Hi,
My users file is :
toto Auth-Type := PAP, User-Password == totoPAP
Reply-Message = Hello, %u
My guess is: don't set Auth-Type; PAP can easily be figured out by the server
itself.
Stefan
--
Stefan WINTER
RESTENA Foundation - Réseau Téléinformatique de l'Education
in the field .
Are you using mySQL? It would be great if you could tell us the *exact*
version number.
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359
, capitals and special
characters.
username [EMAIL PROTECTED] password 7 060A5D355C
Dito.
Now that you've told the world your passwords, maybe you should change them.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
[EMAIL PROTECTED] etc]# radiusd -X
Floating point exception
FreeRADIUS doesn't use floating point numbers.
Your system appears to be fairly broken.
Isn't SIGFPE also thrown when dividing integers by zero? So also an
integer-only operation like mod can throw this.
Stefan
--
Stefan
TTLS it several times a day, and FreeRADIUS shows this behaviour only
sporadically.
I now reverted to 1.1.0 in the hope that it's better there. The way it is now
is... disturbing.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
--- Walking the entire request list ---
Greetings,
Stefan Winter
--
Stefan WINTER
RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
RD Engineer
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: [EMAIL PROTECTED] Tel.: +352 424409-1
http
for the transition time.
Greetings,
Stefan Winter
--
Stefan WINTER
RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
RD Engineer
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: [EMAIL PROTECTED] Tel.: +352 424409-1
http://www.restena.lu
in the first place to make that unnecessary. A rwxr-xr-x
sounds better suited.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
.
read_config_files: reading clients
read_config_files: reading realms
Segmentation fault
HTH,
Stefan Winter
--
Stefan WINTER
RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
RD Engineer
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: [EMAIL
back if it fixes the issue.
Tested and worked. It would be great to have that patch in cvs. Nicolas?
Greetings,
Stefan Winter
--
Stefan WINTER
RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
RD Engineer
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Hi,
It's fixed in CVS, and version 1.1.2 will contain the fix.
then maybe 1.1.2 should be pushed out _soon_. The current version doesn't
install correctly on many platforms...
Greetings,
Stefan Winter
--
Stefan WINTER
RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale
to the port they should, but no indication of a received packet. Re-starting
the service did the trick for me as well.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard
. It worked when I manually created lib/ after the
first failed attempt und tried it a second time (SuSE 8.2).
Nicolas Baradakis sent me a patched Makefile, I will try that soon and report
back if it fixes the issue.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique
is to try a make
install, then go into $PREFIX and create the directory lib by hand, then
again issuing make install. But this is something that should be fixed in
the Makefile properly...
Greetings,
Stefan Winter
--
Stefan WINTER
RESTENA Foundation - Réseau Téléinformatique de l'Education
sounds odd if your configuration
relies on that.
The patch would add consistency where it wasn't before, which is a very good
thing IMHO. But I also see your concerns.
Stefan
--
Stefan WINTER
RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
RD Engineer
6
Hi,
as I see, #335 didn't make it. Any particular reason or did it just get lost?
IIRC, adding it was considered okay?
Greetings,
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard
, what's that 1.6.4 all about? Are the CVS versions undergoing some
naming scheme on their way to 2.0? I would look up in WebCVS, but that's
currently down (I couldn't help but grin when I saw that it's a Microsoft IIS
5 telling me Internal Server Error).
Greetings,
Stefan Winter
--
Stefan WINTER
an SQL query that retrieves the first Access-Accept for the
user. You can base your script to delete entries upon that.
Stefan Winter
--
Stefan WINTER
RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
RD Engineer
6, rue Richard Coudenhove-Kalergi
L-1359
:= Accept
That did it. However, I'd like to stick with pure SQL as a backend. Is there
some reason why this doesn't work, or is it just a bug/inflexibility of the
rlm_sql(_mysql) module?
Greetings,
Stefan Winter
--
Stefan WINTER
RESTENA Foundation - Réseau Téléinformatique de l'Education
in lots of places and discussed very often on this list.
