We're glad to help ... In both cases :)
On 11.5.2012 6:53, Shawky Skaff wrote:
Nevermind,
found the answer
From: Shawky Skaff
Sent: Friday, 11 May 2012 2:51 PM
Nevermind, found the answer
From: Shawky Skaff
Sent: Friday, 11 May 2012 2:51 PM
To: freeradius-users@lists.freeradius.org
Subject: Attributes
Hi,
In dialup admin, under the groups and users I have the option to add an
attribute, however the option which I need is not in the list. The list
pro
Thanks a lot
It'working :-)
[sql] expand: %{User-Name} -> be...@host.com
[sql] sql_set_user escaped user --> 'be...@host.com'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-
>My whole log debug is the next (I only have changed the MACs and IP,
>user y pass of database). I think it's correct but I don't understand
>why the sql queries are ignored by Radius ż? or at least their aren't in
>the debug, only radcheck query
>
..
> Module: Instantiating sql
> sql {
..
> *
My whole log debug is the next (I only have changed the MACs and IP,
user y pass of database). I think it's correct but I don't understand
why the sql queries are ignored by Radius ¿? or at least their aren't in
the debug, only radcheck query
FreeRADIUS Version 2.1.3, for host i686-pc-linux-gn
t...@kalik.net escribió:
I'm coming back with this problem.
When I change "User-Password" for "Cleartext-Password", my NAS can't
connect with the Radius because NAS is sendig in CHAP mode
That makes no sense. Cleartext-Password works with every authentication
method. Encrypted ones d
>I'm coming back with this problem.
>
>When I change "User-Password" for "Cleartext-Password", my NAS can't
>connect with the Radius because NAS is sendig in CHAP mode
>
That makes no sense. Cleartext-Password works with every authentication
method. Encrypted ones don't.
>[chap] login attempt by
Belén Colmenar (Grupo GOWEX) wrote:
> I'm coming back with this problem.
>
> When I change "User-Password" for "Cleartext-Password", my NAS can't
> connect with the Radius because NAS is sendig in CHAP mode
No. It's because you're using "Cleartext-Password == ...". Since
there isn't a Clearte
Hi again,
I'm coming back with this problem.
When I change "User-Password" for "Cleartext-Password", my NAS can't
connect with the Radius because NAS is sendig in CHAP mode
rad_recv: Access-Request packet from host 192.168.1.39 port 2050, id=0,
length=228
User-Name = "be...@host.com"
>On the other hand, I don't know how I can fix this fail and why is produced
>
>WARNING: Found User-Password == "...".
>WARNING: Are you sure you don't mean Cleartext-Password?
>WARNING: See "man rlm_pap" for more information.
>
Because you should be using Cleartext-Password in user entry.
http:/
Good morning,
I add that part where sql module is instatied
Module: Linked to module rlm_sql
Module: Instantiating sql
sql {
driver = "rlm_sql_mysql"
server = "x.x.x.x"
port = ""
login = ""
password = ""
radius_db = ""
read_groups = ye
>[sql] expand: SELECT id, username, attribute, value, op FROM radcheck
>WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username,
>attribute, value, op FROM radcheck WHERE username =
>'p...@dominio.com' ORDER BY id
>WARNING: Found User-Password == "...".
>WARNING: Are you
Hi,
> I'm installing a Cisco VPN service (using a Catalyst 6500 and a
> SPA-IPSEC-2G board), and was wondering what attributes the VPN board would
> accept/understand from the radius server (besides the basic ones like
> session-timeout), but couldn't find any document answering that. So, could
Marc Boisis-Delavaud wrote:
> Is it normal freeradius send attributes before access-accept ?
Yes. This is legacy behavior, and will eventually be fixed.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Is it normal freeradius send attributes before access-accept ?
Sending Access-Challenge of id 179 to 10.14.0.59 port 1645
Class = 0x4f553d61646d696e3b
Tunnel-Private-Group-Id:0 = "1"
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
EAP-Message = 0x01020
Hi,
> You need to buy a wireless LAN controller as well.
not at all - you can return VLAN tunnel attributes
to an 1130 aironet AP - but it needs to be configured
to understand the VLANs and run a version of the firmware
that can do it.
use_tunnelled_reply is definately needed
alan
-
List info/su
You need to buy a wireless LAN controller as well.
Ivan Kalik
Kalik Informatika ISP
Dana 14/4/2008, "Marc Boisis-Delavaud" <[EMAIL PROTECTED]> piše:
>Thanks, it works.
>The attributes are send but the client (Aironet 1130) doesn't use them:
>
>Sending Access-Accept of id 1 to 10.10.10.200 port
Marc Boisis-Delavaud wrote:
> Thanks, it works.
