Difan Zhao wrote:
Anyway I need to proxy some requests to remote home server. I also need
to assign the users to specific VLANs (with some attributes) if they are
successfully authenticated by the remote home server. When I was using
the SQL Alan told me to uncomment “sql.authorize” in the
Hi guys,
Sorry for so many questions ... Everything was working fine until I was told to
not use the SQL DB but use the users file instead... That's why I start to have
all these questions...
Anyway I need to proxy some requests to remote home server. I also need to
assign the users to
Yes, I checked the Access-Accept packet with tcpdump/Wireshark and they
weren't any attributes.
Here are the radiusd -X lines ( password shared keys are for testing
purpose only...) :
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file:
Lucien RENAULT wrote:
Yes, I checked the Access-Accept packet with tcpdump/Wireshark and they
weren't any attributes.
Here are the radiusd -X lines ( password shared keys are for testing
purpose only...) :
The reason to use radiusd -X is to *read* it.
In this case, it's telling you
Lucien RENAULT wrote:
Yes I actually read the radius -X by myself, as well as doc about users
and man 5 users, so I don't really understand why the following lines
don't add attributes to the reply :
The output of radiusd -X shows which lines in the users file are
matched.
In your case,
Yes I actually read the radius -X by myself, as well as doc about users
and man 5 users, so I don't really understand why the following lines
don't add attributes to the reply :
DEFAULT Framed-Protocol == PPP
Service-Type = Framed-User,
Framed-Protocol = PPP,
Fall-Through = Yes
Ok, thanks for your help, I found the problem in radiusd.conf :
In the authorize section, the files line was commented because it
created errors when authorizing with ldap so I uncommented and placed
this line *after* the ldap line, which allowed to authorize using LDAP
and parse the users
Hi,
I'm running a configuration where a Cisco 1600 router is running a PPPoE
server and check user passwords against a freeRadius server running
under FreeBSD.
This Radius server checks passwords against a LDAP database running on
another BSD server.
The authentication is working great, the
Default users file has DEFAULT entries for that Service-Type and
protocol. Default radiusd.conf uses files. You have changed the defaults
and it's not working anymore. In default configuration make changes
only to the ldap section and leave the rest as it was.
Ivan Kalik
Kalik Informatika ISP
Yes indeed, I changed the default entries of the users.conf because
freeradius wasn't replying with the attributes so I tried many tricks in
order to improve this but I never managed to get those attributes in
Access-Accept packets...
I also modified the ldap section of radiusd.conf but this
Yes indeed, I changed the default entries of the users.conf because
freeradius wasn't replying with the attributes
Why? Are you sure that server didn't respont the way it was supposed to?
Send the output from radiusd -X from the request.
Ivan Kalik
Kalik Informatika ISP
-
List
DilipSimha.N.M wrote:
thanks alan,
but why is the below statement given in the dictionary file???
# The attributes number ranges are allocates as follows:
#
# Range: 500-999
# server-side attributes which can go in a reply list
DilipSimha.N.M [EMAIL PROTECTED] wrote:
but why is the below statement given in the dictionary file???
Because the server can store numbers larger than 256. The RADIUS
protocol can't.
ATTRIBUTE Exec-Program-Wait 503 string
and these attributes can be given in the packet!!!
No,
hello,
what's the way to add user-defined attribute into
reply-items?(name,value)
i tried by adding 2 attributes in the dictionary file in raddb, with
the index of 998 and 999.
file: /usr/local/etc/raddb/dictionary
ATTRIBUTE aa 998 string
ATTRIBUTE bb 999 string
But it didn't work.
(i
DilipSimha.N.M [EMAIL PROTECTED] wrote:
what's the way to add user-defined attribute into reply-items?(name,value)
i tried by adding 2 attributes in the dictionary file in raddb, with the
index of 998 and 999.
If they're supposed to go into a packet, they have to be 1..255.
See the RFC's.
thanks alan,
but why is the below statement given in the dictionary file???
# The attributes number ranges are allocates as follows:
#
# Range: 500-999
# server-side attributes which can go in a reply list
# These attributes CAN go in the reply item list.
ATTRIBUTE Fall-Through 500 integer
Holger Steppke [EMAIL PROTECTED]wrote:
What about adding a postproxy stage to the files module with 100% copy of
the standart
funtion just anothere filename ?
That may work. You may want to change a few more things, though,
based on testing.
Alan DeKok.
-
List
Ok,
anothere maybe more acurate description about what i like to get is.
- add attriutes in postproxy to any packet based on
username/realms/wildcards -
What about adding a postproxy stage to the files module with 100% copy of
the standart
funtion just anothere filename ?
Bye
Holger
Hi,
i´am movin away from Cistron and now having a issue with the different
behavior
both servers have. Ciston calls users twice once at the time sending the
resquest and
second when the answer from the home server is recievd.
Could matche there then based on realms, usernames and wildcards.
Wich
Holger Steppke [EMAIL PROTECTED] wrote:
Now i need same function with Freeradius. Well i think a
post_proxy_authorize = yes
would do and my usersfile is parsed again.
Yes. That's what it's there fore.
Is there a better way of doing it in freeradius ?!
That depends on what you want.
20 matches
Mail list logo
