADSL-Agent-Circuit-Id} {
update request {
User-Name := "%{ADSL-Agent-Circuit-Id}"
Password := "%{ADSL-Agent-Circuit-Id}"
}
}
Make sure that to ad
12 matches
Mail list logo