Daniel Pocock wrote:
> Could you please clarify that - it is possible to build a client library
> from the server source tarball?
Yes. RedHat already packages libfreeradius-radius as a separate RPM,
IIRC.
> In Debian, I see "libfreeradius2" built from the server source tarball
> but that appea
On 20/07/13 14:56, Alan DeKok wrote:
> Daniel Pocock wrote:
>> Should this code be shared with the client project freeradius-client?
> No. The freeradius-client code is pretty bad.
>
>> Or is it preferred to build a new client (or shared library) from the
>> freeradius-server repository eventual
Daniel Pocock wrote:
> Should this code be shared with the client project freeradius-client?
No. The freeradius-client code is pretty bad.
> Or is it preferred to build a new client (or shared library) from the
> freeradius-server repository eventually?
The client code is already LGPL'd. S
On 15/07/13 21:53, Alan DeKok wrote:
> Daniel Pocock wrote:
>> Can anybody comment on which client code should be used for long
>> extended attributes?
>>
>> I see that the freeradius-client project predates RFC 6929.
>
> By a LONG ways.
>
>
Daniel Pocock wrote:
> Can anybody comment on which client code should be used for long
> extended attributes?
>
> I see that the freeradius-client project predates RFC 6929.
By a LONG ways.
There's no client code for the extended attributes. The RFC was just
published.
Can anybody comment on which client code should be used for long
extended attributes?
I see that the freeradius-client project predates RFC 6929.
Is there any module in the server project that provides a good example
of using these long values from requests?
-
List info/subscribe
server back to the client does
> not have the AVP attributes set
Then run the server in debugging mode to see what's going on.
> below is an example
Of a packet capture... all the way down to Ethernet. Why?
FreeRADIUS comes with debugging tools. Use them. You're wastin
hi,
the radius servers on my network are receiving spikes of ACCESS-ACCEPT
traffic, I have been analysing traffic using tshark and noticed that some
of the ACCESS-ACCEPT sent from the server back to the client does not have
the AVP attributes set
below is an example
Frame 167 (62 bytes on wire
Hi,
>Alc-IPsec-Interface: Unknown attribute "" requires a hex string, not
>"private_ipsec"
so give it a hex string then
private_ipsec is 707269766174655f6970736563
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
George Innocent wrote:
> Thanks for the feed back but i have not edited the Dictionary file what
> i said i checked and confirmed that the attributes i have configured are
> available on dictionary for.
The error message you're seeing comes because you did NOT follow the
in
Hi Alan;
Thanks for the feed back but i have not edited the Dictionary file what i
said i checked and confirmed that the attributes i have configured are
available on dictionary for.
On 25 June 2013 16:21, Alan DeKok wrote:
> George Innocent wrote:
> > I have checked the dictionary
George Innocent wrote:
> I have checked the dictionary files and the attributes which are in
> existance; but i still get this error when i run debug mode.
Using FreeRADIUS requires a minimum amount of skill and documentation
reading. You've edited the dictionaries without unders
Hi Experts
I have checked the dictionary files and the attributes which are in
existance; but i still get this error when i run debug mode.
/usr/local/etc/raddb/users[157]: Parse error (check) for entry
Alc-IPsec-Interface: Unknown attribute "" requires a hex string, not
"privat
Hi,
>But when i comment the attributes the radtest is successful
did you check my other statement:
> 3) ensure that these attributes that you are using are in a dictionary
> file and that the dictionary file is being read by the server when it
> starts
well?
The configured user with the stated attributes:
steve Cleartext-Password := "testing"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 192.168.1.2,
Framed-IP-Netmask = 255.255.255.0,
Alc-IPsec-Interface = private_ipsec,
Alc-IPsec-SA-Lifetime = 1200,
Alc-IPs
Hi,
>I am creating attributes for the user using the scripts below but on
>running the radtest i get the failure attributes ; which seems to have
>changed. I am using Freeradius 2.1.0 .
>
>"user1test" Auth-Type := Local, User-
@lists.freeradius.org] On
Behalf Of Alan DeKok
Sent: Friday, May 24, 2013 10:18 AM
To: FreeRadius users mailing list
Subject: Re: Retrieving eDirectory VLAN attributes
Dan Lietz wrote:
> I’m pretty much a noob when it comes to freeradius as I still don’t
> completely understand what files are us
the part I’m not getting.