> The attributes are send but the client (Aironet 1130) doesn't use them:
Then buy a client that works.
This is the reality of RADIUS.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks, it works.
The attributes are send but the client (Aironet 1130) doesn't use them:
Sending Access-Accept of id 1 to 10.10.10.200 port 53761
Class = 0x4f553d7765625f76706e3b
Tunnel-Private-Group-Id:0 = "2"
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
Marc Boisis-Delavaud wrote:
> Hello,
>
> When I authenticate in PEAP, my ldap attributes (ex
> Tunnel-Private-Group-Id) aren't send to the client, why ?
See use_tunneled_reply in eap.conf.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok wrote:
Arran Cudbard-Bell wrote:
Might be any idea to replace
accounting {
...
# Filter attributes from the accounting response.
if(!"%{control:Proxy-To-Realm}"){
attr_filter.accounting_response
I'll look into it...
Still getting internal attri
Arran Cudbard-Bell wrote:
> Might be any idea to replace
> accounting {
...
># Filter attributes from the accounting response.
>if(!"%{control:Proxy-To-Realm}"){
>attr_filter.accounting_response
I'll look into it...
> Still getting internal attributes displayed...
Fixed.
Never mind ...
++[sql] returns ok
expand: %{User-Name} -> [EMAIL PROTECTED]
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
*sigh*
All works now.
Might be any idea to replace
accounting {
...
# Filter attributes from the accounting
Arran Cudbard-Bell wrote:
...
> Looks like something very strange is going on with proxying accounting
> packets as well.
...
> Where have all the attributes gone ?!!?
I think you did a "cvs update" without re-building everything.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.
Arran Cudbard-Bell wrote:
> Noticed with CVS head that all attributes (including internal ones)
> appear to be getting proxied. Is this just a cosmetic thing ?
It's just a cosmetic thing. The internal attributes are being
printed, but not sent.
I don't see why it's happening, though. The co
Arran Cudbard-Bell wrote:
[EMAIL PROTECTED] wrote:
hi,
you are still pre-proxy attr filtering?
alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
No, didn't really see the point.. Internal attributes aren't meant to
be proxied, and those are the only ones
[EMAIL PROTECTED] wrote:
hi,
you are still pre-proxy attr filtering?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No, didn't really see the point.. Internal attributes aren't meant to be
proxied, and those are the only ones I really wanted filterin
hi,
you are still pre-proxy attr filtering?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
/mapping.htm
==
Benjamin K. Eshun
- Message d'origine
De : Alan Dekok <[EMAIL PROTECTED]>
À : FreeRadius users mailing list
Envoyé le : Mercredi, 16 Mai 2007, 9h28mn 38s
Objet : Re: Attributes mapping between LDAP and RADIUS
Jian Wang wrote:
> Is there an RFC standardi
kok <[EMAIL PROTECTED]>
À : FreeRadius users mailing list
Envoyé le : Mercredi, 16 Mai 2007, 9h28mn 38s
Objet : Re: Attributes mapping between LDAP and RADIUS
Jian Wang wrote:
> Is there an RFC standardizing the attribute mapping between LDAP and
> RADIUS?
No.
Alan DeKok.
--
htt
Jian Wang wrote:
> Is there an RFC standardizing the attribute mapping between LDAP and
> RADIUS?
No.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/li
;> eradius.org
>> [mailto:[EMAIL PROTECTED]
>> ists.freeradius.org] On Behalf Of Shawn Mitchell
>> Sent: Monday, 2 April 2007 07:45
>> To: FreeRadius users mailing list
>> Subject: Re: Attributes
>>
>> Ok, here's what I'm doing:
>
hell
> Sent: Monday, 2 April 2007 07:45
> To: FreeRadius users mailing list
> Subject: Re: Attributes
>
> Ok, here's what I'm doing:
>
> DEFAULT Client-IP-Address == xx.xx.xx.xx
> Ascend-Data-Filter = "ip in forward tcp est",
> Asce
Ok, here's what I'm doing:
DEFAULT Client-IP-Address == xx.xx.xx.xx
Ascend-Data-Filter = "ip in forward tcp est",
Ascend-Data-Filter = "ip in forward dstip xx.xx.xx.0/24",
Ascend-Data-Filter = "ip in drop tcp dstport = 25",
Ascend-Data-Filter = "ip in forward",
Shawn Mitchell wrote:
> Where can I say "If client is 'x', then also send these attributes to
> users being authenticated..."?
In the "users" file.
DEFAULT Client-IP-Address == 1.2.3.4
Reply-Message = "You're coming from 1.2.3.4"
Alan DeKok.
