Hi,
clarification/agreement from Stefan or others?
tried the newest GIT this morning and the proxy issues were gone.
I haven't seen your Internal sanity check failed just yet (and am not
looking forward to it :-/ ).
Stefan
alan
-
List info/subscribe/unsubscribe? See http
Hi,
is the firmware on that iPad particularly old? Or maybe your OpenSSL on
the server side?
Things like mismatching cipher requirements or force secure
renegotiation might cause some of these issues.
Greetings,
Stefan Winter
Am 19.09.13 06:27, schrieb val john:
hi guys
we are getting
to make make install ignore raddb used to work with
rc0 and numerous GIT snapshots.
Greetings,
Stefan Winter
Behaviour changes since release_3_0_0_rc0:
* Fixed many more compiler warnings.
* LDAP schemas to load dynamic clients from LDAP
* the control socket is now marked stable
* Added
with the configs lying in
raddb/modules-configuration-information/ and it would be very undue if
the stock build process bails out on failure then during a subsequent
installation.
Greetings,
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de
/raddb/mods-config, and
installed from raddb's own part of make install.
That way, if I move raddb out of the way, nothing bad will happen; both
the current content of raddb and all the script examples will be ignored.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation
non-debug log would not produce any clue that something went
wrong (aside from auth failed), as the error would be an SQL query
error - even though the query is perfectly fine; it's the
post-processing that goes wrong.
HTH,
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
Hi,
http://lists.freeradius.org/pipermail/freeradius-devel/2013-May/008046.html
http://lists.freeradius.org/pipermail/freeradius-users/2013-May/066440.html
I also did everything that Stefan Winter did - gdb live server,
valgrind, look at the source, compare with 3.0 - and got the same
`/usr/local/freeradius/config/raddb/mods-config', needed by
`/usr/local/freeradius/config/raddb/mods-config/perl'. Stop.
Do I need to mkdir and touch all subdirs as well?
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la
-localhost is in my /etc/hosts. I'd expect both of these to work...
no brackets also doesn't work, but that was just my last straw and
doesn't have to work anyway.
Does radtest not support IPv6? I could have sworn it did IPv6 earlier,
but not totally sure.
Greetings,
Stefan Winter
--
Stefan
= 0x0201001401686f73742f544344452d3030303131
Message-Authenticator = 0xe06791a76c819a3dc0f89c8baf2df141
MS-RAS-Vendor = 11
Thanks for any help!
Take care,
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, but as an IPv6 address. Both are unambiguous
and could be auto-detected.
That would add a little user-friendliness for users who didn't have
enough sleep :-)
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6
Hi,
I'd love to try.
looking at GITHUB's master branch, I see that the latest commit was 5
months ago, and the last tag is 3_0_0_beta1 ?
There's also no other branch name that suggests recent versions.
Anything wrong with github?
Stefan
On 16.07.2013 15:15, Alan DeKok wrote:
Stefan Winter
of the FreeRADIUS Server code. Do NOT fork
this. Use the link below instead.
https://github.com/FreeRADIUS/freeradius-server;
And if you do that, you'll get the source.
But wouldn't it be much more useful to send people to the correct URL
immediately?
Stefan
Stefan
On 16.07.2013 15:15, Alan
? Looks like a bug
to me...
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
signature.asc
Description
;
these days, it can mess with mods-available as it likes.
But still, the hygiene I could apply to my config previously was nice.
Any chance to get this back?
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
]: Configuration item
allow_core_dumps is deprecated
/usr/local/freeradius/config/raddb/radiusd.conf[0]: Replace
allow_core_dumps with (null)
Replace with null makes it look like the config parameter doesn't exist
any more; while it simply moved into security { }.
Stefan
--
Stefan WINTER
Ingenieur de
Hi,
On 15.07.2013 10:24, Alan DeKok wrote:
# mv raddb raddb-noinst
# mkdir raddb
# touch raddb/all.mk
# make install
that's easy enough, thanks!
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue
in the sql config is sqltracefile. Maybe that's
it, but with that parameter description, the semantics would be a rather
horrible mismatch.
NB: README.rst doesn't mention the death of sql_log nor that sql (null)
is its replacement.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
issuing actual requests for all my vservers.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
private CAs just as fine and automated as it does
commercial CAs.