The "ldap.attrmap" file is in the "raddb" directory. It contains
mappings from LDAP to RADIUS. It's also documented in the comments at
the top of the file.
> Part of my problem is that I don’t know which attributes mappings are
>
he info from eDir via LDAP and that's the part
I'm not getting.
Part of my problem is that I don't know which attributes mappings are built in
and which aren't. According to this document: Integrating Novell eDirectory
with
FreeRadius<https://www.netiq.com/documentation/edi
On Sun, May 5, 2013 at 6:51 PM, wrote:
>
> Von: Russell Mike
>
> > You said same setup is working with Coovachilli, same groups / profiles?
> > Else cross chech your reply & check items, if in place. If FR groups are
> > same check NAS side.
> > Thanks
>
> I'll check reply and check items wh
Von: Russell Mike
> You said same setup is working with Coovachilli, same groups / profiles?
> Else cross chech your reply & check items, if in place. If FR groups are
> same check NAS side.
> Thanks
I'll check reply and check items when I'm in office again, but I'm quite sure
they are the
You said same setup is working with Coovachilli, same groups / profiles?
Else cross chech your reply & check items, if in place. If FR groups are
same check NAS side.
Thanks
On Friday, May 3, 2013, wrote:
> Hi,
>
> Von: Russell Mike >
>
> > FR should be able to know if the allowed time used /
Hi,
Von: Russell Mike
> FR should be able to know if the allowed time used / consumed before it can
> deny request. have you setup rlm_sqlcounter ?
Yes. The same setup is working with a Coova Chilli WLAN Router, so I guess it
is a client issue.
Chris
-
List info/subscribe/unsubscribe? Se
FR should be able to know if the allowed time used / consumed before it can
deny request. have you setup rlm_sqlcounter ?
Thanks RM --
On Fri, May 3, 2013 at 7:49 AM, wrote:
> All,
>
> I'm a newbie in radius.
>
> I've setup freeradius with mySQL and max-daily-session. When I set
> max-daily-se
All,
I'm a newbie in radius.
I've setup freeradius with mySQL and max-daily-session. When I set
max-daily-session := 10 in radgroupcheck table, a user of this group can login
(accept packet after authentication), even if he already has been logged in for
10 seconds before. I'm using NTRadPing
tion is against Active Directory. So while a user may get
> >assigned to a VLAN based of their group membership, if they fail to
> >actually authenticate I want to change what VLAN they are assigned to
> >(want to put them into a guest VLAN).
> >
get
>assigned to a VLAN based of their group membership, if they fail to
>actually authenticate I want to change what VLAN they are assigned to
>(want to put them into a guest VLAN).
>How can I update reply attributes further down the chain?
In my authorize section I am matching LDAP groups to set VLAN attributes as
such:
if (Ldap-Group == "netCoreClass-IT") {
update reply {
Tunnel-Private-Group-Id:1 := 102
}
}
elsif (Ldap-Group == "netCoreCl
To: freeradius-users@lists.freeradius.org
Subject: implementing 3gpp2 attributes
Date: Wed, 24 Apr 2013 22:35:58 +
Hi, i m in the early stages of implementing a prepaid service for a CDMA
network, i have to exchange radius package using the 3gpp2 standard which is an
extension to the basic
Juan Pablo L. wrote:
> i have done several tests to confirm that freeradius only supports
> simple attributes in the form of attribute = value, i need to implement
> the above, is there any way i can implement it ?
Massive code changes.
Don't do it.
Use the git "master&
The dictionary.3gpp2 seems to have the VSA Attributes you're looking for.
If you're saying that VSA 91 should have subtypes, then you should
look at TLVs in the definition.
