Correct syntax is %{sql:...}, not {%sql:...}.
On 26.03.2013 2:20, Mehdi Ravanbakhsh wrote:
Hi All
I am create stored persedure in postgresql database named
findout_cuncurrent_session_for_a_user_result that return Deny or
Permit .
I need to call this persidure in session section but it not
Hi,
i dont have any information in session section in radius.log just one
line:
# Executing section session from file
/usr/local/etc/raddb/sites-enabled/default
# Executing section post-auth from file
/usr/local/etc/raddb/sites-enabled/default
debug log.
radiusd -X
alan
Hi,
I am create stored procedure in postgresql database named
findout_cuncurrent_session_for_a_user_result that return Deny or
Permit .
please dont ask the same question - people have read it. or dont read the
mailing list
frequently.
alan
-
List info/subscribe/unsubscribe? See
Hi,
We have a Freeradius server configured with 3 instances, each using
particular authorize, authenticate and accounting section.
Each server listen on a particular port.
Each server is used by a WLAN on access point.
Our problem is that many basic access point can only declare one
radius
On Tue, Mar 26, 2013 at 10:53:36AM +0100, Emmanuel BILLOT wrote:
Considering request show lines like
Called-Station-Id = C0-8A-DE-3D-B4-09:TEST
or
Called-Station-Id = C0-8A-DE-3D-B4-09:WIFI
where TEST and WIFI are the SSID concerned.
How can we route request to different ports of the
On 03/25/2013 11:42 PM, Jaap Winius wrote:
Is this new behavior intentional, or is it simply a bug? In either case,
is there a workaround or a code fix for this, or should I continue to
use 2.1.10?
Actually neither - you should be using 2.2.0 or 2.2.1 when it's release,
as the 2.1.10/11/12
Бен Томпсон wrote:
I have an issue with an installation of FreeRADIUS 2.2.0 configured
for DHCP, and I am seeing a problem where FreeRADIUS is replying to
the wrong port on the DHCP relay.
The request comes in like this :-
Received DHCP-Discover of id de6dc6f2 from 10.77.1.254:68 to
Hello,
Using Freeradius 2.1.10 I have been trying to see if I can proxy a
request to a remote server but using a different User-Name attribute
based on the original request User-Name attribute.
For example so that:
Request 'j.blo...@plymouth.ac.uk' gets proxied to remote server with
Try adding the SQL module to the jnstantiate section of radiusd.conf
From the radiusd -X output:
including configuration file /etc/raddb/modules-enabled/logintime
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/sql.conf
Not sure what you mean by
On 03/26/2013 12:52 PM, Peter Kaagman wrote:
Try adding the SQL module to the jnstantiate section of radiusd.conf
From the radiusd -X output:
including configuration file /etc/raddb/modules-enabled/logintime
including configuration file /etc/raddb/eap.conf
including configuration file
On 26.03.2013 13:50, John Horne wrote:
Hello,
Using Freeradius 2.1.10 I have been trying to see if I can proxy a
request to a remote server but using a different User-Name attribute
based on the original request User-Name attribute.
For example so that:
Request 'j.blo...@plymouth.ac.uk'
Hi,
Try adding the SQL module to the jnstantiate section of radiusd.conf
From the radiusd -X output:
including configuration file /etc/raddb/modules-enabled/logintime
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/sql.conf
edit the dialup.conf
On 26.03.2013 13:52, Peter Kaagman wrote:
Try adding the SQL module to the jnstantiate section of radiusd.conf
From the radiusd -X output:
including configuration file /etc/raddb/modules-enabled/logintime
including configuration file /etc/raddb/eap.conf
including configuration file
Set up proxy.conf with entries for the right ports, then you
should be able to do something like (example, untested):
authorize {
if (Calling-Station-Id =~ /^.*:([a-zA-Z]+)$/) {
update control {
Tmp-String-0 := %{1}
}
}
switch %{Tmp-String-0} {
case 'TEST'
Set up proxy.conf with entries for the right ports, then you
should be able to do something like (example, untested):
authorize {
if (Calling-Station-Id =~ /^.*:([a-zA-Z]+)$/) {
update control {
Tmp-String-0 := %{1}
}
}
switch %{Tmp-String-0} {
case 'TEST' {
Not sure what you mean by that... to me it looks like sql.conf is
loaded
Yes the configuration file is loaded.
