Server :: Freeradius User / Group ACL - Wont Be Able To Connect 192.168.1.0
Feb 16, 2011
I have a radius server with just one NAS. I requires the following.
1. After authenticating User1 User2 & User 3 can connect to 192.168.1.0 network but rest users User4 User5 User6 wont be able to connect 192.168.1.0
2. User4 User5 User6 will be denied connecting to network 192.168.2.0 after authenticating but rest users which are not specified can connect.
These User1, User2... User6 are system users of the machine.
View 1 Replies
ADVERTISEMENT
Jul 19, 2011
How can I create a user group that restricts Internet privileges to only members in the group, then I will assigns certain applications to join the group for access to the Internet.
For example, I want only group net to have access to the Internet. Group net is then connected to:
Code:
So far, I am using the gnome group policy manager that is standard with ubuntu but Its not working. It is possible that im misdirected and that I should use a firewall instead?
View 2 Replies
View Related
Sep 3, 2010
This netbook only has a user with non-administrative privs on it and root user but I do not have root's password.Is there a way that I can create a new administrative user of change the current user's group so that it can do sudo commands or have more privs?
View 1 Replies
View Related
May 3, 2010
Is it possible to allow a group/user to execute a command, where one of the parameters of the command is a group as well? example that does not work as intended:
Code:
Cmnd_alias SU=/bin/su -l %group1 This example works sortof, it treats the "%group1" literally. I know I can list out the "/bin/su -l <eachuser>", but as you can imagine that is impractical. In this example, I want people in group2(not shown for brevity sake) to be able to su to someone in group1
View 13 Replies
View Related
Nov 16, 2010
Im having a lot of trouble configuring freeradius for Ubuntu. I have freeradius installed but Im having trouble finding any information on how to edit the configuration files to create users and be able to WPA2 Enterprise. The wireless router that I am using is an Linksys WRT54gl.
View 2 Replies
View Related
Oct 15, 2010
I'm running freeradius2-2.1.7-7.el5, on CentOS 5.5. I have gotten all of the authentication setup for active directory and I know that the machine is able to pass requests along to our AD server. However it doesn't appear that freeradius is doing the same. I have been looking at the attached radius -x output for about 2 days now and I have done a ton of searching and have come up relatively empty handed.
View 3 Replies
View Related
Apr 21, 2011
setting up a freeradius server and coovachilli in my ubuntu9.10.. I want software and hardware system requirments needed to install freeradius,coovachilli,mysql and apache.
View 2 Replies
View Related
Feb 6, 2011
I was trying to install and configure freeradius server in centos 5.5 .I installed freeradius 2.1.7. I added a sigle line at the top of the users file like this. bob Cleartext-Password := "hello". when I tried to test using radtest command (radtest bob hello 127.0.0.1 0 testing123).but Igot access-reject mesage from radius server. first I was trying on the same pc with defferent terminal. I serched and tried lot of options but all the time I got the same access reject message. I put debug message in debug site. I can see lot of users posted the same error message in many forums. But I cant find any solutions. I installed ntradping in my laptop and tried but same error. Delaying reject of request 0 for 1 seconds. Going to the next request. Waking up in 0.9 seconds. Sending delayed reject for request 0. Sending Access-Reject of id 16 to 10.10.204.73 port 1619. Waking up in 4.9 seconds. Cleaning up request 0 ID 16 with timestamp +3. Ready to process requests.
View 2 Replies
View Related
Mar 6, 2009
how to install freeradius with dialup admin support on CentOS 5. .
View 1 Replies
View Related
May 25, 2011
I am using RackMonkey to map out my lab. Unfortunately, due to RM limitations, every user who accesses the site has write access UNLESS they are logged in as a user named "guest". I currently have Apache allowing only the users (sysadmins) in an LDAP group access to RM, but I would like to allow read-only access for other users as well.I found mod_authn_anon, but I am having trouble combining the two authentication methods. I am using Apache 2.2.18 (compiled myself) on SLES 11.1.
