Arran Cudbard-Bell wrote:
> I didn't know freeradius supported bitwise operators ! They're not
> listed anywhere so I assumed you couldn't use them ?!
It doesn't support them. But it shouldn't be too hard to add. In the
CVS head, I'm doing some large cleanups to make features like this much
e
Phil Mayers wrote:
> Except if you're using plain EAP-TLS where there's no inner tunnel IIRC?
Yes.
> I have wondered where it might be sensible to fake a PAP request with
> the certificate details for EAP-TLS. This would provide (I think) quite
> a good way for people to do certificate checki
Phil Mayers wrote:
> Arran Cudbard-Bell wrote:
>
>>> This could also be done cleaner (but slower) with cleverly designed SQL
>>> tables or stored procedures
>>>
>>>
>> Yeah, complex sql really can be quite slow, specially when the queries
>> are being run multiple times for all the r
Arran Cudbard-Bell wrote:
>
> Wow this is going to speed stuff up so much !
We use this trick extensively. It works really well.
> Ahh yes, I just got how this could work... because to deal with the
> contents of the eap tunnel freeradius proxies it to itself...
Yes. And if you set "copy_reque
Alan DeKok wrote:
> Arran Cudbard-Bell wrote:
>
>> Yeah, complex sql really can be quite slow, specially when the queries
>> are being run multiple times for all the rounds required in eap
>> authentication.
>
> If you're using the TLS variants of EAP, you can do:
Except if you're using plai
Arran Cudbard-Bell wrote:
>>
>> This could also be done cleaner (but slower) with cleverly designed SQL
>> tables or stored procedures
>>
> Yeah, complex sql really can be quite slow, specially when the queries
> are being run multiple times for all the rounds required in eap
> authentication
Alan DeKok wrote:
> Arran Cudbard-Bell wrote:
>
>
>> Yeah, complex sql really can be quite slow, specially when the queries
>> are being run multiple times for all the rounds required in eap
>> authentication.
>>
>
> If you're using the TLS variants of EAP, you can do:
>
> DEFAULT
Arran Cudbard-Bell wrote:
> Yeah, complex sql really can be quite slow, specially when the queries
> are being run multiple times for all the rounds required in eap
> authentication.
If you're using the TLS variants of EAP, you can do:
DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Autz-Type :=
Phil Mayers wrote:
> Matt Ashfield wrote:
>
>> Hi,
>>
>> We'd like to use FR to assign users on our wired network to one of 30
>> different vlans on campus, based on an LDAP field. Currently, we are doing
>> this with huntgroups. Namely, we create a huntgroup for the NAS (in our
>> case, a netwo
Matt Ashfield wrote:
> Hi,
>
> We'd like to use FR to assign users on our wired network to one of 30
> different vlans on campus, based on an LDAP field. Currently, we are doing
> this with huntgroups. Namely, we create a huntgroup for the NAS (in our
> case, a network switch), and then in the use
Hi,
> This seems to work. The issue is scale. I have would conceivably have to
> have a huntgroup definition in the huntgroups file for each NAS. And if I
> wanted 30 vlans, I'd have to have 30 definitions like the ones above in my
> users file for EACH one of my NAS's.
that would depend on what
rs mailing list
Subject: Re: suggestions for multiple vlans in hundreds of switches
Matt, how about the configuration that you have to have in the switch
Can you Help me
Robinson
[EMAIL PROTECTED]
On 4/19/07, Matt Ashfield <[EMAIL PROTECTED]> wrote:
Hi,
We'd like to use FR to
I was afraid someone would say that! Haha
Matt
-Original Message-
From: Donny Jekels [mailto:[EMAIL PROTECTED]
Sent: April 19, 2007 10:57 AM
To: [EMAIL PROTECTED]; FreeRadius users mailing list
Subject: Re: suggestions for multiple vlans in hundreds of switches
you could extend
Matt, how about the configuration that you have to have in the switch
Can you Help me
Robinson
[EMAIL PROTECTED]
On 4/19/07, Matt Ashfield <[EMAIL PROTECTED]> wrote:
Hi,
We'd like to use FR to assign users on our wired network to one of 30
different vlans on campus, based on an LDAP
you could extend your ldap schema and add a field for the vlan a user should
belong too.
then all you would need is to query that field and propogate the variable.
"Tunnel-Private-Group-Id=`%{private-vlan}`"
On 4/19/07, Matt Ashfield <[EMAIL PROTECTED]> wrote:
Hi,
We'd like to use FR to assi
15 matches
Mail list logo