Re: [vchkpw] OT: Radius server
Charles Sprickman wrote: On Wed, 31 Mar 2004, Doug Clements wrote: Radiator (open.com.au) rules. You can do virtually anything, including custom SQL queries. I know, I used to use it. Best radius server ever. But it costs $$ that we don't have. A good start to getting something else working would be if someone could explain how the pw_gid values work and what the numbers represent; gnu-radius has some rewrite rules that may allow me to somewhat alter (in a sneaky and hackish way) my queries based on which NAS the request comes from. But so far I'm not finding any information on how to determine what particular numeric values in the pw_gid field mean... vpopmail.h lines 86-100
Re: [vchkpw] OT: Radius server
On Wed, 31 Mar 2004, Doug Clements wrote: Radiator (open.com.au) rules. You can do virtually anything, including custom SQL queries. I know, I used to use it. Best radius server ever. But it costs $$ that we don't have. A good start to getting something else working would be if someone could explain how the pw_gid values work and what the numbers represent; gnu-radius has some rewrite rules that may allow me to somewhat alter (in a sneaky and hackish way) my queries based on which NAS the request comes from. But so far I'm not finding any information on how to determine what particular numeric values in the pw_gid field mean... Thanks, Charles --Doug - Original Message - From: Charles Sprickman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 5:42 PM Subject: [vchkpw] OT: Radius server Hi all, This is somewhat OT, but I'm curious what people here are using for radius authentication against the vpopmail mysql db? There are a number that support SQL auth, but the whole pw_gid thing in vpopmail is giving me some pains. I wish to use the dialup y/n flags that end up in the pw_gid field, but I'm also looking to use the user defined flags to also denote if a given user should be able to auth via radius for news or roaming dialup. So far this doesn't look possible (or let's say easy). FreeRadius, gnu-radius, openradius all lack the ability to alter the sql query based on which client NAS connects. How are other people solving this problem? I'd love to keep the vpopmail db as the master reference for all radius-authenticated services. Also, does anyone have some info on what exactly the values in pw_gid are? It's numeric, and it varies is about all I can gather from poking around. Thanks, Charles
Re: [vchkpw] OT: Radius server
Charles Sprickman wrote: On Wed, 31 Mar 2004, Doug Clements wrote: Radiator (open.com.au) rules. You can do virtually anything, including custom SQL queries. I know, I used to use it. Best radius server ever. But it costs $$ that we don't have. A good start to getting something else working would be if someone could explain how the pw_gid values work and what the numbers represent; gnu-radius has some rewrite rules that may allow me to somewhat alter (in a sneaky and hackish way) my queries based on which NAS the request comes from. But so far I'm not finding any information on how to determine what particular numeric values in the pw_gid field mean... vpopmail.h lines 86-100
Re: [vchkpw] OT: Radius server
On Wednesday 31 March 2004 07:42 pm, Charles Sprickman wrote: Hi all, Also, does anyone have some info on what exactly the values in pw_gid are? It's numeric, and it varies is about all I can gather from poking around. I'll try to give a detailed listing. #define NO_PASSWD_CHNG 0x01 If set, the code should not allow the password to be changed #define NO_POP 0x02 If set, reject pop authentications #define NO_WEBMAIL 0x04 If set, reject webmail authentications #define NO_IMAP0x08 If set, reject imap authentications #define BOUNCE_MAIL0x10 If set, bounce any incoming mail back to the sender #define NO_RELAY 0x20 If set, do not allow the account to relay email. This is useful for sites that want to have email accounts that are only allowed to send email internally. #define NO_DIALUP 0x40 If set, code should not allow dialup access. This was originally added to support radius sites. #define V_USER0 0x080 #define V_USER1 0x100 #define V_USER2 0x200 #define V_USER3 0x400 After adding the NO_DIALUP flag we relalized there may be other flags people will want that are not directly used by any email code. #define NO_SMTP 0x800 If set, do not allow smtp connections. #define QA_ADMIN 0x1000 If set, the user is granted admin privilages in qmailadmin #define V_OVERRIDE 0x2000 If set, the user is not subject to domain limits. Part of the vlimit code. #define NO_SPAMASSASSIN 0x4000 If set, (and --enable-spamassassin=y) do not process the incoming mail through spamassassin. #define DELETE_SPAM 0x8000 with --enable-spamasssassin=y setting this flag will delete all email above the users required_hits preference. Ken Jones