This is the common part:
Code:
AuthType Basic
AuthBasicProvider ldap anon
Order allow,deny
Allow from all
This part by itself works for the LDAP authentication:
Code:
AuthName "System Admins"
AuthLDAPURL "ldaps://example.com/ou=ldap,o=example.com?mail" SSL
Require ldap-group cn=SysAdmins,ou=memberlist,ou=groups,o=example.com
This part works by itself for guest access:
Code:
Anonymous guest
Anonymous_VerifyEmail Off
Anonymous_MustGiveEmail Off
Anonymous_LogEmail on
Require valid-user
But if I have both of the previous blocks enabled at once, then guest access does not work. If I throw in a "Satisfy any", then I am not prompted for a username at all. How can I allow access to this LDAP group and to a user named "guest", but not allow all valid LDAP users to log in?
View 1 Replies
View Related
Jan 5, 2010
I've configured the RADIUS to use a PostgreSQL DB for accounting. Everything works fine if the connection from the RAD to the SQL is OK. If the PostgreSQL service dead, the RAD will skip the failed connection and continue to work. That's OK, too. But if I shutdown the network interface of the SQL (simulating a connection lost - timeout problem), the RAD thread which processes accounting request will be hung up, remains as active and unresponsive forever. So the RAD will not return anything to accounting client (my NAS).
As more accounting requests come, spare threads for processing the requests will reduce and be used up eventually. I've debugged for a while and found it's the problem of PQexec() function. The function blocks the thread eternally till if the connection lost. I know the RAD version is a little outdated, but I cannot replace it right now. I wonder if there's a way to make the RAD reply to the NAS even when the connection between the RAD and the SQL lost.
View 1 Replies
View Related
Nov 7, 2010
Its 2 weeks i'm trying to configure freeradius2 on centos5 64bit after installed it from yum.all seems working, but i cant authenticate unix users.after digging in many sites its simply cant find user name and password ( ++[unix] returns notfound )Also how can i paste here all the radiusd -X log lines? i can't find any
radius.log file.
View 10 Replies
View Related
Apr 13, 2011
i usually use the connect to server GUI under places in previous versions of ubuntu. I am not able to see the application in ubuntu 11.04
View 6 Replies
View Related
Mar 20, 2011
Where is the connect to server interface in Xubuntu that is present under places menu in ubuntu?
View 1 Replies
View Related
Jan 20, 2010
I'm trying to use Nautilus's connect to server to connect to an ftp server, but I'm having a problem. The username on the ftp server is "anonymous", but it requires a password. When Nautilus sees "anonymous" as the username it assumes it's dealing with a public ftp server and doesn't prompt for a password, and then, of course, I fail to connect.
I've tried modifying the .gtk-bookmarks file to account for this, but this leads to another problem. The password opens with a / and for whatever reason, this leads to Nautilus popping up an error: "Could not connect to ftp://anonymous:0/[rest of password]@[server]". It's adding a "0" to the beginning of my password for some reason. Is there any way to fix this without changing the password?
View 2 Replies
View Related
May 5, 2010
My goal is this: Allow a user to connect to a server via SSH with any login name or password without checking to see if that account exists on that server. Their account would be captured by a universal account say, 'generic_user', and then they would be directed to one of my python scripts with the username and password they supplied for initial login. At this point my script would capture their SSHD process ID and allow/deny their existence based upon a MySQL/Subscription check.
The part I'm having trouble with is with PAM and allowing the user to login with any credentials and be successfully authenticated under the generic account. Beyond that, everything is great.
View 2 Replies
View Related
Mar 17, 2010
I have four users in my red hat linux 9. I want that all these four users should add in a group i.e "Marketing". please guide me that using terminal which command may i write so that the users should added in the group.I does't want to use GUI interface to do it.
View 14 Replies
View Related
Feb 14, 2011
I want to add a user "smith" into marketing group using terminal.Please guide me that how can I do it ?
View 11 Replies
View Related
Jun 20, 2011
How to get all group list of particular user in linux to whom which he is member.
View 3 Replies
View Related
Jul 11, 2011
I'm using nfs to mount the folder /mirror from a server onto a node.
This works, except on the node the user and group are displayed as "4294967294".
On the server: ls -al ./ displays
-rw-r--r-- 1 cu cu 0 2011-07-11 15:08 test1
-rw-r--r-- 1 cu cu 0 2011-07-11 15:08 test2
whereas on the node
-rw-r--r-- 1 4294967294 4294967294 0 2011-07-11 15:08 test1
-rw-r--r-- 1 4294967294 4294967294 0 2011-07-11 15:08 test2
I have usermod and groupmod the username cu to have the same numbers on the node.
