a...@netconnect.ro wrote:
All is well when there's no load but at certain times it
happens that one of the tables must be locked for 2 or 3 seconds
One response is to use a real database. Something as critical as a
database shouldn't lock for 2-3 seconds.
(snapshot
and purge on a memory
Alan DeKok-2 wrote
Because you only have one server. Split the server into two
processes. One listens on network sockets and writes to the detail
file. It shouldn't do anything else. Another reads from the detail
file and writes to SQL.
I think this might just work will try it out
Hi Fajar,
i made everything from:
- enable sql in accounting section of sites-available/default
- enable sql in session section of sites-available/default (and
sites-available/inner-tunnel, if you use EAP)
- uncomment simul_count_query in sql /*/ dialup.conf
but it doesn't work((
13
On Wed, Dec 14, 2011 at 3:34 PM, tolik_shavlov...@mail.ru
tolik_shavlov...@mail.ru wrote:
Hi Fajar,
i made everything from:
- enable sql in accounting section of sites-available/default
- enable sql in session section of sites-available/default (and
sites-available/inner-tunnel, if you use
'..but it doesn't work'
This is a meaningless statement without providing this list the important thing
to help you with, ie the output of 'radius -X' - to show what happens when 1
client connects and then tries to connect simultaneously. There is really no
point in just saying you've done xyz
So what us your decoupled accounting using?
alan
--
Message may be brief as it has been sent from my mobile
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
tolik_shavlov...@mail.ru wrote:
i made everything from:
- enable sql in accounting section of sites-available/default
- enable sql in session section of sites-available/default (and
sites-available/inner-tunnel, if you use EAP)
- uncomment simul_count_query in sql /*/ dialup.conf
but
/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
- /usr/local/var/log/radius/radacct/10.169.33.11/detail-20111214
(50) detail :
/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
expands to /usr/local/var/log
Alan,
sorry for wasting your time. I said that i am new in FR and I understand that
problem is ME.
I just asked to indicate what exact is wrong, I supposed that maillist was
created for such purposes.
Again sorry, for waisting your time.
14 декабря 2011, 13:05 от Alan DeKok-2 [via
2011/12/14 Толик Шавловский tolik_shavlov...@mail.ru:
Dear Fajar,
here is the debug:
Why on earth did you cut down the log?
As Alan said, you need the output of 'radius -X' - to show what
happens when 1 client connects and then tries to connect
simultaneously.
Your log only show ONE user
tolik_shavlov...@mail.ru wrote:
I just asked to indicate what exact is wrong, I supposed that maillist
was created for such purposes.
The whole point of asking questions is to read the responses. You
have not been doing that.
The point of mailing lists is to help people who want help.
Толик Шавловский wrote:
SQL doesn't SELECT COUNT(*) from radacct. Is this a problem of sql
configuration?
You have been told many, many, times what is necessary for accounting
data to be put into SQL. *Weeks* later, you still don't understand.
We cannot help you if you refuse to read
Angelica Delgado wrote:
I am using a certificate from incommon for eap/peap setup. It works with
Windows 7 when validate certificate is enabled but not with Windows XP.
Windows XP works only without
the certificate validation. Following is the error that I am getting with
Windows XP
On Tue, Dec 13, 2011 at 6:16 PM, KatsuroKurosaki joaquims...@gmail.com wrote:
Then I need Accounting to be sync between servers A and B, because if server
A fails, when Server B receives the request, prints on the screen Received
logout request, but no Login was received, and same happen on
I'm not sure why the Simultaneus-use is so hard to setup...
1. turn on sql inside accounting section
2. turn on sql inside session section
3. be sure that NAS works properly (sending Interim-Updates)
4. insert Simultaneus-Use := X (where X is number you want to allow)
inside radcheck table..
Fajar A. Nugraha-2 wrote
FR shouldn't print that. What do you mean it prints on the screen?
