<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><br><div><div>On 14 Sep 2011, at 03:27, 2394263740 wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div>Arran,</div>
<div> </div>
<div>I'm using PEAP. Do you have any suggestion to grant access?</div></blockquote><div><br></div><div>PEAP uses MSCHAPv2 as the inner method, and MSCHAPv2 requires that the client and the server both know the password, else authentication will fail.</div><div><br></div><div>One option is to set some static credentials for when the database is offline. But honestly that'll just cause more trouble, because A) Users won't remember what the emergency credentials were, and B) even if they do enter the new password, half of them will screw up re-entering their original password when the service returns to normal.</div><div><br></div><div>You could also dump the list of SQL users out into a password file and use that instead? Same syntax that I posed before, but change:</div><div><br></div><div><blockquote type="cite"><div><includetail><div style="color: rgb(0, 0, 0); ">update control {<br>Auth-Type := 'Accept'<br>}</div></includetail></div></blockquote><br></div><div>To an instance of the password module.</div><div><br></div><div>-Arran</div><div><br></div><br><blockquote type="cite">
<div> </div>
<div>Thanks!</div>
<div><includetail>
<div> </div>
<div> </div>
<div style="COLOR: #000">
<div style="PADDING-BOTTOM: 2px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: Arial Narrow; FONT-SIZE: 12px; PADDING-TOP: 2px">------------------ Original ------------------</div>
<div style="PADDING-BOTTOM: 8px; PADDING-LEFT: 8px; PADDING-RIGHT: 8px; BACKGROUND: #efefef; FONT-SIZE: 12px; PADDING-TOP: 8px">
<div id="menu_sender"><b>From: </b> "freeradius-users"<<a href="mailto:freeradius-users-request@lists.freeradius.org">freeradius-users-request@lists.freeradius.org</a>>;</div>
<div><b>Date: </b> Tue, Sep 13, 2011 11:59 PM</div>
<div><b>To: </b> "freeradius-users"<<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>>; <wbr></div>
<div></div>
<div><b>Subject: </b> Freeradius-Users Digest, Vol 77, Issue 50</div></div>
<div> </div>Send Freeradius-Users mailing list submissions to<br><a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br><br>To subscribe or unsubscribe via the World Wide Web, visit<br>http://lists.freeradius.org/mailman/listinfo/freeradius-users<br>or, via email, send a message with subject or body 'help' to<br>freeradius-users-request@lists.freeradius.org<br><br>You can reach the person managing the list at<br>freeradius-users-owner@lists.freeradius.org<br><br>When replying, please edit your Subject line so it is more specific<br>than "Re: Contents of Freeradius-Users digest..."<br><br><br>Today's Topics:<br><br> 1. Grant Access ( 2394263740 )<br> 2. Re: Grant Access (Arran Cudbard-Bell)<br> 3. Quick enable/disable user account. ( 2394263740 )<br> 4. Re: Quick enable/disable user account. (Alan DeKok)<br> 5. Re: Quick enable/disable user account. (Arran Cudbard-Bell)<br> 6. RE: Quick enable/disable user account. (Tim Sylvester)<br><br><br>----------------------------------------------------------------------<br><br>Message: 1<br>Date: Tue, 13 Sep 2011 23:07:31 +0800<br>From: " 2394263740 " <2394263740@qq.com><br>Subject: Grant Access<br>To: " freeradius-users " <freeradius-users@lists.freeradius.org><br>Message-ID: <tencent_1ABBB04B470455063AD97831@qq.com><br>Content-Type: text/plain; charset="iso-8859-1"<br><br>Hello,<br>I'm using free radius server 2.1.11 on Linux Enterprise Server 6.1.<br>OS: Linux Enterprise Server 6.1<br>Radius: free radius server 2.1.11<br>Database: Mysql<br> <br> When the system goes wrong, I would like temporary grant all access request.<br> <br> Which means during the service is down, any username/password will be grant access.<br> <br> Can you please advise the solution?<br> <br> Thanks!<br> <br> Tom<br>-------------- next part --------------<br>An HTML attachment was scrubbed...<br>URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110913/89760c49/attachment.html><br><br>------------------------------<br><br>Message: 2<br>Date: Tue, 13 Sep 2011 17:16:02 +0200<br>From: Arran Cudbard-Bell <a.cudbardb@freeradius.org><br>Subject: Re: Grant Access<br>To: FreeRadius users mailing list<br><freeradius-users@lists.freeradius.org><br>Message-ID: <9285C1EC-7439-4652-8AEC-22FBAD42A485@freeradius.org><br>Content-Type: text/plain; charset="iso-8859-1"<br><br><br>On 13 Sep 2011, at 17:07, 2394263740 wrote:<br><br>> Hello,<br>> I'm using free radius server 2.1.11 on Linux Enterprise Server 6.1.<br>> OS: Linux Enterprise Server 6.1<br>> Radius: free radius server 2.1.11<br>> Database: Mysql<br>> <br>> When the system goes wrong, I would like temporary grant all access request.<br>> <br>> Which means during the service is down, any username/password will be grant access.<br>> <br>> Can you please advise the solution?<br><br>sql<br>if(fail){<br>update control {<br>Auth-Type := 'Accept'<br>}<br>}<br><br>This will not work for protocols like PEAP. But should work for PAP, and CHAP.<br><br>-Arran<br><br>Arran Cudbard-Bell<br>a.cudbardb@freeradius.org<br><br>RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time.