<div dir="ltr">In line (same as you). <br><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Jun 13, 2014 at 4:47 AM, Arran Cudbard-Bell <span dir="ltr"><<a href="mailto:a.cudbardb@freeradius.org" target="_blank">a.cudbardb@freeradius.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class=""><br>
On 13 Jun 2014, at 09:32, Brandon Jozsa <<a href="mailto:bjozsa@gmail.com">bjozsa@gmail.com</a>> wrote:<br>
<br>
> Hello,<br>
><br>
> I've been trying to work through the issues and by searching high and low for solutions before turning to this users list. I'm sorry if this is a stupid question (I've seen worse though, so maybe I shouldn't feel bad).<br>
><br>
> I have a very high need to use the rlm_cache module with Freeradius on CentOS 6.5. I'm trying to first us the statement:<br>
><br>
> ----- snipped -----<br>
><br>
> authorize {<br>
> if (!notfound) {<br>
> update control {<br>
> Proxy-To-Realm := "SOME_REALM"<br>
> }<br>
> }<br>
> ----- snipped -----<br>
><br>
> which works GREAT alone...but I also want to use the cache function like so:<br>
><br>
> ----- snipped -----<br>
> update control {<br>
> Cache-Status-Only = 'yes'<br>
> }<br>
> cache<br>
> if (notfound) {<br>
> sql<br>
> }<br>
> update control {<br>
> Cache-Status-Only := 'no'<br>
> }<br>
> cache<br>
<br>
</div><div class="">In 3.0.4 that will be.<br>
<br>
update control {<br>
</div> Cache-Read-Only = 'yes'<br>
}<br>
cache<br>
if (notfound) {<br>
sql<br>
cache<br>
}<br>
<br>
Much nicer :)<br></blockquote><div><br></div><div>I like it! Can't wait to play around with the new version...when CentOS finally catches up!</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div class=""><br>
<br>
> which doesn't work (obviously) because rlm_cache isn't included with 2.1.12, or so it seems anyway.<br>
<br>
</div>Yep.<br>
<div class=""><br>
> My hope is (it is a hope anyway) that I can collect authN/authZ replies from an upstream radius server and cache them locally; thus building a mysql database of users access/privileges and let this run on an environment before cutting completely over to our new Freeradius setup. Again, I'm hoping it can work like this...getting rid of RSA and using LinOTP or MOTP would be so nice;<br>
<br>
</div>Yubikey FTW.<br></blockquote><div><br></div><div>Good suggestion, I will check it out. Thanks for the tip.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div class=""><br>
> it would be more flexible and user friendly, but I really need to collect authN and authZ in order to rebuild our massive user-base.<br>
><br>
> My issue...CentOS, which is our "approved platform" (I'm rolling my eyes and giving air quotes), doesn't have a newer version of Freeradius other than 2.1.12. I think the rlm_cache modules are only included in 3.0.0 and higher, is that right?<br>
<br>
</div><div class="">No, a cut down version is also present 2.2.x from 2.2.0, and working since 2.2.1.<br></div></blockquote><div><br></div><div>So, I'm not crazy...and what I want to do can actually be done? Reading through a lot of the documentation, that seemed to be an appropriate way to forklift a Freeradius solution into our environment...a TRUE forklift, if it can be done this way.</div>
<div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class="">
<br>
</div><div class="">> So, I started looking on how to build from source...and I found one; great news I thought!! Enter: <a href="http://confluence.diamond.ac.uk/display/PAAUTH/FreeRADIUS+specs+and+sources+for+CentOS+6" target="_blank">http://confluence.diamond.ac.uk/display/PAAUTH/FreeRADIUS+specs+and+sources+for+CentOS+6</a>. I thought this would save the day, but there are broken links for 3.0.0 and I am running into major issues;<br>
<br>
</div><div class="">There are spec files for RHEL bundled with the source, chances are you can just use those...<br></div></blockquote><div><br></div><div>Didn't seem to work, like I mentioned below. Wasted a lot of time trying to go down that route.</div>
<div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class="">
<br>
</div><div class="">> it just doesn't seem to work at all. I also tried to build it out, take the rlm_cache.so lib over to my 2.1.12 installation, but Freeradius barfed all over that little trick.<br>
<br>
</div><div class="">In FreeRADIUS 3.0.x we added explicit validation checks to stop people trying to do stuff like that. There's no guarantee the ABI of libfreeradius will be compatible between versions, and given how frequently the internal API changes, there's a good chance it won't be.<br>
</div></blockquote><div><br></div><div>Makes sense, and I can understand why...it's a way to control things. I think some of the suggestions to use version 2.2.5 may be an option, and not really break anything. That's even something that would compile easier...worst case scenario. Thanks for the tips everyone! Really glad to be part of the group and even help contribute!</div>
<div><br><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class="">
-Arran<br>
<br>
</div>Arran Cudbard-Bell <<a href="mailto:a.cudbardb@freeradius.org">a.cudbardb@freeradius.org</a>><br>
<div class=""><div class="h5">FreeRADIUS Development Team<br>
<br>
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2<br>
<br>
</div></div><br>-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Brandon<br>
</div></div>