Re: freeradius and ADSL-Agent-Circuit-Id

Johan Meiring wrote: On 2010/07/21 11:00 AM, Alan DeKok wrote: authorize { ... if (ADSL-Agent-Circuit-Id \ (%{sql: select ...})) { update control { Auth-Type := Accept } } else { reject } } I disagree with the logic

RE: freeradius and ADSL-Agent-Circuit-Id

, July 28, 2010 3:37 PM To: FreeRadius users mailing list Subject: Re: freeradius and ADSL-Agent-Circuit-Id Johan Meiring wrote: On 2010/07/21 11:00 AM, Alan DeKok wrote: authorize { ... if (ADSL-Agent-Circuit-Id \ (%{sql: select ...})) { update control

Re: freeradius and ADSL-Agent-Circuit-Id

Tim Sylvester wrote: Try the following: Add this to the top of the Authorize section: if ADSL-Agent-Circuit-Id { update request { User-Name := %{ADSL-Agent-Circuit-Id} User-Password := %{ADSL-Agent-Circuit-Id}

RE: freeradius and ADSL-Agent-Circuit-Id

Tim Sylvester wrote: Try the following: Add this to the top of the Authorize section: if ADSL-Agent-Circuit-Id { update request { User-Name := %{ADSL-Agent-Circuit-Id} User-Password :=

Re: freeradius and ADSL-Agent-Circuit-Id

On 2010/07/20 10:50 PM, Mike wrote: authorize { if %{ADSL-Agent-Circuit-Id} { update request { User-Name := %{ADSL-Agent-Circuit-Id} Password := %{ADSL-Agent-Circuit-Id} } } Make sure that to add the User-Name (ADSL-Agent-Circuit-Id) to radcheck and set the password to the value of

Re: freeradius and ADSL-Agent-Circuit-Id

Johan Meiring wrote: I'm 100% sure my syntax is wrong today (I'm not an unlang master yet), but the idea should work. Opinions? Close. - You need to update a specific list. - you need double quotes around string values - the parser is *very* specific. Follow the examples in man unlang

Re: freeradius and ADSL-Agent-Circuit-Id

On 2010/07/21 11:00 AM, Alan DeKok wrote: authorize { ... if (ADSL-Agent-Circuit-Id \ (%{sql: select ...})) { update control { Auth-Type := Accept } } else { reject

Re: freeradius and ADSL-Agent-Circuit-Id

Johan Meiring wrote: I disagree with the logic slightly. In my opinion it will also be rejected if ADSL-Agent-Circuit-Id does not exist. Yes. It all depends on what you want. As fas as I understand, the desireable result is: If the ADSL-Agent-Circuit-Id does *not* exist, normal

freeradius and ADSL-Agent-Circuit-Id

Greetings, I would like to be able to incorporate processing of ADSL-Agent-Circuit-Id into my freeradius / mysql environment. I have a stock debian / freeradius2 server with a local mysql database, and my bras is correctly getting this attribute to me and I see it under freeradius -X. I

RE: freeradius and ADSL-Agent-Circuit-Id

+tim.sylvester=networkradius@lists.freeradius.org] On Behalf Of Mike Sent: Tuesday, July 20, 2010 12:37 PM To: FreeRadius users mailing list Subject: freeradius and ADSL-Agent-Circuit-Id Greetings, I would like to be able to incorporate processing of ADSL-Agent-Circuit-Id into my

Re: freeradius and ADSL-Agent-Circuit-Id

Tim Sylvester wrote: Ad this into the authorize section: authorize { if %{ADSL-Agent-Circuit-Id} { update request { User-Name := %{ADSL-Agent-Circuit-Id} Password := %{ADSL-Agent-Circuit-Id} } }

RE: freeradius and ADSL-Agent-Circuit-Id

This opens up a security hole I wish to avoid - if someone knows what my circuit Id's look like, and that database is used in any context where a user can send an id/password to authenticate that does NOT have ADSL-Agent-Cirtcuit-Id in it, then I've created a bunch of known user id's for

RE: freeradius and ADSL-Agent-Circuit-Id

This opens up a security hole I wish to avoid - if someone knows what my circuit Id's look like, and that database is used in any context where a user can send an id/password to authenticate that does NOT have ADSL-Agent-Cirtcuit-Id in it, then I've created a bunch of known user id's for