Greetings,
Stefan Winter
--
Stefan WINTER
RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
RD Engineer
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: [EMAIL PROTECTED] Tel
:59454, id=214,
length=55 Sending Access-Reject of id 214 to 80.xx.xx.xx:59454
More ideas? Thanks
Sure. Post the complete output of radiusd -X and at least the authorize {}
and authenticate {} section of your radiusd.conf. That will help a lot in
finding the problem.
Greetings,
Stefan Winter
is, is there some more elegant way which
I have just overlooked, or is that it? I am aware that the most elegant way
is to tell the users that things changed, but no.
Greetings,
Stefan Winter
--
Stefan WINTER
RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de
la
{
interface2
}
Autz-Type LDAP3 {
interface3
}
}
That should work, I did a very similar thing just last week :-)
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung
}
files
}
files is before or after Autz-Type lines in the
authorize section?
Now that I think of it... I think I set Autz-Type already during preprocess,
so files could be behind the Autz-Type stanzas. But it should work the other
way around as well.
--
Stefan WINTER
Stiftung RESTENA
without, Accounting-On/Off, processing time will get
slightly larger by running through hints (but given he seldom these packets
usually come, this is negligible).
Greetings,
Stefan Winter
--
Stefan WINTER
RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de
la
Hi,
You don't have to have a User-Name in the request to use that file. If
it isn't there and you need it for further processing you can add it.
Well, no. That's exactly the point: the hints file is *skipped* if there is no
User-Name in the request.
Greetings,
Stefan Winter
--
Stefan
in retrospective) :-)
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1
http
).
Instead of ppp: I also tried lcp: ipcp: and network:. None of this
impresses the AS5300, and turning on debugging didn't reveal what he would
expect instead.
Can someone help out?
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
PAP credentials available,
just treat the AD server like an LDAP server, i.e.: the ldap {} section is
for you. It will use the credentials to bind as the user to AD, and if that
succeeds the user is allowed in.
Greetings,
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de
aren't tagged by hints, even though they have
the same Client-IP-Address as normal packets and normal packets _do_ get
tagged.
Anyone a clue?
Greetings,
Stefan Winter
--
Stefan WINTER
RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
RD Engineer
6, rue
this wonderfully easy... and the way I see the hints file described, I
tend to think it should work. Maybe this can be considered a bug? If yes, I
might look into the code and submit a patch. Just give me a go-ahead...
Greetings,
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de
Hi!
it seems I use wrong keywords for my search in the list and on google.
Have you tried the keyword Captive Portal yet? It leads for example to a
very nice Wikipedia entry:
http://en.wikipedia.org/wiki/Captive_portal
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau
. So, yes, go ahead.
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur de recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: [EMAIL PROTECTED] tél.: +352 424409-1
http://www.restena.lu
if the packets are sent or
not.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur de recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: [EMAIL PROTECTED] tél.: +352 424409-1
http
this *should* work.
It would, if AD would give you the password. But it doesn't.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur de recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email
disassociated, cable was
unplugged etc.
Try adding the two lines
aaa accounting system default start-stop group radius
aaa accounting resource default start-stop group radius
(eventually replacing default and radius for your setup)
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau
? Unfortunately just checking the attributes
delivered by the NAS is not enough.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur de recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email
}
and
authenticate {
Auth-Type LDAP {
ldap
}
}
right? Or would the mschap module be completely obsolete in this case? But
then I don't understand why so many people complain that auth against Active
Directory doesn't work with the LDAP module?
Startled greetings,
Stefan Winter
and sets Auth-Type to MS-CHAP when it sees a
Challenge in the Access-Request. Could this be one of the rare cases where I
have to set Auth-Type manually (to MS-CHAP) get ntlm_auth running?
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education
. But in
order to really use it, you must first wrap daemon glue code around the
libraries, and you must be able to do something with the credentials you get
from that server. Which leads to missing backends again.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau
Active Directory
as a backend authentication and TTLS-PAP for the credential transport you
are pretty much on your own right now.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur de recherche
6, rue
encryption mode ciphers wep128
on the AP and set the option WEP, assigned automatically on the XP box.
