Zhang, Ge (Gina) wrote:
Thanks for your advise. I ran radiusd with valgrind. The only leak when
processing a request is in rlm_wimax.
After I fixed it, I still see RES memory increases with each request
processing. Could you please help with
the following questions?
1. Where does the
Lindsay, Joel wrote:
I am using ubuntu and wanted to install freeradius. After installing
the default unbuntu version of freeradius, I realised that it does not
support WiMAX. I then removed the old version, downloaded the latest
version of freeradius (2.1.8) and built my own package
Hi all,
I'm a ICLoS's software engineering and I'm developing a WiMax ASN.
I had already develop the client authentication and authorization modules for
freeradius 2.1.8, successfully (EAP-TTLS). Now I'm building the Radius
Accounting module but I have a problem with the Request-Authenticator
Alessio Grasso wrote:
I'm a ICLoS's software engineering and I'm developing a WiMax ASN.
Well... this is the FreeRADIUS list. It's for questions about FreeRADIUS.
I think it's wrong to calculate HMAC-MD5 (is it exactly the same to the case
of Authentication Request?). I'm studing on the
Actually I have seen this issue on Ubuntu myself. In the source code there is
a file which references stable modules. I found it necessary to edit that
file and add rlm_wimax in order to have the wimax module compiled.
David
-Original Message-
From:
Well,
proxying is activated in this config, so the server doesn't do EAP at
all. Instead, it proxies the request to example.com on IP 1.2.3.4. Is
that what it is supposed to do?
Stefan
Am 30.03.2010 16:03, schrieb David Peterson:
I cannot figure out where this new server is going awry. From
Hello!
See the packet info below:
rad_recv: Access-Request packet from host 168.2.8.28 port 5001, id=142,
length=121
User-Name = licheng
EAP-Message = 0x0201000c016c696368656e67
Message-Authenticator = 0xb11d9a0d22d86cfb58038fe5832a9f9a
NAS-IP-Address = 168.2.8.28
NAS-Identifier =
Hi -
The acct-session-id attribute has the length defined as =3 in RFC 2059.
Is anyone aware of any practical limitations on the length of this
attribute?
Does FreeRadius support the length of this attribute to be let say 300bytes,
and are you aware of any other Radius servers that may have
I am setting up freeradius 2.1.6 and seem to be stuck on how do I go about
setting up my ldap module to search multiple basedn if the user is not found
in the first? I have four that I need to search in my LDAP tree but cannot
figure out the correct way to make it search more than one. I feel like
Good afternoon guys!
I am running version 2.1.6. The server is currently doing 802.1x authentication
for network devices. Some devices are PCs and users use their Windows domain
user/password to login. The rest are special network equipments and I use MAC
address authentication bypass to
Hi,
I am using FR 2.1.1, for host x86_64, with LDAP 802.1x/WPA + OpenLDAP
for wireless network access. I've found that some clients using
EAP-PEAP using mainly Windows Vista sends notebook credentials despite
that is disabled automatically use of credentials...
There are a few log entries like
Check if you have this enabled in radiusd.conf
mschap {
with_ntdomain_hack = yes
}
realm ntdomain {
format = prefix
delimiter = \\
ignore_default = no
ignore_null = no
}
and
I am receiving certain accounting attributes as hex encoded strings, and
I would like to convert them back to cleartext ASCII before sending them
to MySQL.
I can't simply update the SQL with UNHEX() functions, as not all of the
requests are hex encoded this way.
If I could use perl, I would
CaiMuzhang wrote:
Notice the NAS-Port = 268517377. It should represent the ID of the
port, from which the packet is sent. But when I look up the MIB info of
the switch, I can't find such an ID of the port. Instead, the base port
number is another integer. How can I get this number (say
Marlon Duksa wrote:
The acct-session-id attribute has the length defined as =3 in RFC 2059.
See RFC 2865 for the most recent definition of RADIUS.
Is anyone aware of any practical limitations on the length of this
attribute?
RFC 2865 limits the maximum length of an attribute.
Does
Rob Brickhouse wrote:
I am setting up freeradius 2.1.6 and seem to be stuck on how do I go
about setting up my ldap module to search multiple basedn if the user is
not found in the first? I have four that I need to search in my LDAP
tree but cannot figure out the correct way to make it search
Difan Zhao wrote:
So I want to make all rest devices to be authenticated. It will be even
better if I can assign them to a specific VLAN. I was reading
./sites-avaliable/default and I found that forcibly accept the user
(Auth-Type := Accept). Where do I put it? I tried:
post-auth {
Aaron Paetznick wrote:
I am receiving certain accounting attributes as hex encoded strings,
Why? Which attributes are they?
and
I would like to convert them back to cleartext ASCII before sending them
to MySQL.
I can't simply update the SQL with UNHEX() functions, as not all of the
Alan,
Thank you for quick reply!
However if you can fool the NAS to let it believe that the device is
authenticated, will the switch also send an EAP success message to the
laptop to fool him as well?
If the laptop is configured to use PEAP and to validate certificate,
then you are right,
Difan Zhao wrote:
However if you can fool the NAS to let it believe that the device is
authenticated, will the switch also send an EAP success message to the
laptop to fool him as well?
No. Even if it does, the laptop will ignore it. There is no
substitute for running the authentication
Thanks Alan.
Why do you think that anything longer than 64bytes would be hard to
implement in NASes?
Marlon
On Tue, Mar 30, 2010 at 3:37 PM, Alan DeKok al...@deployingradius.comwrote:
Marlon Duksa wrote:
The acct-session-id attribute has the length defined as =3 in RFC
2059.
See RFC
I'm receiving User-Name and various Cisco-AVPair attributes as hex.
The situation is complicated. We have a Calix NAS doing something
called DHCP-triggered RADIUS accounting through a Cisco ASR. This means
neither vendor wants to accept responsibility, and here we are.
I just thought it
Marlon Duksa wrote:
Thanks Alan.
Why do you think that anything longer than 64bytes would be hard to
implement in NASes?
That's not what I said. I said I don't expect it to work.
If you want to know why, ask the NAS vendors who write horrible code.
*My* code works.
Alan DeKok.
-
List
Uh... Guess you are right... I thought it was something easy but looks
like it's not! I will let the hotel know that there is nothing we can
do. I guess the hotel will give up after I tell them that I have
consulted with the programmer lol. BTW this Freeradius is awesome
program. Very flexible and
Thanks Arran, but I'm already pretty clear on how to update variables in
the request. I just don't know how to go about adding the logic to
convert hex/octal strings to ASCII values in unlang.
This is untested, but my current line of thinking is to modify the
queries in sql.conf with
25 matches
Mail list logo