Ldap attribute in pre-proxy possible?

Mike lonetraveller at gmail.com
Fri May 11 21:25:27 CEST 2012 

>  Phil,

I meant to say proxy-request, not proxy-reply.

Secondly, why would you need a log file to show an attribute expanding to nothing? I just told you it is expanding to nothing aka it has no assigned value once reaching the pre-proxy stage.



> Message: 3
> Date: Fri, 11 May 2012 18:07:40 +0100
> From: Phil Mayers <p.mayers at imperial.ac.uk>
> To: freeradius-users at lists.freeradius.org
> Subject: Re: Ldap attribute in pre-proxy possible?
> Message-ID: <4FAD475C.7090109 at imperial.ac.uk>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> 
> On 11/05/12 16:39, Mike wrote:
>> Hello,
>> 
>> Is it possible store and access an ldap attribute in pre-proxy? 1.
>> Attribute defined in dictionary 2. Attribute mapped in ldap.attrmap
>> 2. Trying to access using:
>> 
>> pre-proxy { If (%{reply:attributename} == "cookies" { update
>> proxy-reply { Whatever = "cookies" }} }
> 
> You can't update the proxy-reply in pre-proxy; there is no proxy-reply 
> at this stage.
> 
>> 
>> the problem is the attribute is expanding to nothing. This does work
>> in the auth section but i need to update the proxy msg. What am i
>> doing wrong?
> 
> We don't know, because we're not psychic and you didn't include a debug 
> of it failing.
> 
> 
> 
> ------------------------------
> 
> Message: 4
> Date: Fri, 11 May 2012 13:42:29 -0400
> From: "Luo, Frank Y.F. Mr." <luoy at muohio.edu>
> To: "freeradius-users at lists.freeradius.org"
>    <freeradius-users at lists.freeradius.org>
> Subject: max_request
> Message-ID: <200CB918-2061-4829-A888-8901A235E952 at muohio.edu>
> Content-Type: text/plain; charset="us-ascii"
> 
> So there is this setting max_request  that the server keeps track of. The question is how i can find the current active request that the server keeps track of. 
> 
> My experience is the sever silently drops the connection if max_request is reached. So I want to find out more info about the current status of the server.
> 
> Thanks
> 
> Frank
> 
> 
> 
> ------------------------------
> 
> Message: 5
> Date: Fri, 11 May 2012 20:25:06 +0200
> From: Alan DeKok <aland at deployingradius.com>
> To: FreeRadius users mailing list
>    <freeradius-users at lists.freeradius.org>
> Subject: Re: max_request
> Message-ID: <4FAD5982.1080708 at deployingradius.com>
> Content-Type: text/plain; charset=ISO-8859-1
> 
> Luo, Frank Y.F. Mr. wrote:
>> So there is this setting max_request  that the server keeps track of. The question is how i can find the current active request that the server keeps track of. 
>> 
>> My experience is the sever silently drops the connection if max_request is reached. So I want to find out more info about the current status of the server.
> 
>  In 2.1.12, there's no way to see that number in a "live" server.
> 
>  Alan DeKok.
> 
> 
> ------------------------------
> 
> Message: 6
> Date: Fri, 11 May 2012 14:31:09 -0400
> From: "Luo, Frank Y.F. Mr." <luoy at muohio.edu>
> To: FreeRadius users mailing list
>    <freeradius-users at lists.freeradius.org>
> Subject: Re: max_request
> Message-ID: <0C11C863-C520-491D-AD91-320B65E54B97 at muohio.edu>
> Content-Type: text/plain; charset="us-ascii"
> 
> are you sure? 
> 
> Then how do i know I run out of request number and need to increase it?
> 
> Thanks
> 
> Frank
> On May 11, 2012, at 2:25 PM, Alan DeKok wrote:
> 
>> Luo, Frank Y.F. Mr. wrote:
>>> So there is this setting max_request  that the server keeps track of. The question is how i can find the current active request that the server keeps track of. 
>>> 