<br><br>-------------- next part --------------<br>An HTML attachment was scrubbed...<br>URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110913/b2a99bf6/attachment.html><br><br>------------------------------<br><br>Message: 3<br>Date: Tue, 13 Sep 2011 23:32:43 +0800<br>From: " 2394263740 " <2394263740@qq.com><br>Subject: Quick enable/disable user account.<br>To: " freeradius-users " <freeradius-users@lists.freeradius.org><br>Message-ID: <tencent_604FCE075B879FA320DD1DCF@qq.com><br>Content-Type: text/plain; charset="iso-8859-1"<br><br>Hello,<br>I'm using free radius server 2.1.11 on Linux Enterprise Server 6.1.<br>OS: Linux Enterprise Server 6.1<br>Radius: free radius server 2.1.11<br>Database: Mysql<br> <br> <br> <br>Sometime, I need disable a user account in mysql database. And then enable it later on after some check complete.<br> <br> <br> <br>Can you please advise how to toggle such status?<br> <br> <br> <br>There're may be multiple solutions, please advise them all, so I can choose a one most fit the needs.<br> <br> <br> <br>Thanks!<br> <br> <br> <br>Tom<br>-------------- next part --------------<br>An HTML attachment was scrubbed...<br>URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110913/3f186dfc/attachment.html><br><br>------------------------------<br><br>Message: 4<br>Date: Tue, 13 Sep 2011 17:39:48 +0200<br>From: Alan DeKok <aland@deployingradius.com><br>Subject: Re: Quick enable/disable user account.<br>To: FreeRadius users mailing list<br><freeradius-users@lists.freeradius.org><br>Message-ID: <4E6F7944.5050204@deployingradius.com><br>Content-Type: text/plain; charset=ISO-8859-1<br><br>2394263740 wrote:<br>> Sometime, I need disable a user account in mysql database. And then<br>> enable it later on after some check complete.<br>> <br>> Can you please advise how to toggle such status?<br><br> See the MySQL documentation for how to write to rows in MySQL.<br><br>> There're may be multiple solutions, please advise them all, so I can<br>> choose a one most fit the needs.<br><br> Try harder.<br><br> Alan DeKok.<br><br><br>------------------------------<br><br>Message: 5<br>Date: Tue, 13 Sep 2011 17:42:54 +0200<br>From: Arran Cudbard-Bell <a.cudbardb@freeradius.org><br>Subject: Re: Quick enable/disable user account.<br>To: FreeRadius users mailing list<br><freeradius-users@lists.freeradius.org><br>Message-ID: <AF7E673D-1735-467E-B0C8-06C49AC33E87@freeradius.org><br>Content-Type: text/plain; charset="iso-8859-1"<br><br>No. You're treating this like paid support. Go and find out the answer for yourself, this is not a FeeRADIUS question.<br><br>-Arran<br><br>Arran Cudbard-Bell<br>a.cudbardb@freeradius.org<br><br>RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time.<br><br>-------------- next part --------------<br>An HTML attachment was scrubbed...<br>URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110913/1d2cbd68/attachment.html><br><br>------------------------------<br><br>Message: 6<br>Date: Tue, 13 Sep 2011 08:59:15 -0700<br>From: "Tim Sylvester" <tim.sylvester@networkradius.com><br>Subject: RE: Quick enable/disable user account.<br>To: "'FreeRadius users mailing list'"<br><freeradius-users@lists.freeradius.org><br>Message-ID: <041301cc722e$1745e360$45d1aa20$@networkradius.com><br>Content-Type: text/plain; charset="us-ascii"<br><br>Set Auth-Type := Reject in radcheck.<br><br> <br><br>http://deployingradius.com/documents/configuration/auth_type.html<br><br> <br><br>Tim<br><br> <br><br> <br><br>From:<br>freeradius-users-bounces+tim.sylvester=networkradius.com@lists.freeradius.or<br>g<br>[mailto:freeradius-users-bounces+tim.sylvester=networkradius.com@lists.freer<br>adius.org] On Behalf Of 2394263740<br>Sent: Tuesday, September 13, 2011 8:33 AM<br>To: freeradius-users<br>Subject: Quick enable/disable user account.<br><br> <br><br>Hello,<br>I'm using free radius server 2.1.11 on Linux Enterprise Server 6.1.<br>OS: Linux Enterprise Server 6.1<br>Radius: free radius server 2.1.11<br>Database: Mysql<br><br> <br><br>Sometime, I need disable a user account in mysql database. And then enable<br>it later on after some check complete.<br><br> <br><br>Can you please advise how to toggle such status?<br><br> <br><br>There're may be multiple solutions, please advise them all, so I can choose<br>a one most fit the needs.<br><br> <br><br>Thanks!<br><br> <br><br>Tom<br><br>-------------- next part --------------<br>An HTML attachment was scrubbed...<br>URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110913/044b7e97/attachment.html><br><br>------------------------------<br><br>-<br>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<br><br><br>End of Freeradius-Users Digest, Vol 77, Issue 50<br>************************************************<br></div></includetail></div>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a></blockquote></div><br><div>
<span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; ">Arran Cudbard-Bell<br><a href="mailto:a.cudbardb@freeradius.org">a.cudbardb@freeradius.org</a><br><br>RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time.</span>
</div>
<br></body></html>