--
http://deployingradius.com - Th
Marek Gradzki <[EMAIL PROTECTED]> wrote:
> First of all: I can't run radius in the debug mode because it is working
> configuration
You should have a test system.
The alternative is to change your working configuration with no idea
if it will work, or if it will break, and annoy all of your u
Alan DeKok wrote:
Marek Gradzki <[EMAIL PROTECTED]> wrote:
I would like to setup some common attribute values in the
group profile, which is also stored in
the LDAP server but in the other subtree, and import them to user
profile during authentication.
Now it does not work.
See the FAQ for
Marek Gradzki <[EMAIL PROTECTED]> wrote:
> I would like to setup some common attribute values in the
> group profile, which is also stored in
> the LDAP server but in the other subtree, and import them to user
> profile during authentication.
> Now it does not work.
See the FAQ for "it doesn't
I already started to write it.
Thanks,
Kevin,
Alan DeKok wrote:
kevin <[EMAIL PROTECTED]> wrote:
Well, I want to return different attributes for
-password-mismatched users
-authenticated but Calling-Station-Id is in my-block-list
-authenticated and Calling-Station-Id is not in my
kevin <[EMAIL PROTECTED]> wrote:
> Well, I want to return different attributes for
> -password-mismatched users
> -authenticated but Calling-Station-Id is in my-block-list
> -authenticated and Calling-Station-Id is not in my-block-list.
I want people to state their requirements up front, rat
Well, I want to return different attributes for
-password-mismatched users
-authenticated but Calling-Station-Id is in my-block-list
-authenticated and Calling-Station-Id is not in my-block-list.
I cannot use "users".
Kevin
Alan DeKok wrote:
kevin <[EMAIL PROTECTED]> wrote:
The
kevin <[EMAIL PROTECTED]> wrote:
> The reason that I want to put it to post-auth is that it should be done
> only for authenticated users.
> That's why I cannot use "users".
If the user is rejected, all attributes are stripped from the
response.
You *can* use "users". Everyone else does.
The reason that I want to put it to post-auth is that it should be done
only for authenticated users.
That's why I cannot use "users".
Kevin
Alan DeKok wrote:
kevin <[EMAIL PROTECTED]> wrote:
I want to do it in post-auth and post-proxy which cannot be done by
"users". I thought
kevin <[EMAIL PROTECTED]> wrote:
> I want to do it in post-auth and post-proxy which cannot be done by
> "users". I thought that's why we use rewrite_filter/attr. No?
You can put the checks in the "authorize" section, and it will work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See ht
kevin wrote:
Alan DeKok wrote:
kevin <[EMAIL PROTECTED]> wrote:
What I want to do is something like
if (Calling-Station-ID == 5045551234) then add some filters to the
DEFAULT reply attributes.
The "users" file can do this. Use it.
I want to do i
Alan DeKok wrote:
kevin <[EMAIL PROTECTED]> wrote:
What I want to do is something like
if (Calling-Station-ID == 5045551234) then add some filters to the
DEFAULT reply attributes.
The "users" file can do this. Use it.
I want to do it in post-auth and post-proxy w
kevin <[EMAIL PROTECTED]> wrote:
> What I want to do is something like
> if (Calling-Station-ID == 5045551234) then add some filters to the
> DEFAULT reply attributes.
The "users" file can do this. Use it.
> It seems that rewrite_filter cannot add some attributes to DEFAULT and
> rewrite_att
But, I want to use rlm_rewrite_attr or
rewrite_filter.
Look at my comments below.
Nicolas Baradakis wrote:
kevin wrote:
I want to get some idea about how to manipulate attributes before we
respond to NAS.
For example, before I send Access-Accept packet to the NAS, I want to
add t
kevin wrote:
> I want to get some idea about how to manipulate attributes before we
> respond to NAS.
>
> For example, before I send Access-Accept packet to the NAS, I want to
> add two additional attributes (let's say S and T) to NAS-1 and add X, Y,
> and Z to NAS-2. In short, I want to add s
Firstly, run freeradius is debug mode (radiusd -X) and it will tell you
exactly what it is doing. You should be able to see which attribute it
has retrieved from the directory to add to the reply.
A few things to look at would be:
1) Do you have ldap configured in the authorize section of radius
zack musa <[EMAIL PROTECTED]> wrote:
> values like
...
> are still unavailable both in radacct and detail file.
Fix the NAS. See the FAQ.
> Do we need to enable any scripts through some
> configuration file to write it in radacct or detail
> log files?
There is nothing you can do to the se
51 matches
Mail list logo
