Arran Cudbard-Bell wrote:
I didn't know freeradius supported bitwise operators ! They're not
listed anywhere so I assumed you couldn't use them ?!
It doesn't support them. But it shouldn't be too hard to add. In the
CVS head, I'm doing some large cleanups to make features like this much
Arran Cudbard-Bell wrote:
Yeah, complex sql really can be quite slow, specially when the queries
are being run multiple times for all the rounds required in eap
authentication.
If you're using the TLS variants of EAP, you can do:
DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Autz-Type :=
Alan DeKok wrote:
Arran Cudbard-Bell wrote:
Yeah, complex sql really can be quite slow, specially when the queries
are being run multiple times for all the rounds required in eap
authentication.
If you're using the TLS variants of EAP, you can do:
DEFAULT
Arran Cudbard-Bell wrote:
This could also be done cleaner (but slower) with cleverly designed SQL
tables or stored procedures
Yeah, complex sql really can be quite slow, specially when the queries
are being run multiple times for all the rounds required in eap
authentication.
You've
Alan DeKok wrote:
Arran Cudbard-Bell wrote:
Yeah, complex sql really can be quite slow, specially when the queries
are being run multiple times for all the rounds required in eap
authentication.
If you're using the TLS variants of EAP, you can do:
Except if you're using plain EAP-TLS
Arran Cudbard-Bell wrote:
Wow this is going to speed stuff up so much !
We use this trick extensively. It works really well.
Ahh yes, I just got how this could work... because to deal with the
contents of the eap tunnel freeradius proxies it to itself...
Yes. And if you set
Phil Mayers wrote:
Arran Cudbard-Bell wrote:
This could also be done cleaner (but slower) with cleverly designed SQL
tables or stored procedures
Yeah, complex sql really can be quite slow, specially when the queries
are being run multiple times for all the rounds required in
Phil Mayers wrote:
Except if you're using plain EAP-TLS where there's no inner tunnel IIRC?
Yes.
I have wondered where it might be sensible to fake a PAP request with
the certificate details for EAP-TLS. This would provide (I think) quite
a good way for people to do certificate checking
Matt Ashfield wrote:
Hi,
We'd like to use FR to assign users on our wired network to one of 30
different vlans on campus, based on an LDAP field. Currently, we are doing
this with huntgroups. Namely, we create a huntgroup for the NAS (in our
case, a network switch), and then in the users
you could extend your ldap schema and add a field for the vlan a user should
belong too.
then all you would need is to query that field and propogate the variable.
Tunnel-Private-Group-Id=`%{private-vlan}`
On 4/19/07, Matt Ashfield [EMAIL PROTECTED] wrote:
Hi,
We'd like to use FR to assign
Matt, how about the configuration that you have to have in the switch
Can you Help me
Robinson
[EMAIL PROTECTED]
On 4/19/07, Matt Ashfield [EMAIL PROTECTED] wrote:
Hi,
We'd like to use FR to assign users on our wired network to one of 30
different vlans on campus, based on an LDAP
I was afraid someone would say that! Haha
Matt
-Original Message-
From: Donny Jekels [mailto:[EMAIL PROTECTED]
Sent: April 19, 2007 10:57 AM
To: [EMAIL PROTECTED]; FreeRadius users mailing list
Subject: Re: suggestions for multiple vlans in hundreds of switches
you could extend
Yeah, there's that too. We need to create these vlans within the edge
switches as well. Once created, you shouldn't have to touch them again.
Or you don't create them at the edge, and instead just create them in the
core, however that kind of kills the advantage of extending your vlans to
Hi,
This seems to work. The issue is scale. I have would conceivably have to
have a huntgroup definition in the huntgroups file for each NAS. And if I
wanted 30 vlans, I'd have to have 30 definitions like the ones above in my
users file for EACH one of my NAS's.
that would depend on what
14 matches
Mail list logo