question about unlang I'll ask in a new email
Cheers
Mike
Mike O'Connor wrote:
Hi Guys
This email tries to ask my question in a different way, to last time.
I need to Rewrite the User-Name of individual accounts to add a realm,
this would need to reliable up to at least 1 users.
Does
Hi Guys
How would I match for the packet type ie 'Access-Accept' in unlang
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ivan Kalik wrote:
How would I match for the packet type ie 'Access-Accept' in unlang
Answers to questions like this can be found examining
dictionary.freeradius.internal. These attributes are mostly on control
list. So it should be:
if(control:Packet-Type == Access-Accept) {
...
Alexander Clouter wrote:
Mike O'Connor freerad...@pineview.net wrote:
Using freeradius 2.1.4 the following works if I user the hints file.
DEFAULT Called-Station-Id == splns357
User-Name := %{user-na...@mb.webshield.net.au
The user is proxied to the correct
with out restarting Freeradius ?
We do have some python code running in this proxy which might be able to
help.
Thanks
Mike O'Connor
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
John Morrissey wrote:
On Thu, Aug 27, 2009 at 10:57:47PM +0930, Mike O'Connor wrote:
I need to Rewrite the User-Name of individual accounts to add a realm,
this would need to reliable up to at least 1 users.
Does any one have any ideas on how this might be done, in a way that can
Hi All
Using freeradius 2.1.4 the following works if I user the hints file.
DEFAULT Called-Station-Id == splns357
User-Name := %{user-na...@mb.webshield.net.au
The user is proxied to the correct server and the user is correctly set.
I now need to proxy based on the
Hi Hristo
Could you supply a quick example ?
Its always good to get working example after a problem is resolved (even
if the person is resolved by the questioner)
Mike
Hristo Trendev wrote:
The examples in src/modules/rlm_python gave me some hints and I
figured it out. Thanks anyway.
On
Greg Vickers wrote:
Hi,
(Apologies for an OT post) I was wondering if anyone know of any user
list that would contain a community of people who implement systems
like RSA's SecurID? The reason is that I am researching who else has
implemented SecurID and am trying to find if there is
Hi Jester
A few things.
1. I've never been able to get python to work correct on a debian
system, this is for both Sarge and Etch. We currently have to use Centos
5 for our proxy radius systems which use python.
2. I do not believe that loading a mysql connection each time you
recived a
Hi Ivan
Thanks for your response, my question why would it not work then just
work, no changes other than a restart between the two.
Its running freeradius 1.1.7
Mike
Mike
Ivan Kalik wrote:
rlm_realm: Looking up realm xxx.com for User-Name =
[EMAIL PROTECTED]
rlm_realm: Found realm
Hi Guys
I have an account which I want to auth locally on our 2 proxy radius
machine.
The problem is that sometimes the connection authenticates and other
times it does not, there are warning in the log's below so I'm sure I
have something wrong. But I can not work out what I should be
Hi Guys
I have a small issue with freeradius and ldap, its authenticating as
'access accept' customers which have placed a space at the beginning of
there user name.
This then causes there accounting data not to match and so we do not
account for there data.
This this a bug or a setting I
Hi Alexander
I think your problem is that python does not know where to find your module.
The best way of over coming this issue is to place a file in the
site-packages directory which indicates where your python code is installed.
[EMAIL PROTECTED] site-packages]# cat radiusd_test.pth
Hi Alan
The documentation does not mention these options so I assume that you
mean it would need writing ?
One option is to add more filtering operators. e.g. -~, meaning
regex match, and remove. Or perhaps a better way, is to add a
filter section:
filter request { # filter out
Alan DeKok wrote:
Mike O'Connor wrote:
It would seem as if the rlm_python does not provide the returned
attributes from the proxy, this happens in both a patched version of
1.1.7 and 2.0.0.
Yes. It appears to convert only the request attributes to a python tuple.
Fixing
Hi Guys
It would seem as if the rlm_python does not provide the returned
attributes from the proxy, this happens in both a patched version of
1.1.7 and 2.0.0.
Code:
def postproxy(params):
log.log('RLM_PYTHON: handling Post Proxy request...', log.VERBOSE)
pprint.pprint(params)
Alan DeKok wrote:
Mike O'Connor wrote:
I wrote the attached patch for Freeradius 1.1.7 to enabled calling
python in the post-proxy, it compiles but will not run when the hook is
listed in post-proxy because Freeradius complains that there is no
support for post-proxy in rlm_python
Hi Alan
I think I have worked it out, some how I got my self confused during my
testing.
The model was there but I think each time I did not have everything
configured.
Thanks as always for your time
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Guys
I wrote the attached patch for Freeradius 1.1.7 to enabled calling
python in the post-proxy, it compiles but will not run when the hook is
listed in post-proxy because Freeradius complains that there is no
support for post-proxy in rlm_python.
My question is where in the source is the
Hi Alan
Is there any way of adding or removing the ip_pool bases on a rule ?
I don't know what you mean by that.
I still want the customer isp to be able to set a static ip address but
I have to remove the cisco-avp pair when these come thought, or I want
to add the cisco-avp pair
Hi All
I have a problem with my Cisco 7301's where I apply a address pool via a
Cisco-AVPair (for each wholesale ISP customer) and the wholesale ISP
supplies a Framed-IP-Address at the same time, the connection is kicked
by the cisco.
