NdK wrote:
Il 20/01/2012 21:46, Alan DeKok ha scritto:
Yeah, I've gone and fixed that. git is nice for updating web pages.
Still there's Then, fine the mschap module. s/fine/find/ :)
Fixed, thanks.
BTW, in a real AD setup, with AD servers used as DNS, there should be no
need to setup
Il 20/01/2012 11:55, Phil Mayers ha scritto:
If that's really all you've changed, there must be something wrong with
Samba; it's getting the final crypto blob wrong, and the client is
dropping the packets. You'll need to investigate and fix this.
Just tested with radtest (have had to use
Mschap v1 doesn't validate the reply from server to client, which is what is
failing with eapol_test. Therefore you're not testing the same path.
Try using a local i.e. non samba user to test. I am sure the problem is with
your samba daemon.
--
Sent from my phone. Please excuse brevity and
Phil Mayers p.may...@imperial.ac.uk wrote:
Mschap v1 doesn't validate the reply from server to client, which is
what is failing with eapol_test. Therefore you're not testing the same
path.
Try using a local i.e. non samba user to test. I am sure the problem is
with your samba daemon.
--
Sent
I mentioned exactly that last week but he disregarded it!
Subject: Re: eapol_test giving up and win-like error?
From: p.may...@imperial.ac.uk
Date: Mon, 23 Jan 2012 10:12:08 +
To: freeradius-users@lists.freeradius.org
Phil Mayers p.may...@imperial.ac.uk wrote:
Mschap v1 doesn't
Il 23/01/2012 11:02, Phil Mayers ha scritto:
Mschap v1 doesn't validate the reply from server to client, which is what is
failing with eapol_test. Therefore you're not testing the same path.
So radtest isn't actually equivalent to eapol_test. It's just another
step for testing.
Try using a
Any advice on a segfault situation...?
Jan 23 13:29:17 LX800476 kernel: [1366692.780725] freeradius[23459]:
segfault at 8 ip b7461326 sp b5105988 error 4 in
libc-2.7.so[b7403000+155000]
Running a backports verison of freeradius on Debian Lenny:
2.1.10+dfsg-2~bpo50+1, 2.6.26-2-686 on Vmware
Arnaud Loonstra wrote:
Any advice on a segfault situation...?
Upgrade.
I cannot reproduce it on a test server and it only happens in
production. Probably a load thing...?
Possibly.
I could upgrade to current stable version in git,
Upgrade to the v2.1.x branch in git.
I could
On 2012/01/23 03:20 PM, Alan DeKok wrote:
I could upgrade the OS
(Lenny to Squeeze). Debugging from this backports version seems an
impossible road? Or I could install the -dbg version and perhaps run the
server in a screen session? However I have experienced it won't crash if
run in debug
Johan Meiring wrote:
I can confirm the same problem.
Version is freeradius-git downloaded about 4 days before 2.1.12 was
released.
Running with -X it runs forever. (About two months now)
Without, it crashes about once a week.
Well, the only thing I can see which could be it is the
On 01/19/2012 11:25 AM, James wrote:
Hi,
I've successfully set up a radius server to support 802.1x
authentication using peap mschapv2 and samba to authenticate users
against AD.
To do this I followed configuration on the freeradius.org website and
the AD integration howto on
On 01/23/2012 02:44 PM, Alan DeKok wrote:
Johan Meiring wrote:
I can confirm the same problem.
Version is freeradius-git downloaded about 4 days before 2.1.12 was
released.
Running with -X it runs forever. (About two months now)
Without, it crashes about once a week.
Well, the only
Hi,
Version is freeradius-git downloaded about 4 days before 2.1.12 was released.
I'd say go to 2.1.12 - why run a version from GIT that is older than the
released version (there were quite a few fixes in the last couple of days
before 2.1.12 was released)
alan
-
List
Hi,
On Mon, Jan 23, 2012 at 02:13:55PM +0100, Arnaud Loonstra wrote:
Jan 23 13:29:17 LX800476 kernel: [1366692.780725] freeradius[23459]:
segfault at 8 ip b7461326 sp b5105988 error 4 in
libc-2.7.so[b7403000+155000]
Running a backports verison of freeradius on Debian Lenny:
Thank you for the help. In addition to removing the unix option from the
/sites-available/default authorize section, I also had to remove the
'encryption schema = ssha' from /modules/pap in order for it to work. I was
also able to comment out password_attribute = userPassword from modules/ldap
Hello all,
I just wanted to ask how could I make FR to use either users file or sql
to send attributes based on the NAS ip address.
I suspect that I would need to use ulang for that. Something like:
if(NAS-IP-Address == NAS A IP) {
use sql
}
else
{
use users file
}
I'm just wondering
Hi,
Hello all,
I just wanted to ask how could I make FR to use either users file or sql
to send attributes based on the NAS ip address.
I suspect that I would need to use ulang for that. Something like:
if(NAS-IP-Address == NAS A IP) {
use sql
}
else
Alan,
My original reply was confusingly brief. I've clarified below, and I've also
put the module we wrote into github in case it helps:
https://github.com/claudebrown/freeradius-server/compare/master...rlm_tagfiles
(about 60 lines of C beyond usual module plumbing; 250 lines in total)
Alan
Bjorn,
Thanks.
You don't even need to be that careful. Just run a read-only mysql
slave instance locally on the radius server and all mysql-related
performance problems will vanish.
We didn't try this.
Our design goal is:
- 250K users all needing to get on the network at the same time
-
Il 23/01/2012 14:48, Arnaud Loonstra ha scritto:
But I reckon you could also do something like that in post-auth section
if (Ldap-Group == cn=mygroup,ou=groups,o=radius) {
update reply {
Tunnel-type = VLAN
Tunnel-medium-type = IEEE-802
Tunnel-Private-Group-Id = 1
}
}
I
On 24 Jan 2012, at 08:23, NdK wrote:
Il 23/01/2012 14:48, Arnaud Loonstra ha scritto:
But I reckon you could also do something like that in post-auth section
if (Ldap-Group == cn=mygroup,ou=groups,o=radius) {
update reply {
Tunnel-type = VLAN
Tunnel-medium-type = IEEE-802
21 matches
Mail list logo