Greetings,
Stefan Winter
Arran Cudbard-Bell a.cudba...@freeradius.org
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
with an interface
scope. So
fe80::215:17ff:fed0:d278
simply isn't an IPv6 address.
fe80::215:17ff:fed0:d278%eth0
is the valid address. I don't know if the FreeRADIUS address parser is
prepared to handle such interface-scoped addresses. There's not much use
case for this.
Greetings,
Stefan
string). It only does so if the decoded value from first
round looks like it could be a base64-encoded string (e.g. contains an =
sign very early) AND if your salts are long enough to trick FreeRADIUS
into thinking that there's something to decode still.
Hoping to get this fixed for 2.2.1.
Stefan
Hi,
RADSEC
These days, the more proper answer is: RFC6614
http://tools.ietf.org/html/rfc6614
:-)
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel
, which seems to be a no.
Of course I'm fixing my config by making the yes explicit - but maybe adapting
the defaults in realms.c might be a little more consistent behaviour.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de
this (admittedly not totally
clean), please see my message to -devel on 12 Oct 2012, titled SIGTERM
- SIGSEGV.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359
-message as the reply-message ?
Thanks.
Stefan
P.S.
This is the complete output from freeradius -X:
/usr/sbin/freeradius -X
FreeRADIUS Version 2.1.10, for host x86_64-pc-linux-gnu, built on Sep 11
2012 at 17:06:46
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors
of the realms list.
Sure. Just do exactly that.
Stefan
Is there a better way of doing this?
Thank you,
Bertalan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de
i send request to server using EAP-TLS
authentication method.
Either by using a real EAP supplicant (Windows machine, Mac OS, ...) or
for a command-line test use eapol_test, which is part of wpa_supplicant.
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau
,
Tunnel-Password == password,
Tunnel-Assignment-Id == zzz.xxx.xxx.xxx,
Tunnel-Function == 1,
Tunnel-Local-Name == EXAMPLE.NET
Thanks for any help or hints!
regards
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
at cru.fr. As an
intermediate party, this is all you will get.
Why are you interested in other users' passwords?
Greetings,
Stefan Winter
Thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
Fondation
to the
first alive server in a given pool. So the above *may* do exactly what you
want, with the caveat that the replicated packets won't be retransmitted if
they're lost.
Should work ok in v2.x.x
I will try.
Thanks a lot.
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
to authenticate the user
instead of just performing some kind of synchronisation between the OTP servers.
Because we don't have any multicast-infrastructure, I will try
rlm_replicate.
Do you have some information, which files do I have do modify ?
Thanks for your help.
Stefan
-
List info/subscribe
side.
Best Regards,
Stefan Kuegler
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
providers may use to make
their lives easier, and then maybe we could generate numbers from that.
Don't hold your breath though.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard
and updating original attribute value* by regex, unlang before output of
logging? just for logging purpose. Or it's necessary to use Perl?
See modules/linelog.
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6
Nagios testing).
In 2.2.0 against the old openSSL version, everything works fine -
Access-Accept. Any hints?
Greetings,
Stefan winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
.
If it now works, it was picking up OpenSSL X, and linking against
OpenSSL Y.
Hm, okay... will do.
Stefan
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique
/freeradius/openssl-1.0.1c/include
because configure adds the openssl/ sub-path on its own. Now it works
like a charm (as usual :-) ).
Thanks!
Stefan
Stefan
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe
of non-EAP requests and accounting stuff, too.
Works like a charm.
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
Hi,
Anyway, adding an example would still be nice :-)
Submit a patch, or edit the wiki? :D
Here goes a unified diff - took the statement from sql/mysql/dialup.conf.
Greetings,
Stefan Winter
--- sql_log.orig2012-08-10 11:05:49.690247808 +0200
+++ sql_log 2012-08-10 11:08
how to send stuff to sql_log when an On/Off arrives... guessing
that I'm simply overlooking something.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359
be cute; but it's hard to find - one has to go into the code.
So if I'm right with that, could the documentation in modules/sql_log be
updated for 2.2.0? At least adding it as an example like the others
would be nice.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation
, adding an example would still be nice :-)
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
signature.asc
Description
the tunnel MTU. I'm not
sure what they mean.
How can i get a more detailed debug msg on what is actually wrong.
thx for your help
Stefan
__
www.epb.at
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
it was success or failure
may take longer than that.