Is there any way of adding or removing the ip_pool bases on a
Hi Alan
Do you see it in the response packet? Or in debug mode? Or both?
Yes with verbose turned on in radclient you see the extra value pair
printed on the screen.
CVS head has this fixed. You can run separate pre/post proxy sections
for authentication and for accounting.
Ok
Hi Guys
How do I only add a radius attribute via attr_filter on Accept-Accept
Packets ?
My current config is adding the attribute on accounting reply packets also.
Thanks
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
back to the project.
I'll like the patch for both 1.1.x and for current head.
If someone is interested please contact me privately.
Thanks
Mike
Alan DeKok wrote:
Mike O'Connor wrote:
I decided to try freeradius-2.0.0-pre2 and its give a much clear idea of
the problem.
The issue seems
Hi Alan
You are correct about it being an issue with time.so, because I just
removed this module from my test code and added the module random
instead and the freeradius loaded.
Mike
Alan DeKok wrote:
Mike O'Connor wrote:
I decided to try freeradius-2.0.0-pre2 and its give a much clear
/10 19:47:17 nbk Exp $
#
TARGET = @targetname@
SRCS = rlm_python.c
HEADERS= /usr/include/python2.4/pyerrors.h -
RLM_LIBS = @python_ldflags@
RLM_CFLAGS = @python_cflags@
include ../rules.mak
$(LT_OBJS): $(HEADERS)
Mike
Mike O'Connor wrote:
Hi All
I have look
Hi Guys
Got a problem with rlm_python using 1.1.7 on Debian etch with no changes
to source other than to move rlm_python in to the stable modules file.
The module is in the path and an strace shows the file being found.
rlm_python:python_load_function: module 'radiusd_test' is not found
Hi Alan
Is radiusd.py in the path?
Yep in the same place as my own code
/usr/lib/python2.4/site-packages/
Strace never shows that file being requested for loading.
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Guys
I decided to try freeradius-2.0.0-pre2 and its give a much clear idea of
the problem.
The issue seems to be that the rlm_python module is having trouble
loading dynamic code.
Mike
write(1, exceptions.ImportError: /usr/lib...,
97exceptions.ImportError:
Hi All
I wish to add some extra valid pairs to accounting packets which are
being proxied to other radius servers.
If in the 'preacct' or the 'accounting' stage I was to add using
rlm_python or rlm_perl value pairs would they be sent thought to the
other radius servers ?
Thanks
Mike
-
List
Hi
Some time ago there was a question about rlm_ippool and if it was
possible to group them ie
ippool main_pool_1 {}
ippool main_pool_2 {}
accounting {
group main_pool {
main_pool_1
main_pool_2
}
sql
}
post-auth {
group main_pool {
main_pool_1
Hi All
I have the following in the users and acct_users files
DEFAULT Called-Station-Id == 0198334115, Proxy-To-Realm :=
.com
I would like to match on 198334115 with a possibility of about 4 to 6
more number on the front of this number.
I have tried a number of difference regx's
Thanks Alan
Reading the man page for the users file would help, too. You're
not doing regular expression matching at all.
DEFAULT Called-Station-Id =~ 198334115$, Proxy-To-Realm :=
.com
I did not give any examples of what I had tried which I suppose I should
have.
Below are
Mike Mitchell wrote:
Yes, but you missed one important little detail...
use =~
not ==
Hi Mike, Alan
Did read the manual just did not see that one :(
I'll go check that out now
Cheers
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Terry J Fike Jr wrote:
They use the Class attribute to tell their box what users are being
filtered and how (which filtering ruleset). but it means that either
the nas device has to send the data to it, or i can radrelay it to the
8e6 box (which is what i'm using for testing at the moment).
:51:32AM +1030, Mike O'Connor wrote:
Thanks for you comments, I used you suggestion as a biases and have
found that the accounting stop records do not always have the same port
id. This means it does not match correctly and does not release the port.
I do not see any way of fixing
some software which checks if a port has been release (using the Alive
and Stop records) and then sends a Acct Stop record with the correct
port details.
If any one has a better idea please email the list.
Thanks
Mike
Alan DeKok wrote:
Mike O'Connor [EMAIL PROTECTED] wrote:
There are 30
Hi All
I have an issue with freeradius 1.0.1 not releasing some ip address back
to the non active pool.
There are 30 address in the pool and at this time 13 of these are listed
as active but the radacct record show that the users using these
address's have logged off.
The rlm_ippool_tool has
Mike O'Connor wrote:
Hi All
Using Freeradius 1.0.1
I wrote a program to keep my ippool in line with my the online list,
this used the rlm_ippool_tool to set an ip address as inactive when
there was a problem.
After reading the rlm_ippool_tool options I decided that the option
'-r: remove active
Hi All
Using Freeradius 1.0.1
I wrote a program to keep my ippool in line with my the online list,
this used the rlm_ippool_tool to set an ip address as inactive when
there was a problem.
After reading the rlm_ippool_tool options I decided that the option '-r:
remove active entries' was the
Hi All
I have been using freeradius 0.9.3 for a long time and the acct_users
file below has all ways work well (did have a problem where it would
just stop running the script sometimes)
I upgraded be 1.0.1 because I was having trouble with the ippool code
not sending a Framed-IP-Address every
42 matches
Mail list logo