And don't ask the freeradius mailing list next time, your problem has nothing
to do with RADIUS.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education
educational RADIUS infrastructure by many countries (some
participants of www.eduroam.org). So, you can probably consider it being
quite stable. It's a pity that it is not being considered for inclusion into
the official source code.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA
displays the other sessions as usual.
Has anyone experienced this? Would upgrading to 1.0.3 help (this server is in
heavy production use and I would like to avoid upgrading if possible)?
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education
for inclusion into the mainline
server, but I didn't hear any further news on this since some time.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur de recherche
6, rue Richard Coudenhove-Kalergi
L-1359
.
Client-IP-Address is a FreeRADIUS internal attribute that is set to the IP
address from whom the request was received, i.e. the source address of the
UDP packet. This is much more reliable than NAS-IP-Address.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique
server component?
After all, this is a list dealing with FreeRADIUS server, not with any
implementation-specific WEP/WPA problems.
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur réseau et système
6, rue Richard
, and (in theory)
arbitrary auth at the client side; mostly, for the client side username +
password are used
- EAP-TLS : certificates on both sides
So, choose your flavor. And read a good book about this stuff before asking
questions on the list.
Greetings,
Stefan Winter
--
Stefan WINTER
keep looking.
Could it be that the entry with the user name is _below_ line 187 and that
perhaps 187 does not set Fall-Through = Yes? Then your entry is never
reached.
But this is just a guess...
Stefan
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
be configured to
send the keying material with CHAP.
I've been as verbose as possible... any comments/advice is appreciated.
Me too.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur réseau et système
. It is in the bug
database under http://bugs.freeradius.org/show_bug.cgi?id=203 where Aland
DeKok considers it for inclusion into a later release.
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur réseau et système
nor clients.conf,
but that has the drawback that the shortname from the logfile gets logged in
radacct as NASIPAddress.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur réseau et système
6, rue Richard
. But you would also need a
device to perform the role of Authenticator, that is an Access Point or
Switch that can speak 802.1X.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur réseau et système
6, rue
Hi!
Any suggestion, how to authenticate only by username?
(any password should be valid).
Any idea?
Auth-Type := Accept
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur réseau et système
6, rue Richard Coudenhove-Kalergi
on names
formatted like [EMAIL PROTECTED] In your case I think it tries to find a
suffix, doesn't, and then uses realm NONE because no realm delimiter is
found. If you turn suffix off, the delimiter \ is found and the request is
set to the DEFAULT realm. Hopefully.
Greetings,
Stefan Winter
for authentication when you check
the box.
Then list these users with the appropriate passwords in your radiusd backend
(smbpasswd in your case). Then it should work.
[At least I think so; someone please correct me if I'm wrong]
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Rseau
match and only takes the attributes
given in that matching section.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur für Netzwerk und System
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail
, but being panicked usually doesn't help to resolve
things.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur réseau et système
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: [EMAIL PROTECTED
in the
documentation (I would just try it out but I could only use our production
server, which I don't particularly like to touch unless necessary). BTW, same
thing for Autz-Type.
At least I find it confusing. Can anyone clarify this?
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA
Hello,
15654:error:0200100E:system library:fopen:Bad
address:bss_file.c:259:fopen('','r')
The system calls is supposed to open a file, but no filename was given. That
is not going to work.
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Rseau Tlinformatique de l'Education Nationale et
CA_file = ${raddbdir}/certs/demoCA/cacert.pem
Make sure these entries exist and that they point to an existing file.
Greetings,
Stefan
--
Stefan WINTER
Fondation RESTENA - Rseau Tlinformatique de l'Education Nationale et de
la Recherche
Ingnieur rseau et systme
6, rue Richard Coudenhove-Kalergi
,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Rseau Tlinformatique de l'Education Nationale et de
la Recherche
Ingnieur rseau et systme
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: [EMAIL PROTECTED] tl.: +352 424409-33
http://www.restena.lu fax: +352 422473
-
List
) in the source, because it leads to an inconsistent behaviour when it
shouldn't.
I'd be happy to provide a (trivial) patch to this problem in the case of b).
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
purposes. You are not admitted access because this user is only for
keepalive checking. |
++--+---++--
Shouldn't the Reply-Message be copied to the outside when use_tunneled_reply
is on?