Stefan
On 07.08.2012 20:55, Antonio Modesto wrote:
You're right, it worked. The default mikrotik timeout is 300ms, I've set
it to 5000 ms and I've got the right answer. One more question, Though
I'll reconfigure all the timeout's on my nas'es, why
request 780.
Going to the next request
Waking up in 0.1 seconds.
--
kind regards,
Stefan
___
www.epb.at - Your IT Partner in East Austria
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
those later, but debugging there is limited ;(
--
kind regards,
Stefan
___
www.epb.at - Your IT Partner in East Austria
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
am sure that the ubnt clients maybe the problem. now i am thinking of
the next debug steps
--
kind regards,
Stefan
___
www.epb.at - Your IT Partner in East Austria
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-DISCONNECTED - Disconnect event
- remove keys
--
kind regards,
Stefan
___
www.epb.at - Your IT Partner in East Austria
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to make a long-term
prediction, but at least there's no immediate problem in sight.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352
the iPhone nor the server; primary and backup run the
same configuration - synced via SVN.
I can revert back to 2.1.12 on the backup to verify that that fixes it to be
sure...
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
something that never worked, also not with 2.1.12.
Now working fine with 2.2.0-pre.
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352
there is no EAP-SHA1, it does not make sense to add a sha1 { }
section in eap.conf.
The replacements for MD5 in EAP are things like TTLS, PEAP, TLS, and
others. They are mentioned in eap.conf. If you want to get rid of
EAP-MD5, configure one of those.
Greetings,
Stefan Winter
On 11.07.2012 21:17, Si St
== None
Session-Timeout == 0
Context-Name == local
Finished request 2.
Thanks!
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
lscrlstld schrieb:
I want to set a dynamic Session-Timeout for certain groups. For
testing purposes I created a TESTGROUP in the database table
radgroupreply with an entry like this:
id GroupName Attribute Value op
263TESTGROUP Session-Timeout
write, you have a working FreeRADIUS, working openLDAP backend, and have
configured it to do IEEE 802.1X on a WiFi access point.
That is 99% of what eduroam needs. So, what's missing?
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de
one.
This should also explain your subsequent queries below.
Greetings,
Stefan Winter
Staying with the Client IP Address, my next point surrounds the Accounting.
The cui.conf shows that accounting updates the table using Client IP Address
in the search:
accounting_start_query = UPDATE
through the exact same
considerations, and some indeed need TTLS-PAP. If it is unavoidable,
there is a GPLed version of SecureW2 which can deliver TTLS-PAP to older
versions of Windows. I'm sure you can find it on the internet somewhere.
Stefan
On Wed, May 30, 2012 at 8:15 AM, Phil Mayers p.may
Hello,
noone with a hint?
Stefan
On 07.05.2012 11:13, Stefan Winter wrote:
Hi,
at a client's site, I have to some chopping off parts of User-Name,
pretty straightforward, but for some reason it doesn't work (2.1.12):
In inner-tunnel, authenticate, MSCHAPv2 for PEAP:
authenticate
,
Stefan
On 09.05.2012 09:56, Alan DeKok wrote:
Stefan Winter wrote:
noone with a hint?
Hmm... the default return code for things in the authenticate
section is reject. And the update sections just pass through the
*previous* return code.
You might try this as a hack:
Auth-Type MS
Hi,
both methods worked: moving into authorize (but after calling the suffix
module, which sets Stripped-User-Name), and also the ok hack in
authenticate.
We chose to move to authorize, as it's more easily understandable.
Thanks for the help!
Greetings,
Stefan Winter
On 09.05.2012 11:17
instead, which fails too, and used a non-internal
attribute for that name as well. It just won't work.
Is that maybe one of the known quirks in 2.1.12? Would using the current stable
branch work better?
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau
for SHA-1.
Can I get a quick confirmation that the SHA-2 family is not supported
for password hashes? Anything coming up in that regard in 3.0?
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la
if the CA is shipped.
I.e. you don't gain a lot, and spend more money when using a trusted
CA, so in the vast majority of cases, it is the wiser way to use a
self-signed CA.
Greetings,
Stefan Winter
Kind Regards
Uwe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
Please don't write private mail to me with FreeRADIUS questions.
Forwarding to freeradius-users.
Original Message
Subject:ldap-radius integration
Date: Fri, 30 Mar 2012 12:35:53 -0700
From: exu...@gmail.com
To: stefan.win...@restena.lu
could you give me some
server is radius.example.com.
