Alexandre Chapellon wrote:
The servers will have to communicate with each other before handing
out IP addresses.
Is it a featured in freeradius?
No. That code would need to be written.
I thought about it but not managing a huge number of ippool (for
different type of users,
Freeradius 2.1.0.
I have a NAS which sends a NAS-Port-Id attribute in the range
2147483648..2164260863. PostgreSQL doesn't like the query Freeradius
performs. It's choking when trying to insert for instance
'2163214239::integer' into the radacct table.
$ select 2163214239::integer;
ERROR:
Alexandre Chapellon wrote:
Sorry i made a mistake with my patch:
Thanks. I've added that patch in.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Vegard Svanberg wrote:
I have a NAS which sends a NAS-Port-Id attribute in the range
2147483648..2164260863. PostgreSQL doesn't like the query Freeradius
performs. It's choking when trying to insert for instance
'2163214239::integer' into the radacct table.
$ select 2163214239::integer;
Dear Alan,
FR 2.1.1 running under Solaris 10 x86 creates a core dump when using EAP
PEAP/MSCHAPv2.
Chris Howley
bash-3.00# radiusd -X
FreeRADIUS Version 2.1.1, for host i386-pc-solaris2.10, built on Sep 25
2008 at 12:42:55
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
* Alan DeKok [EMAIL PROTECTED] [2008-09-26 11:07]:
$ select 2163214239::integer;
ERROR: integer out of range
It's treating the number as a signed 32-bit integer, and the number is
greater than 2^31.
And the NASPortId field in the default schema is VARCHAR, not integer.
Hmm...
Alan DeKok wrote:
Vegard Svanberg wrote:
I have a NAS which sends a NAS-Port-Id attribute in the range
2147483648..2164260863. PostgreSQL doesn't like the query Freeradius
performs. It's choking when trying to insert for instance
'2163214239::integer' into the radacct table.
$ select
Chris Howley wrote:
FR 2.1.1 running under Solaris 10 x86 creates a core dump when using EAP
PEAP/MSCHAPv2.
...
[peap] Got tunnled request
EAP-Message = 0x0207000c01656475726f616d
Segmentation Fault (core dumped)
Please read doc/bugs. It gives instructions that can help give
Just got the same coredump here. Here's a first debugger backtrace (have
to recompile to get more details). Seems to be triggered by a MacOS X
machine trying to use PEAP.
Session established. Decoding tunneled attributes.
Identity - teleportd-iMac
Got tunnled request
EAP-Message =
You say 10.0.32.x is on a different network than 10.0.42.x?
What's your netmasks and your routing table like? What network is your
client on and what network is your server on? Can you ping the server (or
access it in any way) from the client?
This is really more a basic networking question than
Peter Eriksson wrote:
Just got the same coredump here. Here's a first debugger backtrace (have
to recompile to get more details). Seems to be triggered by a MacOS X
machine trying to use PEAP.
OK. I've pushed some fixes to git.freeradius.org.
Alan DeKok.
-
List
FreeRadius 2.1.0 directly to the Access Point (with a response received
via Proxying to the same 1.1.7 server):
...
Sending Access-Accept of id 6 to 192.168.160.158 port 1036
Vendor-Specific =
0x013711348565439b6986f71bfa7425319eac8dd791f24936bc66a8cdd928a91c9c4343958ef040212
Peter Eriksson wrote:
Yes. But it's *not* being printed as MS-MPPE-Recv-Key, which means
you've broken the dictionaries somehow.
Hmm.. Strange. Since I haven't touched the dictionaries at all.
Well, the only way that the MS attributes are printed as
Vendor-Specific is if the MS
Michael Schwartzkopff wrote:
Think about using DRBD.
It's very often more efficient to implement application-aware
replication. i.e. replication that knows about the data it's contents.
Using DRDB may be much higher overhead than simply proxying RADIUS
packets.
Alan DeKok.
-
List
Hello Alan,
I have upgrade to 2.1.1 however still the same effect with perl to lc the
usernames
perl_pool: item 0x2043d70 asigned new request. Handled so far: 1
found interpetator at address 0x2043d70
rlm_perl: RAD_REQUEST: NAS-Port-Type = Ethernet
rlm_perl: RAD_REQUEST: Service-Type =
el access point tiena la IP 10.0.31.40 y esta incluida dentro de
raddb/client.conf, olvidemos la IP 10.0.42.250 porque me conecte a esa red
para otro tema.