Re: [vchkpw] OT: Radius server
Would someone please make sure this information finds a home somewhere in the vpopmail distribution! Thanks, Rick Ken Jones wrote: On Wednesday 31 March 2004 07:42 pm, Charles Sprickman wrote: Hi all, Also, does anyone have some info on what exactly the values in pw_gid are? It's numeric, and it varies is about all I can gather from poking around. I'll try to give a detailed listing. #define NO_PASSWD_CHNG 0x01 If set, the code should not allow the password to be changed #define NO_POP 0x02 If set, reject pop authentications #define NO_WEBMAIL 0x04 If set, reject webmail authentications #define NO_IMAP0x08 If set, reject imap authentications #define BOUNCE_MAIL0x10 If set, bounce any incoming mail back to the sender #define NO_RELAY 0x20 If set, do not allow the account to relay email. This is useful for sites that want to have email accounts that are only allowed to send email internally. #define NO_DIALUP 0x40 If set, code should not allow dialup access. This was originally added to support radius sites. #define V_USER0 0x080 #define V_USER1 0x100 #define V_USER2 0x200 #define V_USER3 0x400 After adding the NO_DIALUP flag we relalized there may be other flags people will want that are not directly used by any email code. #define NO_SMTP 0x800 If set, do not allow smtp connections. #define QA_ADMIN 0x1000 If set, the user is granted admin privilages in qmailadmin #define V_OVERRIDE 0x2000 If set, the user is not subject to domain limits. Part of the vlimit code. #define NO_SPAMASSASSIN 0x4000 If set, (and --enable-spamassassin=y) do not process the incoming mail through spamassassin. #define DELETE_SPAM 0x8000 with --enable-spamasssassin=y setting this flag will delete all email above the users required_hits preference. Ken Jones
[vchkpw] OT: Radius server
Hi all, This is somewhat OT, but I'm curious what people here are using for radius authentication against the vpopmail mysql db? There are a number that support SQL auth, but the whole pw_gid thing in vpopmail is giving me some pains. I wish to use the dialup y/n flags that end up in the pw_gid field, but I'm also looking to use the user defined flags to also denote if a given user should be able to auth via radius for news or roaming dialup. So far this doesn't look possible (or let's say easy). FreeRadius, gnu-radius, openradius all lack the ability to alter the sql query based on which client NAS connects. How are other people solving this problem? I'd love to keep the vpopmail db as the master reference for all radius-authenticated services. Also, does anyone have some info on what exactly the values in pw_gid are? It's numeric, and it varies is about all I can gather from poking around. Thanks, Charles
Re: [vchkpw] OT: Radius server
Radiator (open.com.au) rules. You can do virtually anything, including custom SQL queries. --Doug - Original Message - From: Charles Sprickman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 5:42 PM Subject: [vchkpw] OT: Radius server Hi all, This is somewhat OT, but I'm curious what people here are using for radius authentication against the vpopmail mysql db? There are a number that support SQL auth, but the whole pw_gid thing in vpopmail is giving me some pains. I wish to use the dialup y/n flags that end up in the pw_gid field, but I'm also looking to use the user defined flags to also denote if a given user should be able to auth via radius for news or roaming dialup. So far this doesn't look possible (or let's say easy). FreeRadius, gnu-radius, openradius all lack the ability to alter the sql query based on which client NAS connects. How are other people solving this problem? I'd love to keep the vpopmail db as the master reference for all radius-authenticated services. Also, does anyone have some info on what exactly the values in pw_gid are? It's numeric, and it varies is about all I can gather from poking around. Thanks, Charles