Hi,
I have problem with Home servers for sending CoA packets. This service works
fine, but i have clients in sql (rml_sql). When NAS are in sql, home servers
for configuring coa must be in sql too. But now they are stationary in text
file defined. Is there some way how to change this ? Or I
Hi All.
I found this error when enabled checkval
rlm_checkval: Could not find attribute named Calling-Station-Id in check
pairs
++[checkval] returns notfound
++[expiration] returns noop
What is the meaning of that error?
Thanks in advance
--
Best Regards,
Danny
-
List
Hi All,
I already found a way to configure it. Thanks a lot.
http://wiki.freeradius.org/guide/Mac-Auth#Note
Thanks
Danny
On Wed, Mar 13, 2013 at 10:14 AM, Danny Kurniawan
danny.kurnia...@fairchildsemi.com wrote:
Sorry for this beginner question. I have read the man_rlm password but
dont
So basically i found this old 2008 case :
Feb 27, 2008; 6:13pm Re: Radius MAC filtering with EAP-PEAP
[image: Alan
DeKok-2]http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=user_nodesuser=106330
11708 posts
Era wrote:
Could you please assist me to find my fault. I
checkval can helpful when you need to apply NAS-identifier
Calling-Station-Id - FR attributes.
checkval calledstationid {
item-name = Called-Station-Id
check-name = Called-Station-Id
data-type = string
notfound-reject = no
}
checkval nasidentifier {
**Calling-Station-Id in check
pairs*
++[checkval] returns notfound
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -
/var/log/radius/radacct/172.21.118.231/auth-detail-20130313
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands
/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -
/var/log/radius/radacct/172.21.118.231/auth-detail-20130313
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/172.21.118.231/auth-detail-20130313
[auth_log] expand: %t
Hi,
I've got a number of FR 2.2.0 servers that invoke sql_log in the inner-tunnel
post-auth in order to write user-name some other attributes into a back end
mysql database server and it all works. If I've got non-eap requests coming in
, the default site deals with it. If I've got eap-based
: *Could not find attribute named *
*Calling-Station-Id in check pairs*
++[checkval] returns notfound
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -
/var/log/radius/radacct/172.21.118.231/auth-detail-20130313
[auth_log]
/var/log/radius/radacct/%{Client
On 13.03.2013 12:46, Alex Sharaz wrote:
Hi,
I've got a number of FR 2.2.0 servers that invoke sql_log in the inner-tunnel
post-auth in order to write user-name some other attributes into a back end
mysql database server and it all works. If I've got non-eap requests coming
in , the
Danny Kurniawan wrote:
Hi Russel,
So we have LDAP auth here. At this time it works fine. But now we want
to added 2 auth, so for example like we want to check the valid user id
/ password from LDAP and also the MAC address listed from the user
attribute in the LDAP.
The ldap attribute
Stanislav Lorenc wrote:
I have problem with Home servers for sending CoA packets. This service
works fine, but i have clients in sql (rml_sql). When NAS are in sql,
home servers for configuring coa must be in sql too. But now they are
stationary in text file defined. Is there some way how to
Hi!
I want to add the LDAP-users current groups as extra attributes to the
authentication reply.
Is it possible? I'm having a hard time finding documentation about this.
Thanks!
Robin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 13/03/13 14:44, Robin Helgelin wrote:
Hi!
I want to add the LDAP-users current groups as extra attributes to the
authentication reply.
Is it possible? I'm having a hard time finding documentation about this.
Yes. Edit the ldap.attrmap to map the LDAP group attribute to a RADIUS
Thanks Alan, let me try that. So basically you are also saying that i don't
need to enable / use checkval module in the siteavailable/default ?
So the Goal here is to have 802.1X PEAP + MAC authentication at the same
time. User connect to wireless AP, prompted for user name password, then
the
On 13 Mar 2013, at 10:52, Phil Mayers p.may...@imperial.ac.uk wrote:
On 13/03/13 14:44, Robin Helgelin wrote:
Hi!
I want to add the LDAP-users current groups as extra attributes to the
authentication reply.
Is it possible? I'm having a hard time finding documentation about this.
Yes.
On 13/03/13 15:11, Arran Cudbard-Bell wrote:
Phili is correct, but this will only work for something like AD,
where you have memberOf attributes which link a user account to a
group.
Good point, got to watch that - my LDAP is getting very AD-centric :o(
-
List info/subscribe/unsubscribe? See
Hi,
On Wed, Mar 13, 2013 at 04:09:55PM +, Alex Sharaz wrote:
On 13 Mar 2013, at 13:05, Olivier Beytrison oliv...@heliosnet.org wrote:
On 13.03.2013 12:46, Alex Sharaz wrote:
coming in the inner-tunnel deals with them. About a week ago
I downloaded the latest 2.2 code from
00cadac7
Defines the function rad_virtual_server, but doesn't call it from anywhere.
Where should that be called? Was there another commit?
-Arran
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Wed, Mar 13, 2013 at 12:58:15PM -0400, Arran Cudbard-Bell wrote:
00cadac7
Defines the function rad_virtual_server, but doesn't call it
from anywhere. Where should that be called? Was there another
commit?