El servidor esta en la 10.30.1.x y no hace falta que esté en la misma red
porque son VLAN ruteables. Haciendo ping responde bien.
¿cual
Vendor Specific Attribute (26), length: 59, Value: Vendor:
Microsoft (311)
Vendor Attribute: 16, Length: 51, Value:
...D...1.RX...dt..F..x4..}...F...I..j..L..%O!..'
0x: 0137 1035 009d be22 4487 0b90 31ab
The '1035 00' is odd. The extra '00'
Peter Eriksson wrote:
Any suggestions on where I should start adding debugging
printf's/debugger checkpoints in order to try to pin-point
this problem?
src/lib/radius.c, rad_encode, and the attr2vp functions.
Am I correct in assuming the keys in question are generated in
On Fri, 2008-09-26 at 17:31 +0100, John Horne wrote:
Hi,
I have installed FR2.1.1 onto a test server, built using the Fedora
rawhide RPM source. No problems building and installing FR, but when I
start FR it seems to immediately stop. The radius.log file just shows:
Fri Sep 26 17:20:58
John Horne wrote:
Hi,
I have installed FR2.1.1 onto a test server, built using the Fedora
rawhide RPM source. No problems building and installing FR, but when I
start FR it seems to immediately stop. The radius.log file just shows:
Fri Sep 26 17:20:58 2008 : Error: Failed to
stat
I have opened the following bugzilla to request the SELinux policy be
updated to allow for the new unix domain socket:
https://bugzilla.redhat.com/show_bug.cgi?id=464199
--
John Dennis [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[suffix] No '@' in User-Name = \ aduserr, looking up realm NULL
This is nothing to do with perl. There is a bug in handling \r in
username. It is seen as carriage return and I can see it in sql
queries (converted since it is not a safe character). Try a username
that doesn't start with r and
Alan DeKok a écrit :
Alexandre Chapellon wrote:
The servers will have to communicate with each other before handing
out IP addresses.
Is it a featured in freeradius?
No. That code would need to be written.
I thought about it but not managing a huge number
Why enabling replication? Isn't it possible to have one centralized
database for all radius server?
Ahem, even a single radius server is so much faster than the database.
That arrangement is doomed.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
I have purchased a Linksys SLM248G switch that has 802.1x support. I am
new to radius server and would like to use this switch to authenticate
ports for a lab to a freeradius server. I have installed freeradius
2.1.0 on freebsd 7.0 system.
It is the default configuration for FreeRadius
[EMAIL PROTECTED] a écrit :
Why enabling replication? Isn't it possible to have one centralized
database for all radius server?
Ahem, even a single radius server is so much faster than the database.
That arrangement is doomed.
Well, actually here is how i wanted to set things up:
On Fri, Sep 26, 2008 at 3:05 PM, David Blackman [EMAIL PROTECTED] wrote:
I have purchased a Linksys SLM248G switch that has 802.1x support. I am
new to radius server and would like to use this switch to authenticate ports
for a lab to a freeradius server. I have installed freeradius 2.1.0 on
Alexandre Chapellon wrote:
I'm not sure *any* RADIUS server has this functionality. It's usually
done as part of the database replication, etc.
Why enabling replication? Isn't it possible to have one centralized
database for all radius server?
You really don't want that. RADIUS
Alexandre Chapellon wrote:
Each radius have a local mysql database to locally store accounting data.
If nothing will be querying those databases, I suggest *not* using
SQL. It's just not needed.
Each local database is replicated to a central database which couls be
used too as a redundancy
John Dennis wrote:
If that's not the problem you're encountering then the only other thing
I can think of is that you're not running the service from an effective
uid of root. When the server starts up it will have a uid of root but
then drop it's privileges to radiusd (not sure if the socket
Alan DeKok a écrit :
Alexandre Chapellon wrote:
Each radius have a local mysql database to locally store accounting data.
If nothing will be querying those databases, I suggest *not* using
SQL. It's just not needed.
Right, nothing will query the database directly on radius
Alexandre Chapellon wrote:
Right, nothing will query the database directly on radius servers.
Then don't put a database there.
But i
really need to have one central database that will be queried by webapps
to let users know about thier quota left, time of connection etc...
Then put a
Again, using *one* database for *many* RADIUS servers is very likely
wrong. i.e. it will be slow, fragile, and is likely to not meet your
needs of high availability.
Alan is saying a single MySQL instance is fragile because it's a single
point of failure.
Clustered SQL is bad because
33 matches
Mail list logo