On the server: id displays
uid=1021(cu) gid=1007(cu) groups=1007(cu),109(admin)
on the node
uid=1021(cu) gid=1007(cu) groups=1007(cu)
I'm stumpeed as to what the problem could be.
I should perhaps add that the home directory is /mirror/cu (so that the users share the same account when mounted). Not sure if thats relevent though...
My /etc/exports file (on the server) looks like this
/mirror *(rw,sync)
and I do the mount (on the node) with
sudo mount server:/mirror /mirror
View 1 Replies
View Related
Jan 28, 2010
how to delete a user from a group? i am new to this group started linux admin course.
View 4 Replies
View Related
Jul 10, 2010
I am doing rhce course but i am very confused to answer these user and group permissions.the questions are like this...the owner of the /data must be user tom.primary group of /data must be the group sysadmins.the members of the group test must be able to write and create files in the /data.the members of the group web have no access to these directory.the user jack not belong to any of these gropus must have to edit files created in /data.the user tim can only list the contents.
the questions are always like these..i am okay with sgid and sticky bit.but i dnt know where to set default acl and other permissions.
View 3 Replies
View Related
Oct 8, 2010
i try to install bugzilla on suse 11.2. For that i want to add a new user / group to the apache2. I want to add the following commands to the envvars but there is no such file available
export APACHE_RUN_USER=apache2
export APACHE_RUN_GROUP=apache2
View 2 Replies
View Related
Jun 13, 2010
What would be the effect of setting ProFTPd's user and group to the same user and group that Apache use? Are there any security risks in doing this, or is this safe to do?
View 4 Replies
View Related
Jul 5, 2010
My user/group manager in the system>administration menu is missing.Is there a command to get to the user/group manage using alt+f2 in the desktop? Or can i download the user/group manager from Ubuntu Software Center? I searched the Software Center and all i could find was the KUser user manager program... can I download it? Will it work with ubuntu 10.04?
View 3 Replies
View Related
Sep 23, 2010
I made a mistake on my friend's Ubuntu system when trying to get hard drive permissions right. I wanted to add a user to a certain group with usermod -G, but without realising I should also use -a, with the result that the user is now not longer in the sudo group. This is the only (regular) user on the system, which means I can not sudo usermod again to get it right. So what to do? The only solution I can think of is using a live disc to restore the group belongings, but I want to know if there's a quicker way. Also, I don't know what more groups the user was in. Is there a history? Or else, what are the default groups?
View 5 Replies
View Related
Apr 14, 2011
My main account 'dave' runs as admin etc This was the output of 'groups dave': dave adm dialout cdrom plugdev lpadmin sambashare admin I was trying to add dave to the user group 'media-www' and i ran this command: 'usermod -G media-www dave' Then after another 'groups dave':
dave : dave media-www It seems to have removed all the other groups! How do I restore this?
View 4 Replies
View Related
Apr 19, 2010
im trying to implements mercurial repositories using ssh access.The problem is that if a login via ssh with the user "userA" all file upload vi that user are created with the owner: userA:userA and i need to use the group of the parent directory... is that posible ?For example:
repos ( root:repo)
-> project1 ( root:repoPrj1 )
-> file1 ( userA:usearA ) -> here i want userA:repoPrj1
View 1 Replies
View Related
Sep 10, 2009
If user1's main group is genetics and one wants to add him/her to group biochem and to assign biochem as his/her secondary group will the following suffice ?
Code:
$ sudo usermod -G biochem user1
I would like for user1 to have genetics as the main group but also belong to biochem. When user1 creates a file, as he/she belongs to main group genetics, I assume the file will be owned by user1 and group owner will be genetics. Ideally files created by user1 should be accessible to users in group genetics(when permissions are tweaked) but not by individuals in group biochem. However, any files with group owner biochem should be accessible to user1 as he/she does belong to biochem as a secondary group. Would having user1 main group genetics, secondary group biochem fulfil this criteria ?
View 5 Replies
View Related
May 18, 2010
Does anyone know how to change the primary group on a user without changing the password? I've tried updating the /etc/passwd and running usermod -g group userBoth of those does change the group but somehow it messes up the password so the user cannot get in with the same password.
View 5 Replies
View Related