I mean: while debugging ( /freeradius -X/ ) I have Server A as primary and
server B as secondary (or back-up, fail-over,...). Then: I do a login
process, and Server A is running, I'm logged in with
KatsuroKurosaki wrote:
I mean: while debugging ( /freeradius -X/ ) I have Server A as primary and
server B as secondary (or back-up, fail-over,...). Then: I do a login
process, and Server A is running, I'm logged in with no problems, and
suddently server A fails (stopping the service). Then
On Wed, Dec 14, 2011 at 5:15 PM, KatsuroKurosaki joaquims...@gmail.com wrote:
/[radutmp] expand: /var/log/freeradius/radutmp -
/var/log/freeradius/radutmp
[radutmp] expand: %{User-Name} - pruebas
rlm_radutmp: Logout for NAS SurfLabs Phys port 2151677953, *but no Login
record*
Perhaps you may want delivering PIN to user's cellular over SMS. Anyway
Freeradius seems not to be enough, at least you would need some external
database and web server - both for creating and storing PINs. I did the task
using FR, Apache and MySql. As I see, my concept is quite similar to
Alan DeKok-2 wrote
KatsuroKurosaki wrote:
I mean: while debugging ( /freeradius -X/ ) I have Server A as primary
and
server B as secondary (or back-up, fail-over,...). Then: I do a login
process, and Server A is running, I'm logged in with no problems, and
suddently server A fails
Hi,
I require to simulate and test the RADIUS ACCESS_REQUEST message with PPAC,
Update Reason Service Type Parameters in the packet and ACCESS_ACCEPT with
PPAQ(VQ/DQ, VT/DT). Any radius client which supports setting these two
parameters and send ACCESS_REQUEST message how to set the response
Ratnesh Sinha wrote:
I require to simulate and test the RADIUS ACCESS_REQUEST message with
PPAC, Update Reason Service Type Parameters in the packet and
ACCESS_ACCEPT with PPAQ(VQ/DQ, VT/DT). Any radius client which supports
setting these two parameters and send ACCESS_REQUEST message
Yes.
KatsuroKurosaki wrote:
And this is what I'm trying to configure, server A send the packet to server
B, and vice-versa. Server A won't handle all requests, for example, if we
have 50 NASes, 25 will handle requests to server A and B as fail-over, and
the other 25 will handle requests to server B
Hi Rudolf,
So it can be done, that's what I wanted to know really. I appreciate that all I
am going to get is dual-passwords (1 LDAP, 1 Pin) but this will lift the level
of security somewhat, and make it far harder to guess simple Username/Password
combinations.
Thanks,
Peter
Perhaps you
On Wed, Dec 14, 2011 at 6:08 PM, KatsuroKurosaki joaquims...@gmail.com wrote:
What I meant was, AFTER you enable copy-acct-to-home-server and stuff,
have you ACTUALLY send an accounting packet to server A? If yes, it
SHOULD display some things (like writing to a detail file), and then
there
On Wed, Dec 14, 2011 at 5:39 AM, Sušnik Rudolf rudolf.sus...@telekom.si wrote:
Perhaps you may want delivering PIN to user's cellular over SMS. Anyway
Freeradius seems not to be enough, at least you would need some external
database and web server - both for creating and storing PINs. I did
Does peap needs xpextensions even though we are not using client
certficates? I got the certificate from Incommon cert service.
Thanks.
On Wed, Dec 14, 2011 at 3:34 AM, Alan DeKok al...@deployingradius.comwrote:
Angelica Delgado wrote:
I am using a certificate from incommon for eap/peap
Hi,
i'd like to forward accounting requests to multiple locations. We use radius
accounting not just for billing/accounting but also monitoring, tr069
configuration and other stuff so we need multiple locations to send the
information to.
I have found the home_server_pool stuff but the policys
Angelica Delgado wrote:
Does peap needs xpextensions
YES. ALWAYS YES.
even though we are not using client
certficates? I got the certificate from Incommon cert service.
So you didn't follow the instructions on how to create certificates,
and you didn't read the many documents which
Florian Lohoff wrote:
A duplicate policy would be what i was looking for. Acknowledge the
packet to the sending NAS and sending requests to all final systems
and waiting for their acknowlegde.
This can be done.
A limit in queue or storage capacity
would be acceptable e.g. max 1000
Hi,
On Wed, Dec 14, 2011 at 05:45:17PM +0100, Alan DeKok wrote:
Florian Lohoff wrote:
A duplicate policy would be what i was looking for. Acknowledge the
packet to the sending NAS and sending requests to all final systems
and waiting for their acknowlegde.
This can be done.
A
Thanks for the help, I will redo the certificates.
On Wed, Dec 14, 2011 at 10:39 AM, Alan DeKok al...@deployingradius.comwrote:
Angelica Delgado wrote:
Does peap needs xpextensions
YES. ALWAYS YES.
even though we are not using client
certficates? I got the certificate from Incommon
Florian Lohoff wrote:
For most of my purposes i dont care about systems not available for a longer
period as backend systems take care on synchronisation.
Then why replicate via RADIUS? Why not synchronise via the backend?