ATTRIBUTE 3GPP2-Prepaid-acct-Capability 91 octets
If you have a look in dictionary.dhcp un
Hi, i m in the early stages of implementing a prepaid service for a CDMA
network, i have to exchange radius package using the 3gpp2 standard which is an
extension to the basic radius protocol. i m facing an issue and that is that
the attributes in the 3gpp2 standard included attributes that
radiusReplyItem
>>
>> Basically the ldap attributes radiusCheckItem & radiusReplyItem
>> contained FR attr/value pairs which were then added to the
>> corresponding attribute list in FR (e.g. in LDAP radiusReplyItem could
>> be "Primary-DNS-Server := 1.1
On 12 Apr 2013, at 15:00, Nicholas Lemberger wrote:
> The ldap.attrmap syntax in FR2 was:
> checkItem $GENERIC$ radiusCheckItem
> replyItem $GENERIC$ radiusReplyItem
>
> Basically the ldap attributes radiusCheckItem &a
The ldap.attrmap syntax in FR2 was:
checkItem $GENERIC$ radiusCheckItem
replyItem $GENERIC$ radiusReplyItem
Basically the ldap attributes radiusCheckItem & radiusReplyItem
contained FR attr/value pairs which were then added to
> I've been puttering around with FR3 and haven't been able to figure
> out how to set up a mapping from LDAP 'radiusReplyItem' &
> 'radiusCheckItem' attributes to FR3 generic attributes.
I guess if it was useful we could add it back in, there's
Hi,
I've been puttering around with FR3 and haven't been able to figure
out how to set up a mapping from LDAP 'radiusReplyItem' &
'radiusCheckItem' attributes to FR3 generic attributes.
While we do often create a special LDAP attribute for what we need,
the gene
On Fri, Mar 15, 2013 at 2:03 PM, Arran Cudbard-Bell
wrote:
>> I know, but that attribute isn't presented to the python function call. Is
>> there another way such as an environmental variable or just "please update
>> the source"? :)
>
> Did you check the control list (config item tuple)?
As fa
On 15 Mar 2013, at 08:43, Robin Helgelin wrote:
> On 14 mar 2013, at 18:44, Arran Cudbard-Bell wrote:
>>
>> That'd be the LDAP-UserDN attribute…
>
> I know, but that attribute isn't presented to the python function call. Is
> there another way such as an environmental variable or just "please
On 14 mar 2013, at 18:44, Arran Cudbard-Bell wrote:
>
> That'd be the LDAP-UserDN attribute…
I know, but that attribute isn't presented to the python function call. Is
there another way such as an environmental variable or just "please update the
source"? :)
regards,
Robin
-
List info/subscri
On 14 Mar 2013, at 13:39, Robin Helgelin wrote:
> On 14 mar 2013, at 11:06, Phil Mayers wrote:
>
>> On 03/13/2013 07:45 PM, Robin Helgelin wrote:
>>
>>> First problem is that I need to rewrite the output from ldap to
>>> something the radius-client finds useful. But there are radius modules
>
On 14 mar 2013, at 11:06, Phil Mayers wrote:
> On 03/13/2013 07:45 PM, Robin Helgelin wrote:
>
>> First problem is that I need to rewrite the output from ldap to
>> something the radius-client finds useful. But there are radius modules
>> for rewriting things right?
>
> Yes, though TBH manipula
On 03/13/2013 07:45 PM, Robin Helgelin wrote:
First problem is that I need to rewrite the output from ldap to
something the radius-client finds useful. But there are radius modules
for rewriting things right?
Yes, though TBH manipulating LDAP DNs in unlang/attr_rewrite is going to
be a pain.
On 13 Mar 2013, at 16:17, Robin Helgelin wrote:
> On 13 mar 2013, at 20:52, Arran Cudbard-Bell
> wrote:
>
>>>
>>> Next problem seems to be that freeradius ignores when ldap is
>>> returning more than one group, am I correct?
>>
>> Ignores what?
>>
>> If you're talking about an xlat query,
On 13 mar 2013, at 20:52, Arran Cudbard-Bell wrote:
>>
>> Next problem seems to be that freeradius ignores when ldap is
>> returning more than one group, am I correct?
>
> Ignores what?
>
> If you're talking about an xlat query, then yes, it'll only provide the first
> result.
Yes, and there
o
>>> note the comments about numbering i.e. pick a number from 3000-3999). Don't
>>> re-use an existing attribute - many of the xxGroup attribute have "magic"
>>> behaviour hooks.
>>
>> Phili is correct, but this will only work for something
3000-3999). Don't
>> re-use an existing attribute - many of the xxGroup attribute have "magic"
>> behaviour hooks.
>
> Phili is correct, but this will only work for something like AD, where you
> have memberOf attributes which link a user account to a group.
>
On 13/03/13 15:11, Arran Cudbard-Bell wrote:
Phili is correct, but this will only work for something like AD,
where you have memberOf attributes which link a user account to a
group.
