Hi,
if I'm using an expression like
if (control:VSA1=~/something/ || control:VSA2 =~/something_else/)
{...}
I do get the information(Attribute control:VSA1 was not found) in case
the VSA is not in the control context.
As the condition is '||', I would expect, that FR tries the next
Stefan A. wrote:
if I'm using an expression like
if (control:VSA1=~/something/ || control:VSA2 =~/something_else/)
{...}
I do get the information(Attribute control:VSA1 was not found) in case
the VSA is not in the control context.
As the condition is '||', I would expect, that
I want to insert Quintum-h323-remote-address value to radacct table at
sql/db/dialup.conf i have made my modifications but i see entries
like
h323-remote-address=3D10.241.1.202 which is
h323-remote-address=10.241.1.202 but I only want 10.241.1.202 (IP address)
My entry at details file:
i have made my modifications
Perhaps if you show us the modifications, someone might be able to suggest
what's wrong.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Garber, Neal wrote:
I’m running FR 2.1.6 with patches to rlm_mschap rlm_eap_mschapv2 to
correct a problem with case-sensitive userids.
Ok...
First, if I didn’t include “updated” after the “update request” actions,
then it would return reject. Is that normal (I didn’t call a module in
I haven't had much sleep the past few days and just wanted another set of eyes
on an issue I'm having. Also, I won't be able to do more testing until
tomorrow (user/equip. unavailable) and wanted to try to fix it before then.
I'm running FR 2.1.6 with patches to rlm_mschap rlm_eap_mschapv2 to
I do not want visitors to be able to get onto the original service, and I
do not want normal users to get onto the visitor service.
My thoughts are to set up a new virtual server and add an 'if' statement
to look for the visitor user names, and reject or allow as necessary.
something like this
Hi,
I have freeRADIUS 2.0.5 authenticating against LDAP via eap and this has
been working perfectly since last year.
Now a I have a new requirement to authenticate another set of users in the
same LDAP tree onto a different service.
These users will be visitors to our site and will have the
On 20/3/09 12:25, t...@kalik.net wrote:
I do not want visitors to be able to get onto the original service, and I
do not want normal users to get onto the visitor service.
My thoughts are to set up a new virtual server and add an 'if' statement
to look for the visitor user names, and reject or
if((%{request:Service-Type} == 'whatever')
(%{request:Stripped-User-Name} !~
/visitor[0-9]?[0-9]/i)) {
reject
}
I don't think naked attribute names were supported in 2.0.5..
Thanks Ivan and Arran , in fact there is only one Service-Type (Login-User
).
so I changed my
if((%{request:Service-Type} == 'whatever')
(%{request:Stripped-User-Name} !~
/visitor[0-9]?[0-9]/i)) {
reject
}
# Just the Visitors please !!
if(%{request:Stripped-User-Name} !~
/visitor[0-9]?[0-9]/i) {reject}
Don't open and close brackets on the same line.
Don't open and close brackets on the same line. Have a look at Arran's
statement.
Ok I tried this ...
if(%{request:Stripped-User-Name} !~
/visitor[0-9]?[0-9]/i) {
reject
}
and got this
bruce_m_richard...@biscuits.com wrote:
if(%{request:Stripped-User-Name} !~
/visitor[0-9]?[0-9]/i) {
reject
}
and got this ...
/usr/local/etc/raddb/sites-enabled/all[156]: Parse error
$ man unlang
Everything following the if statement MUST be all on one line of
text.
Alan DeKok.
-
Ok thanks, I don't think that is clear on
http://freeradius.org/radiusd/man/unlang.html .
I now have ...
if(%{request:Stripped-User-Name} !~
/visitor[0-9]?[0-9]/i) {
Is it possible to parse a string in unlang?
For now, home server gives to my radius-proxy such avp:
Something-Vendor-Specific = a b
and i need to translate it to:
Something-Other-Vendor-Specific-1 = a
Something-Other-Vendor-Specific-2 = b
--
-
List info/subscribe/unsubscribe? See
Evgeniy Kozhuhovskiy wrote:
Is it possible to parse a string in unlang?
Regular expressions.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
With unlang I achive the following: Check, whether a special VLAN exists
on a switch and if so, assign it.
This works with the construct below.
if (%{sqlquery:SELECT value from radcheck where ( attribute='SIE-VLAN1'
!= '' and username='%{User-Name}') and value in (select vlan from vlan
where
Norbert Wegener wrote:
With unlang I achive the following: Check, whether a special VLAN exists
on a switch and if so, assign it.
...
To reduce sql queries I want to avoid the second.
Can I store the result of the first query and use the value to assign
Tunnel-Private-Group-ID?
Yes.
Thanks Alan,
Looking into it more what I really need to do is take a list of
existing usernames and proxy them to an external server, but allow
other usernames with the same format to be handled by a virtual server
in the FreeRADIUS box.
The list can be in a database or a text file or hard-coded
hi all,
am looking at whether to migrate to 2.0 to create a couple of possibilities
and was wondering if I can:
1. create a main vritual server
2. use unlang to parse the incoming requests and then based on whether they
match a regex, proxy them to different virtual servers or to an external 3rd
Andy Billington wrote:
hi all,
am looking at whether to migrate to 2.0 to create a couple of
possibilities and was wondering if I can:
1. create a main vritual server
2. use unlang to parse the incoming requests and then based on whether
they match a regex, proxy them to different virtual
In pre2 an update reply works, when I have:
update reply {
...
Tunnel-Private-Group-ID =%{control:Huntgroup-Name}
...
}
Enterasys have a unusual syntax. They need for the same something like:
update reply {
Norbert Wegener wrote:
In pre2 an update reply works, when I have:
..
Enterasys have a unusual syntax. They need for the
same something like:
..
Enterasys:version=1:mgmt=su:policy=%{control:Huntgroup-Name}
It's just a double-quoted string, like shell scripts or C. You
Something like
if (%{sqlnastype:SELECT Value from radcheck where UserName =
'%{User-Name}' and otherconditions} == 'bla' )
works,
whereas I have problems
with:
if (%{sqlnastype:SELECT Value from radcheck where UserName =
'%{User-Name}' and other conditions.. is not null )
Am I doing
Norbert Wegener wrote:
Something like
if (%{sqlnastype:SELECT Value from radcheck where UserName =
'%{User-Name}' and otherconditions} == 'bla' )
works,
whereas I have problems
with:
if (%{sqlnastype:SELECT Value from radcheck where UserName =
'%{User-Name}' and other conditions.. is
I am using a recent 2.0.0-pre cvs snapshot.
For 802.1x authentication AD is querried for a valid machine account
and VLAN, which the ldap modules put into the radius-attribute
Huntgroup-Name. The client authenticates via a certificate. Everything
works as expected. Nevertheless someone
Norbert Wegener wrote:
... The client authenticates via a certificate. Everything
works as expected. Nevertheless someone inspecting the switch logs found:
...
and claimed, the Access-Challenge with Tunnel-Private-Group,
Tunnel-Medium-Type etc. are not RFC compatible.
Yes.
I can see those
Norbert Wegener wrote:
The point is, it seems to work only if there is an
authorize_check_query and a authorize_reply_query in the sql module.
So I have to setup an authorize_reply_query with UserName,Attr Nam,
Attr Value, Op, although I am only interested in the answer to the query
above,
I want to use the result from a sql query in something like this:
...
switch %{sqlnastype:SELECT nas.type FROM `nas` WHERE
nas.nasname ='%{NAS-IP-Address}'} {
case Cisco {
...
It works, and it is a great feature.
The point is, it seems to work only if there is an
29 matches
Mail list logo