I believe these are the default (shipped) values that come with
FreeRADIUS. Replace them with the *real* login details of your LDAP
admin account.
In general: *read* the debug output and *apply common sense*.
Greetings,
Stefan Winter
P.S.: your Operating System
with unlang. Is there some {%rand} or
anything like that?
Currently I do it embedded in the INSERT:
INSERT ... SHA1(RAND())... INTO someplace
but our MySQL admins don't like me doing that. So I'd prefer to do this
on FreeRADIUS and send a simple string to the DB.
Greetings,
Stefan Winter
-
List info
it operates within a EAP context
and tries to warn of too big data chunks, while there is actually
nothing to warn about.
Greetings,
Stefan Winter
So we applied the below as a test and it works, but I was wondering as to the
wisdom of it...
interestinga RADSEC packet can be much bigger
ftp://ftp.freeradius.org/pub/freeradius/old/
On 11.02.12 03:32, Charles H. Fisher wrote:
I have heavily patched version of freeradius-server-2.0.4 That I
would like to migrate forward to the current version. This requires
that I know what changes were made to the standard 2.0.4. I have not
at all with a self-signed CA.
For Android 4.0 for example, pushing a new CA into the trust store is
hard. Doing it in a non-interactive autoconfig way is to my knowledge
impossible.
So, BYOD is a factor to consider.
Greetings,
Stefan Winter
McNutt, Justin M. wrote:
So I'm getting some pushback
leads to many people asking
the kind of can I upgrade questions we've just gone through.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
)
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
signature.asc
Description: OpenPGP digital
an expiring CA is non-zero - I prefer to do the zero work.
Of course things might change, my CA keys might get too short, and I
might be forced to roll over anyway - there is at least a *chance* that
I can prevent a need to rollover, and so I'll do it. 3011 is stretching
it though, admitted.
Stefan
, or visit a course about RADIUS. The mailing list is about
configuring FreeRADIUS.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel
will still need to restart FreeRADIUS after downloading a new CRL;
re-reading them at runtime is not possible due to glorious openSSL.
Stefan
Thank you
—
Martin Čmelík
2011/11/14 Alan DeKok al...@deployingradius.com:
Martin Čmelík wrote:
nobody knows how setup freeradius to check new CRL
,
do yourself a favour and grab a copy.
Greetings,
Stefan Winter
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
scripts any more (I guess I could
with some systemd-to-INIT legacy support, but I like eating fresh dogfood).
Is there already someone working on systemd description files for
FreeRADIUS? If not, I'll (have to :-) ) give it a go myself...
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de
network and feed them with mixed attributes.
Starent did this in the past, where they had a bunch of QoS attributes in one
Version and a single Attribute (177) to handle them all at once in never
versions.
Regards
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
would be the recommendation, if the RADIUS client is
a RADIUS Proxy server (..in between the original NAS and my FR...)
In that case, %{client:nas_type} won't work, because it would always be
the same (... proxy server)
Would one use %{NAS-ID} instead of %{client:nas_type}?
Stefan
-
List info
I give up...
No time for distorting arguments.
Regards
Stefan
-Original Message-
From: freeradius-users-
bounces+a.freeradius=premit...@lists.freeradius.org [mailto:freeradius-
users-bounces+a.freeradius=premit...@lists.freeradius.org] On Behalf Of
Alan DeKok
Sent: Sunday, October
to configure users QOS,
which is then translated into the specific reply attributes for the NAS, the
user is currently using.
Regards
Stefan
From: freeradius-users-bounces+a.freeradius=premit...@lists.freeradius.org
[mailto:freeradius-users-bounces+a.freeradius=premit
Norbert,
sorry, but you are taking a sledgehammer to crack the nut.
If you read it one of the ideas of having different virtual servers is
separation of policies for different NASses you are right.
Suman was asking on how to send several NASses into the same policy.
Regards
Stefan
real credentials or had
a typo/intentionally put in something different.
The patch is a few sample clients, nothing more.
A nice exercise, for sure, but calling this Pwnage Edition is somewhat
exaggerated. As I read the headline, I expected more bang for the buck :-)
Greetings,
Stefan Winter
a common
schema. You need to configure both sides regarding database hostname,
username, password. Setting it in raddb/* is NOT doing any good.
So, if your dialup admin throws an error - look at the web server's
error log. It will help you much more.