Grr, fatfinger paste bug :)
I'd suggest that either a00c4432 needs backing out,
Danny Kurniawan wrote:
Thanks Alan, let me try that. So basically you are also saying that i
don't need to enable / use checkval module in the siteavailable/default ?
I fail to understand the reason for this question. I gave you an
answer. Instead of doing what I said, your first response
On Wed, Mar 13, 2013 at 4:11 PM, Arran Cudbard-Bell
a.cudba...@freeradius.org wrote:
Yes. Edit the ldap.attrmap to map the LDAP group attribute to a RADIUS
attribute, and add the RADIUS attribute to raddb/dictionary (taking care to
note the comments about numbering i.e. pick a number from
On 13 Mar 2013, at 15:45, Robin Helgelin lob...@gmail.com wrote:
On Wed, Mar 13, 2013 at 4:11 PM, Arran Cudbard-Bell
a.cudba...@freeradius.org wrote:
Yes. Edit the ldap.attrmap to map the LDAP group attribute to a RADIUS
attribute, and add the RADIUS attribute to raddb/dictionary (taking
On 13 Mar 2013, at 13:19, Matthew Newton m...@leicester.ac.uk wrote:
On Wed, Mar 13, 2013 at 12:58:15PM -0400, Arran Cudbard-Bell wrote:
00cadac7
Defines the function rad_virtual_server, but doesn't call it
from anywhere. Where should that be called? Was there another
commit?
Grr,
On 13 mar 2013, at 20:52, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
Next problem seems to be that freeradius ignores when ldap is
returning more than one group, am I correct?
Ignores what?
If you're talking about an xlat query, then yes, it'll only provide the first
result.
On 13 Mar 2013, at 16:17, Robin Helgelin lob...@gmail.com wrote:
On 13 mar 2013, at 20:52, Arran Cudbard-Bell a.cudba...@freeradius.org
wrote:
Next problem seems to be that freeradius ignores when ldap is
returning more than one group, am I correct?
Ignores what?
If you're talking
On 13 Mar 2013, at 18:35, fernando@gmail.com wrote:
Hey,
first of all, sorry my poor english,
im trying to integrate my LDAP server with the freeradius, before 2 days
searching on google i didnt solved the problem.
when i use the command:
ldapsearch -b
hey, thanks for the quickly repply
changed in /modules/ldap
ldap {
server = 200.xxx.xx.47
#identity = cn=admin,dc=x,dc=edu,dc=br
#password = 123abc
basedn = dc=ifsudeste,dc=edu,dc=br
filter = (uid=%{Stripped-User-Name:-%{User-Name}})
but still dont
On 13 Mar 2013, at 20:00, Fernando Barreto fernando@gmail.com wrote:
hey, thanks for the quickly repply
[ldap] expand: dc=,dc=edu,dc=br - dc=x,dc=edu,dc=br
Bbecause you changed the search DN?
In the original request it was:
[ldap] expand: ou=People,dc=x,dc=edu,dc=br -
I tryed both, with ou= or without
I dont kwon what try :s
Enviado do meu Android.
-Original Message-
From: Arran Cudbard-Bell a.cudba...@freeradius.org
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: qua, 13 mar 2013 21:41
Subject: Re: Trying to integrate
Hi,
I'm very sorry if that consider as rude. I said that i will try that and i
just want to make sure i didn't need to use checkval as i already enabled
it. So what i want to do is disabled it and try the solution.
Again, apologize for this misunderstanding.
Thanks Best Regards,
Danny
On Thu,
On 13 Mar 2013, at 22:03, fernando@gmail.com wrote:
now at the PC, i can write better:
1st: shout i uncoment this 2 lines on /modules/ldap
# identity = cn=admin,dc=x,dc=edu,dc=br
# password = 123abc
?
Um yes if you need to do an authenticated bind to search in the directory.
I'm not sure if you are using Novell product or open ldap, but you can see
the basic information on how to integrate with LDAP here
https://www.netiq.com/documentation/edir_radius/pdfdoc/radiusadmin/radiusadmin.pdf
-Danny
On Thu, Mar 14, 2013 at 11:41 AM, Arran Cudbard-Bell
On 13/03/2556 14:53, Danny Kurniawan
wrote:
Hi All.
I found this error when enabled checkval
rlm_checkval: Could not find attribute named Calling-Station-Id
in check pairs
++[checkval] returns notfound
Hi Alan,
I tried to put that command in the /siteAvailable/Default after the LDAP
called and receive this error :
Expected string or numbers at: )
/etc/raddb/sites-enabled/default[62]: Errors parsing authorize section.
}
I also commented back the checkval module.
Thanks
Danny
On Wed, Mar 13,
So this the content of sites-available/default
#
# The ldap module will set Auth-Type to LDAP if it has not
# already been set
ldap
if (control:Calling-Station-Id != %{Calling-Station-Id})
{
reject
}
#
# Enforce daily limits on time spent logged
On Thu, Mar 14, 2013 at 4:44 PM, Danny Kurniawan
danny.kurnia...@fairchildsemi.com wrote:
if (control:Calling-Station-Id != %{Calling-Station-Id})
{
reject
}
IIRC the parser is picky on where the curly braces are located. Look at
Alan's example again, and see man unlang
37 matches
Mail list logo