Good point, got to watch that - my LDAP is getting very AD-centric :o(
-
List info/subscribe/unsubscribe? See
On 13 Mar 2013, at 10:52, Phil Mayers wrote:
> On 13/03/13 14:44, Robin Helgelin wrote:
>> Hi!
>>
>> I want to add the LDAP-users current groups as extra attributes to the
>> authentication reply.
>>
>> Is it possible? I'm having a hard time find
On 13/03/13 14:44, Robin Helgelin wrote:
Hi!
I want to add the LDAP-users current groups as extra attributes to the
authentication reply.
Is it possible? I'm having a hard time finding documentation about this.
Yes. Edit the ldap.attrmap to map the LDAP group attribute to a RADIUS
attr
Hi!
I want to add the LDAP-users current groups as extra attributes to the
authentication reply.
Is it possible? I'm having a hard time finding documentation about this.
Thanks!
Robin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Adam Moffett wrote:
> Does the output from radius -X display all of the attributes in a
> request from a client?
Yes. FreeRADIUS isn't in the business of hiding information from the
administrator.
> If not, is there a way to see all of the
> attributes in the request? I&
Does the output from radius -X display all of the attributes in a
request from a client? If not, is there a way to see all of the
attributes in the request? I'm looking for the value of a VSA and I'm
not seeing it. I'm not sure if it's not being displayed in the debug
Alan,
Thank you for the info.
Kelly
206.331.3525o
425.270.8481c
On Wed 06 Feb 2013 11:41:42 AM PST, Alan DeKok wrote:
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Kelly Roestel wrote:
> Yes that works. However, if the attribute is empty there will still be
> quotes in the csv file.
If you want generic string manipulation code, use a real programming
language. Or, write a "csv" module to do what you want.
The linelog module is intended to write *line
Matthew,
Yes that works. However, if the attribute is empty there will still be
quotes in the csv file.
Example.
using format =
"\"%{Client-IP-Address}\",\"%{Calling-Station-Id}\",\"%{User-Name}\""
would yield, "x.x.x.x","station-x","Kelly"
if %{Calling-Station-Id} was null this format woul
On Tue, Feb 05, 2013 at 05:18:13PM +, Kelly Roestel wrote:
> If you look at the detailed format, these string attributes are
> enclosed. But there seems to be no option in linelog module.
linelog {
...
format = "\"%{Client-IP-Address}\",\"%{Calling-S
ide select from dual:
if ("{sql: select func('%{User-Name}') from dual}") {
...
}
On 06.02.2013 14:19, Lakshmi Narayana Baliah wrote:
Hi All,
How can configure output attributes in free-radius?
How do i do that ??? please help
-
List info/s
what is output attributes ?
On Wed, Feb 6, 2013 at 10:19 AM, Lakshmi Narayana Baliah <
lb0074...@techmahindra.com> wrote:
> Hi All,
>
> How can configure output attributes in free-radius?
> How do i do that ??? please help
>
Hi All,
How can configure output attributes in free-radius?
How do i do that ??? please help
Thanks
Lakshmi
Disclaimer: This message and
My question is this,
I need to write CDR information out using the linelog module in csv
format. The requirement is that all string attributes need to be
enclosed in double quotes. How does one go about doing this?
If you look at the detailed format, these string attributes are
enclosed
2013/1/29 Lakshmi Narayana Baliah :
> Hi All,
>
> How can i define output attributes in free-radius?
> Any help would be appreciated.
>
I'm no expert on this, but maybe adding a custom dictionary?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi All,
How can i define output attributes in free-radius?
Any help would be appreciated.
Thanks
Lakshmi
Disclaimer: This message and the information
David Peterson wrote:
> Any release notes or is it primarily a bug fix release?
Mostly a bug fix release.
https://github.com/FreeRADIUS/freeradius-server/blob/v2.x.x/doc/ChangeLog
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Jan 28, 2013, at 4:27 PM, Alan DeKok wrote:
> Use the v2.x.x branch from git.
>
> We should release 2.2.1 soon.
>
> Alan DeKok.
Hi Alan, I can wait till 2.2.1 is released, no problem, will wait for freebsd
ports being updated with latest version and try again :) I just wanted to know
i
Any release notes or is it primarily a bug fix release?
David
On Jan 28, 2013, at 4:27 PM, Alan DeKok wrote:
Use the v2.x.x branch from git.
We should release 2.2.1 soon.