Greetings,
Stefan Winter
Am 19.09.2011 05:14
under surveillance for the rest of the week. By next Monday,
I'll speak up again and let you know if my setup (still) works fine.
Keeps on running like Forest Gump.
Stefan
Greetings,
Stefan Winter
Am 29.08.2011 16:13, schrieb Alan DeKok:
I've put some pre releases of 2.1.12 on the web site
surveillance for the rest of the week. By next Monday,
I'll speak up again and let you know if my setup (still) works fine.
Greetings,
Stefan Winter
Am 29.08.2011 16:13, schrieb Alan DeKok:
I've put some pre releases of 2.1.12 on the web site:
http://git.freeradius.org/pre/
Please let me
Hello,
while you marked lots of stuff in yellow, you missed the REALLY helpful
part:
WARNING: Unprintable characters in the password.Double-check
the shared secret on the server and the NAS!
How about doing exactly that...?
Stefan Winter
Am 05.08.2011 06:14, schrieb fieldpeak:
Hello
with radiusclient.
You could post a *full* debug output of radiusd -X, *including* what's
printed on server startup - it will print out which files it reads for
its configuration.
Stefan
Am 05.08.2011 10:21, schrieb fieldpeak:
Hi Stefan,
Sorry for the confusion, actullay i have checked both
Hi,
your FreeRADIUS Server reads the clients from this file:
including configuration file /usr/local/etc/raddb/clients.conf
which is what you edited - good. Now you have to check where
radiusclient reads its secret from. Can't help you with that.
Stefan
Am 05.08.2011 11:09, schrieb fieldpeak
immediately. Is that unreasonable?
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
signature.asc
to do that, you couldn't be sure that the end device is actually
using that supplicant.
Greetings,
Stefan Winter
on a Ubiquiti PicoStation 2 firmware 5.3.2 (I believe it includes some
form of hostapd, but I'm not sure which version)
Freeradius Version 2.1.9
Clients running Windows 7 or Windows
- and then the process is gone.
Would this behaviour fit to this problem cause?
Worth trying the usec fix in GIT?
Greetings,
Stefan Winter
The server does decoupled accounting, one site has only one module in
accounting, rlm_detail and the other listens on the detail logs with
only one module
in that authorize block.
Stefan Winter
Am 20.06.2011 16:47, schrieb Alan Buxey:
Hi,
It's been a long time since 2.1.10. We're happy to release version
2.1.11, which has many of useful new features, and a number of minor
bugs fixed.
yay! :-) virtual champagne cork released
however, a nice
logged into a different directory than expected.
Thanks again,
Stefan
Am 21.06.2011 11:53, schrieb Alan DeKok:
Stefan Winter wrote:
a similar issue with the config parser here...
The following worked nicely in 2.1.10, but barks with Unexpected text
else (and with the obvious change to elsif
it by reporting some timeouts or other
errors/warnings, but to get them, I need the debug mode, which is too hard
to get written to disk at that transaction rate.
Our FR does MySQL redundant loadbalancing via 6 mysqld to a MySQL Cluster
with memory tables only.
Thanks.
Stefan
-
List info/subscribe
Hi,
The github Facebook logins will work, so it should be *much* easier
for people to contribute to the Wiki.
Ah! Federated login! Any plans to add OpenID? I have this nice OpenID
provider hanging around here...
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau
it, gets redirected
there, and comes back with some token when done.
So, my identity on OpenID is for example
https://clueless.restena.lu/swinter - and that's the input I provide.
The concept is kind of cute, but some people are scared by the
self-assertedness of identity.
Stefan
Alan DeKok
.
Is there a solution for the missing Attribute to be ignored in '||'
conditions i.e. setting it discrete to FALSE, so tht FR is able to evaluate
the rest of the || expression? Would this be advisable?
Thank you.
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
doesn't see it, and there's no auth happening.
As soon as I change the proxy pool definition back to the v4 variant,
things start working again.
That's a bit strange...
Greetings,
Stefan Winter
[1] IPv4 proxy definition:
home_server radius-int-1-v4 {
type = auth+acct
ipaddr = 158.64.X.Y
port
Hi,
That's a bit strange...
Bug #143, fixed in the v2.1.x branch.
Cool! Looking forward to 2.1.11...
Stefan
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau
1 - 100 of 706 matches
Mail list logo