But it seems that you do not use the sql module anywhere within your virtual
server. If you look at your debug output, you won't find a
Module: Instantiating module sql
If
On Tue, Mar 26, 2013 at 02:20:40PM +0100, Emmanuel BILLOT wrote:
How about hyphen SSID ? ex : WIFI-TEST
I failed in writing regex for it...
if (Calling-Station-Id =~ /^.*:([a-zA-Z-]+)$/) {
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T.
Le 26/03/2013 14:45, Matthew Newton a écrit :
On Tue, Mar 26, 2013 at 02:20:40PM +0100, Emmanuel BILLOT wrote:
How about hyphen SSID ? ex : WIFI-TEST
I failed in writing regex for it...
if (Calling-Station-Id =~ /^.*:([a-zA-Z-]+)$/) {
Matthew
Thanks it seems to be ok. Proxy should resent
On Tue, Mar 26, 2013 at 02:24:21PM +0100, Emmanuel BILLOT wrote:
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++? if (Called-Station-Id =~ /^.*:(.*)$/)
? Evaluating (Called-Station-Id =~ /^.*:(.*)$/) - TRUE
++? if
On 26/03/2013 13:52, Emmanuel BILLOT wrote:
authorize {
if (Called-Station-Id =~ /^.*:([-a-zA-Z]+)$/) {
update control {
Tmp-String-0 := %{1}
}
}
switch %{Tmp-String-0} {
That needs to be:
switch %{control:Tmp-String-0} {
-
List info/subscribe/unsubscribe? See
On Tue, Mar 26, 2013 at 02:52:48PM +0100, Emmanuel BILLOT wrote:
Thanks it seems to be ok. Proxy should resent request to virtual
server so it should work.
But now i have
authorize {
if (Called-Station-Id =~ /^.*:([-a-zA-Z]+)$/) {
update control {
use instead:
update request {
On 26/03/2013 12:50, John Horne wrote:
Hello,
Using Freeradius 2.1.10 I have been trying to see if I can proxy a
request to a remote server but using a different User-Name attribute
based on the original request User-Name attribute.
You can do this, but it might break things because you're
Hi.,
I've been running ntlm_auth to authenticate our 802.1x users against AD for a
number of months without problems…… until this morning when our Systems group
tightened up auth requirements to only use NTLMv2. and my ntlm_auth module
started failing
I'm running FR van 2.2 and samba Vsn 3.6.3
Alex Sharaz wrote:
I've been running ntlm_auth to authenticate our 802.1x users against AD for a
number of months without problems…… until this morning when our Systems group
tightened up auth requirements to only use NTLMv2. and my ntlm_auth module
started failing
Which breaks RADIUS.
Le 26/03/2013 15:05, Phil Mayers a écrit :
On 26/03/2013 13:52, Emmanuel BILLOT wrote:
authorize {
if (Called-Station-Id =~ /^.*:([-a-zA-Z]+)$/) {
update control {
Tmp-String-0 := %{1}
}
}
switch %{Tmp-String-0} {
That needs to be:
switch %{control:Tmp-String-0} {
On 26/03/2013 14:21, Alex Sharaz wrote:
Hi., I've been running ntlm_auth to authenticate our 802.1x users
against AD for a number of months without problems…… until this
morning when our Systems group tightened up auth requirements to only
use NTLMv2. and my ntlm_auth module started failing
As
2013/3/26 Alan DeKok al...@deployingradius.com:
Бен Томпсон wrote:
I have an issue with an installation of FreeRADIUS 2.2.0 configured
for DHCP, and I am seeing a problem where FreeRADIUS is replying to
the wrong port on the DHCP relay.
The request comes in like this :-
Received
On 26/03/2013 15:00, Phil Mayers wrote:
You should ask on the Samba lists - if a windows domain member can do
it, there must be a newer API/RPC which Samba could implement.
In fact, a couple of minutes with google gives me this thread:
On Tue, 2013-03-26 at 14:13 +, Phil Mayers wrote:
On 26/03/2013 12:50, John Horne wrote:
Hello,
Using Freeradius 2.1.10 I have been trying to see if I can proxy a
request to a remote server but using a different User-Name attribute
based on the original request User-Name attribute.