Alan DeKok.
Hi Alan, I can wait till 2.2.1 is released, no problem, will wait for
freebsd ports bein
Miha Petkovsek wrote:
> Hi, I need some help with inserting custom attributes to MySQL server.
> It seems that version 2.2 broke it, at least on my server… When I revert
> back to 2.1 it immediately starts to work with same config files.
>
> Below are config files and traces fo
> yes, you dont seem to have 3GPP-IMSI in your dictionary file. thus the string
> expansion fails
Yes, that was my first thought but I am confident it is there, that's why it is
strange…
[root@server ~]# grep IMSI /usr/local/share/freeradius/dictionary.3gpp
ATTRIBUTE 3GPP-IMSI
Hi,
>Hi, I need some help with inserting custom attributes to MySQL server. It
>seems that version 2.2 broke it, at least on my server... When I revert
>back to 2.1 it immediately starts to work with same config files.
>Below are config files and traces for b
Hi, I need some help with inserting custom attributes to MySQL server. It seems
that version 2.2 broke it, at least on my server… When I revert back to 2.1 it
immediately starts to work with same config files.
Below are config files and traces for both versions.
Any idea?
thanks,
brm
reeradius/dictionary file that is being included as debug showed.
>>
>> including dictionary file /etc/freeradius/dictionary on freeradius v2.
>>
>> Maybe I need to create a separate dictionary file and have a include
>> on this file? What I'm doing wrong?
>
&
t clearer?
> Do I need to make any attribute number change on my pppoe/nas server
> to understand the new defined here?
You have absolutely no idea how RADIUS works. As a result, you have
NO BUSINESS editing the dictionaries.
> I'm asking that because the old freeradius/pppoe are
/freeradius/dictionary on freeradius v2.
Maybe I need to create a separate dictionary file and have a include
on this file? What I'm doing wrong?
These attributes are already allocated; you've "stolen" them from the
main attribute space, and are probably having problems with dictionar
Alan,
2013/1/17 Alan DeKok :
> Tiago wrote:
>> From man I have:
>
> Please don't quote the documentation here. I've read it.
>
>> May I ask you a bit of patience helping me on this? So, can I conclude
>> that adding attributes to dictionary file will
Tiago wrote:
> From man I have:
Please don't quote the documentation here. I've read it.
> May I ask you a bit of patience helping me on this? So, can I conclude
> that adding attributes to dictionary file will not make freeradius to
> send those to NAS?
That is what
ting the dictionaries will have NO EFFECT on
anything other than the server that is reading those files. Adding
new attributes to the dictioâ
naries will have NO EFFECT on RADIUS clients, and will not make
RADIUS clients magically understand those attributes. The
dictionaries are solely f
CUMENTATION
describing how to add new attributes.
I honestly don't know why I write *any* documentation. It seems that
the bulk of problems on this list are people who fanatically avoid all
existing documentation.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> I have a rp-pppoe NAS server here that correctly understand a few
>> attributes (radreply) that come from freeradius 1.x (w/mysql
>> database). Example:
>>
>> Download (for download rates) attribute
>>
>> Simple real example, from pppoe server:
>> # cat /var/ru
On 17/01/13 11:29, Tiago wrote:
Hello everyone,
I'm struggling with something that should be simple to fix.
I have a rp-pppoe NAS server here that correctly understand a few
attributes (radreply) that come from freeradius 1.x (w/mysql
database). Example:
Download (for download rates) attr
>Switch config issue? Ensure your switch is configured to authorize over RADIUS
>as well as to authenticate over RADIUS.
>(sounds like its doing the latter but not the former)
You were absolutely correct. I’m dumb and forgot that I removed the
authorization statement from my switch awhile back.
Switch config issue? Ensure your switch is configured to authorize over RADIUS
as well as to authenticate over RADIUS.
(sounds like its doing the latter but not the former)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply-Message = "Welcome Message Test",
Cisco-AVPair = "shell:priv-lvl=15"
Note: I've tried many different combinations of attributes with no luck.