In the past 15 years i have seen a lot of broken Radius
On Wed, Dec 14, 2011 at 07:13:05PM +0100, Alan DeKok wrote:
So submit a patch which implements accounting replication which (a)
doesn't write to disk, and (b) is robust in the event of temporary
process/system failures.
I don't think you can satisfy both requirements at the same time.
Does the SSID needs to match the common name of the certificate or it can
be an alternative subject?
Thanks.
Angela
On Wed, Dec 14, 2011 at 11:42 AM, Angelica Delgado angelicadel...@gmail.com
wrote:
Thanks for the help, I will redo the certificates.
On Wed, Dec 14, 2011 at 10:39 AM, Alan
Hi,
Does the SSID needs to match the common name of the certificate or it can
be an alternative subject?
SSID has nothing to do with it - its the CN from the RADIUS server that needs
to match in your 802.1X settings on the client
alan
-
List info/subscribe/unsubscribe? See
Can you please provide a URL that I can use for reference?
Thanks
On Wed, Dec 14, 2011 at 4:24 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
Hi,
Does the SSID needs to match the common name of the certificate or it
can
be an alternative subject?
SSID has nothing to do with it -
Hi,
Can you please provide a URL that I can use for reference?
what is it that you need or want? the RFC for 802.1X authentications
via the EAP methods? Is there a particular issue you are trying to resolve
here?
alan
-
List info/subscribe/unsubscribe? See
Hi,
Thanks!
Is there a way that I can set log level in RADIUS to make it log like when in
debug mode? Coz I cannot trace exactly what causes the 'Invalid user' log in
RADIUS. I have already confirmed that for this case it is not the password. So
now, I'm left to look into other causes.
On Wed, Dec 14, 2011 at 3:58 PM, Det Det det.explo...@yahoo.com wrote:
Hi,
Thanks!
Is there a way that I can set log level in RADIUS to make it log like when
in debug mode? Coz I cannot trace exactly what causes the 'Invalid user' log
in RADIUS. I have already confirmed that for this case
On Thu, Dec 15, 2011 at 6:58 AM, Det Det det.explo...@yahoo.com wrote:
Hi,
Thanks!
Is there a way that I can set log level in RADIUS to make it log like when
in debug mode? Coz I cannot trace exactly what causes the 'Invalid user' log
in RADIUS. I have already confirmed that for this case
I want to know which reference I can use to make a certicate request for a
third party ca. This certificate is for peap with mschap v2. In terms of
adding the extensions for peap.
Thanks.
On Dec 14, 2011 5:48 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
Hi,
Can you please provide a URL
I have a setup such as:
NAS Freeradius Proxy Freeradius Auth
Periodically the NAS (different company and outside of my control)
gets rebooted and when it starts up it sends thousands of simultaneous
requests to the radius proxy, which in turn forwards them all to the
appropriate freeradius
On Fri, Dec 9, 2011 at 11:36 PM, Michel Bulgado mic...@casa.co.cu wrote:
In conclusion what we discussed, my Linksys router when accounting packets
sent after authenticating my user, but not shown or at least are suppressed
by TTLS. is not so?
So should I change the mechanism to use!
Like
On Thu, Dec 15, 2011 at 9:11 AM, Nathan M locu.li...@gmail.com wrote:
I have a setup such as:
NAS Freeradius Proxy Freeradius Auth
Periodically the NAS (different company and outside of my control)
gets rebooted and when it starts up it sends thousands of simultaneous
requests to the
Fajar A. Nugraha l...@fajar.net escribió:
On Fri, Dec 9, 2011 at 11:36 PM, Michel Bulgado mic...@casa.co.cu wrote:
In conclusion what we discussed, my Linksys router when accounting packets
sent after authenticating my user, but not shown or at least are suppressed
by TTLS. is not so?
So
Angelica Delgado wrote:
I want to know which reference I can use to make a certicate request for
a third party ca. This certificate is for peap with mschap v2. In
terms of adding the extensions for peap.
Microsoft has web pages on this.
READ eap.conf. It explains this in excruciating
Hi,
Our provider is sending the calling-station-id usually larger than 50
characters while the schema for RADIPPOOL table in MYSQL has defined this field
for 30 CHARACTERS. because of this we are seeing unusual behaviour in IP
address assignment as first 35 characters are same for all users
On Thu, Dec 15, 2011 at 1:19 PM, Hitesh Vinzoda hiteshvinz...@yahoo.com wrote:
Hi,
Our provider is sending the calling-station-id usually larger than 50
characters while the schema for RADIPPOOL table in MYSQL has defined this
field for 30 CHARACTERS. because of this we are seeing unusual
49 matches
Mail list logo