On 26/03/2013 15:09, Phil Mayers wrote:
On 26/03/2013 15:00, Phil Mayers wrote:
You should ask on the Samba lists - if a windows domain member can do
it, there must be a newer API/RPC which Samba could implement.
In fact, a couple of minutes with google gives me this thread:
On 26/03/2013 15:12, John Horne wrote:
What is the upstream proxy?
Microsoft domain controller (DC).
As in, Microsoft NPS running on a DC?
Can you explain why you want to do this? Obviously it's possible to
manipulate the packet in many ways, but your goal may be best
accomplished
Phew!
o.k. many thanks for this phil. I'll probably have a bash at this but, as I've
done it before, just setting up radiator as something that just says yes/no
sounds a lot easier :-))
Rgds
Alex
On 26 Mar 2013, at 15:27, Phil Mayers p.may...@imperial.ac.uk wrote:
On 26/03/2013 15:09, Phil
Alex Sharaz wrote:
o.k. many thanks for this phil. I'll probably have a bash at this but, as
I've done it before, just setting up radiator as something that just says
yes/no sounds a lot easier :-))
I doubt it.
The problem is with AD, not with any RADIUS server. And that the
ntlmv2
On 26 Mar 2013, at 15:00, Phil Mayers p.may...@imperial.ac.uk wrote:
On 26/03/2013 14:21, Alex Sharaz wrote:
Hi., I've been running ntlm_auth to authenticate our 802.1x users
against AD for a number of months without problems…… until this
morning when our Systems group tightened up auth
On Tue, 2013-03-26 at 15:35 +, Phil Mayers wrote:
On 26/03/2013 15:12, John Horne wrote:
What is the upstream proxy?
Microsoft domain controller (DC).
As in, Microsoft NPS running on a DC?
As far as I know, yes. I don't deal with the Microsoft side of this.
Just to check I
On 26 Mar 2013, at 15:47, Alan DeKok al...@deployingradius.com wrote:
Alex Sharaz wrote:
o.k. many thanks for this phil. I'll probably have a bash at this but, as
I've done it before, just setting up radiator as something that just says
yes/no sounds a lot easier :-))
I doubt it.
Alex Sharaz wrote:
Well, I was running Radiator for a couple of years authenticating users
against AD.
Yes... I didn't say that wouldn't work.
( sent out a snippet from the Radiator manual in another message) so I guess
it wasn't using ntlm.
The text you posted showed it used ntlm.
Hi,
just add more global UPNs - the AD can authenticate any domain
if the username is okay.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
o.k. many thanks for this phil. I'll probably have a bash at this but, as
I've done it before, just setting up radiator as something that just says
yes/no sounds a lot easier :-))
RADIATOR on Windows can use AuthBY LSA which is a direct access to AD method
and doesnt use SAMBA
stuff at
On 26/03/2013 18:03, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
o.k. many thanks for this phil. I'll probably have a bash at this but, as I've
done it before, just setting up radiator as something that just says yes/no
sounds a lot easier :-))
RADIATOR on Windows can use AuthBY LSA which is a
many thanks ... :)
On 3/26/13, Iliya Peregoudov iperegu...@cboss.ru wrote:
Correct syntax is %{sql:...}, not {%sql:...}.
On 26.03.2013 2:20, Mehdi Ravanbakhsh wrote:
Hi All
I am create stored persedure in postgresql database named
findout_cuncurrent_session_for_a_user_result that return
On Tue, 2013-03-26 at 14:08 +0100, Olivier Beytrison wrote:
You could also use the preproxy_users which allow you to rewrite the
request before it is proxied. It contains the exact example for your case.
Hello,
Many thanks for that, I had overlooked that file.
I am pleased to say that
Quoting Phil Mayers p.may...@imperial.ac.uk:
... you should be using 2.2.0 or 2.2.1 when it's release, as the
2.1.10/11/12 releasea have a known security issue.
I'll be sure to install 2.2.x as soon as a Debian package becomes
available for it, but for now I'm going to stick with 2.1.x.
I
43 matches
Mail list logo