(Service-Type = Administrative-User, Service-Type = NAS-Prompt-User)
Output:
Sendi
Tunnel-Type = VLAN
user1 Calling-Station-Id == "yy-yy-yy-yy-yy-yy"
Tunnel-Private-Group-ID = VLAN2,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Type = VLAN
I'm attempting to send different reply attributes for the same username
based on different ch
ng-Station-Id == "yy-yy-yy-yy-yy-yy"
Tunnel-Private-Group-ID = VLAN2,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Type = VLAN
I'm attempting to send different reply attributes for the same username
based on different check attributes. But, I'm having a
On 10/10/2012 04:56 AM, Fajar A. Nugraha wrote:
Interestingly enough, debian packages enable that option while redhat
doesn't. What are the performance implications of enabling it? Is it
something huge, or only several-percent-penalty and
careful-you-can-shoot-yourself-in-the-foot kind of thing?
On Tue, Oct 9, 2012 at 6:36 PM, Alan DeKok wrote:
> Build it from source, with "./configure --enable-developer"
It worked, Thanks!
F.R
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
in 2.0.2 release notes:
>> "* Added ability send raw attributes via "Raw-Attribute =
>> 0x0102..."This is available only debug builds. It can be used to
>> create invalid packets! Use it with care."
>> so it seems Raw-Attribute only work with a"de
Far Runner wrote:
> I have tried Raw-Attribute, but the result packet doesn't contain the
> synthesized VSA, and there is no error message in "-X" debug output. I
> search around, and found following in 2.0.2 release notes:
> "* Added ability send raw attribut
in the
synthesized VSA, and there is no error message in "-X" debug output. I
search around, and found following in 2.0.2 release notes:
"* Added ability send raw attributes via "Raw-Attribute =
0x0102..."This is available only debug builds. It can be used to
create invali
2012/10/6 Alan DeKok :
> You can use the Perl RADIUS libraries to create a packet.
>
> Or, use "Raw-Attribute" in FreeRADIUS. It puts data into a packet
> exactly as-is. It means that you do the work of creating a VSA with
> subattributes, and FreeRADIUS handles all of the signing, packet
> s
Far.Runner wrote:
> I need to test a radius client, one test item is to see if the client
> could handle a VSA includes multiple sub-attrs, so I need a radius
> server that could generate an access-accept that contains such VSA.
You can use the Perl RADIUS libraries to create a packet.
Or, us
2012/10/5 Alan DeKok :
> FreeRADIUS will correctly handle this. It will NOT put multiple
> sub-attributes into a VSA, because many NASes will break.
>
> A better response is: Why do you need this?
I need to test a radius client, one test item is to see if the client
could
le this. It will NOT put multiple
sub-attributes into a VSA, because many NASes will break.
A better response is: Why do you need this?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
RFC2865 states "Multiple subattributes MAY be encoded within a single
Vendor-Specific attribute, although they do not have to be." in
section 5.26.
Does Freeradius support this? if yes, how to enable it?
F.R
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Lorenzo Milesi wrote:
> Is it possible to use Multi-valued attributes?
> I have
> group1 NAS-Identifier =~ nas01|nas02
> group2 NAS-Identifier =~ nas03|nas04
>
> I'd like some users which are in group1 to access ALSO group2 nases.
> Is it possible to do that, without
Hi.
Is it possible to use Multi-valued attributes?
I have
group1 NAS-Identifier =~ nas01|nas02
group2 NAS-Identifier =~ nas03|nas04
I'd like some users which are in group1 to access ALSO group2 nases.
Is it possible to do that, without creating a dedicated group?
thanks
--
Lorenzo M
> Yes, in post-auth.
>
> post-auth {
>update reply {
> ...
>}
> }
Thank you, that's an easy way to set it globally for all users - or I can do
a database dip there if required.
> Generally people will do this kind of thing in the inner-tunnel virtual
> server and set "use_tunneled_
On 18/09/12 14:16, Brian Candler wrote:
When a user logs into a wireless AP, I would to include some per-user
response attributes, in particular Acct-Interim-Interval = 600
However freeradius -X shows that this isn't happening, and it appears to be
because of the following stanza in the de
Hi,
> When a user logs into a wireless AP, I would to include some per-user
> response attributes, in particular Acct-Interim-Interval = 600
yep - so just return that in the post-auth - done by either using an entry
in users file, unlang, perl code etc
alan
-
List info/subscribe/unsub
When a user logs into a wireless AP, I would to include some per-user
response attributes, in particular Acct-Interim-Interval = 600
However freeradius -X shows that this isn't happening, and it appears to be
because of the following stanza in the default config:
# The example
1 - 100 of 1591 matches
Mail list logo