>>> My experience is the sever silently drops the connection if max_request is reached. So I want to find out more info about the current status of the server.
>> 
>> In 2.1.12, there's no way to see that number in a "live" server.
>> 
>> Alan DeKok.
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 
> 
> 
> ------------------------------
> 
> Message: 7
> Date: Fri, 11 May 2012 20:39:03 +0200
> From: Alan DeKok <aland at deployingradius.com>
> To: FreeRadius users mailing list
>    <freeradius-users at lists.freeradius.org>
> Subject: Re: max_request
> Message-ID: <4FAD5CC7.1090502 at deployingradius.com>
> Content-Type: text/plain; charset=ISO-8859-1
> 
> Luo, Frank Y.F. Mr. wrote:
>> are you sure? 
>> 
>> Then how do i know I run out of request number and need to increase it?
> 
>  You read the logs.
> 
>  You CANNOT increase it while the server is running.
> 
>  The best approach is to set it to a large value, and ignore it.  If
> you get errors in the logs about "max_requests", it means that something
> is catastrophically wrong.  Increasing "max_requests" WILL NOT HELP.
> 
>  You will need to fix the underlying problem: usually a slow / broken
> database.
> 
>  Alan DeKok.
> 
> 
> ------------------------------
> 
> Message: 8
> Date: Fri, 11 May 2012 14:45:29 -0400
> From: "Luo, Frank Y.F. Mr." <luoy at muohio.edu>
> To: FreeRadius users mailing list
>    <freeradius-users at lists.freeradius.org>
> Subject: Re: max_request
> Message-ID: <A6E5F923-8012-468F-8E93-5CA954B97F87 at muohio.edu>
> Content-Type: text/plain; charset="us-ascii"
> 
> I will read the logs - but what I look for in the log?
> 
> I already set it to a large value and don't expect problem but i wan to verify that by either find the "active" request number or look for something in log to make sure it  is / is not this max_request problem.
> 
> THanks
> 
> Frank
> 
> 
> On May 11, 2012, at 2:39 PM, Alan DeKok wrote:
> 
>> Luo, Frank Y.F. Mr. wrote:
>>> are you sure? 
>>> 
>>> Then how do i know I run out of request number and need to increase it?
>> 
>> You read the logs.
>> 
>> You CANNOT increase it while the server is running.
>> 
>> The best approach is to set it to a large value, and ignore it.  If
>> you get errors in the logs about "max_requests", it means that something
>> is catastrophically wrong.  Increasing "max_requests" WILL NOT HELP.
>> 
>> You will need to fix the underlying problem: usually a slow / broken
>> database.
>> 
>> Alan DeKok.
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 
> 
> 
> ------------------------------
> 
> Message: 9
> Date: Fri, 11 May 2012 14:12:16 -0500
> From: Steve Hopps <steve.hopps at gmail.com>
> To: freeradius-users at lists.freeradius.org
> Subject: EAP/TTLS Auth problem
> Message-ID:
>    <CAOxapJxED9bgrpE=UCpcrNi9NGKMv7U-EyaSzh2As=xTw2VZwQ at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
> 
> I'm trying to use FreeRadius with OpenLDAP for authentication of some
> Nanostation M2 access points, but have had no luck getting it to work.
> When using rad_eap_test to experiment, I logged the following:
> 
> Found Auth-Type = PAP
> # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
> +- entering group PAP {...}
> [pap] login attempt with password "-removed-"
> [pap] Using CRYPT password "*"
> [pap] Passwords don't match
> ++[pap] returns reject
> Failed to authenticate the user.
> 
> Can anyone suggest what I'm doing wrong? The output for this section
> is the same with rad_eap_test or the AP itself.
> 
> 
> ------------------------------
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 
> End of Freeradius-Users Digest, Vol 85, Issue 39
> ************************************************

More information about the Freeradius-Users mailing list