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA
for authentication.
Note the word required.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur réseau et système
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: [EMAIL PROTECTED] tél.: +352 424409
be configured to forward selectively to multiple destinations.
Finally, my idea was to put a detail module into pre-proxy, but I don't know
how to only log accounting packets.
Does anyone have an idea?
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de
checks with Auth-Type System led to the
failure.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur réseau et système
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: [EMAIL PROTECTED] tél
give
more details if you want specific help.
And what the hell does all of this have to do with Internet Explorer?
Stefan
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur réseau et système
6, rue Richard Coudenhove-Kalergi
L
Hi.
rlm_sql_mysql: Mysql error 'Unknown MySQL server host '/var/tmp' (1)'
Host names are not allowed to contain slashes. You probably just mean
localhost. No need to fiddle around with the internal path names used
_within_ MySQL.
Stefan
--
Stefan WINTER
Fondation RESTENA - Réseau
a
problem with the FreeRADIUS server but with the NAS or Supplicant.
In client eapol file, I found following text which could be a problem.
Nice, problem is just that you didn't post any text.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education
. That's the reason why it disconnects.
[700] 10:06:59:702: ElVerifyEAPOLKeyReceived: Pushing into disconnected
state: Fail count (3) Max fail count (3)
Your NAS vendor seems to have problems with elementary maths. Since when is
3 3?
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA
documentation to tell you what attribute to send.
Greetings
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur réseau et système
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: [EMAIL PROTECTED] tél
for example NAS-Identifier.
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur réseau et système
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: [EMAIL PROTECTED] tél.: +352 424409-33
http
.
This is off-topic since it doesn't have to do anything with the server. But:
uncheck some option named Authenticate as computer when available (or
similar) in the built-in supplicant.
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la
anywhere?
Already there: you can store your clients in an SQL table called nas. You
just have to enable it in sql.conf
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur réseau et système
6, rue
unplugging the cable or powering his system down.
Do enable the NAS to send acct packets then as well, I had to activate
system accounting start-stop messages as well, which send Acct messages on
system events, i.e.: cable unplugged, lost association etc.
Hope that helps,
Stefan Winter
--
Stefan
accessible locally (via NFS or similar) and adjust the configuration of the
RADIUS Server 1 to look not in /etc but the directory where you have the
files imported into.
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
, the user
should not be able to log on with his user data again).
Modify your script so that it also sets the attribute Expiration for the
user you generate. See also the thread Expire attribute from only a few
days ago.
Stefan
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de
Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur réseau et système
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: [EMAIL PROTECTED] tél.: +352 424409-33
http://www.restena.lu fax
values valA, valB and valC, you could set up the check for a
regex:
Reply-Message =~ (valA|valB|valC)
I have read the doc rlm_attr_filter but I haven't find any
information.
Hm, =~ is described exactly in this file.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau
and the other the Reply.
As Alan said, do not confuse that Request message with an all-new Request
from a user to authenticate.
So, don't worry, everything will be okay.
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur
Hello!
Reply-Message == Ok,
Reply-Message == remote radius
Hm, haven't done that yet, but how about trying operator += instead of == for
the second one? I.e.:
Reply-Message == Ok,
Reply-Message += remote radius
Stefan
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de
posted
it on -devel some weeks ago and re-posted it today after not getting any
feedback.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur réseau et système
6, rue Richard Coudenhove-Kalergi
L-1359
anything. Except that
you penetrate the server with malformed RADIUS packets.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur réseau et système
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email
.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur réseau et système
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: [EMAIL PROTECTED] tél.: +352 424409-33
http://www.restena.lu
bell to the server, write a script that
triggers it and put that into exec.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur réseau et système
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email
well.
IIRC, Alan said some time ago that the == operator is preferred? But if thats
the case, why does dialup_admin default to using := anyway?
I am a little confused about that, a clarification would be nice.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau
-style.
Oh, BTW, I believe there is an IOS option where you can instruct the device to
use a specific format for its MAC addresses.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur réseau et système
6
. For example, I have an entry
DEFAULT NAS-IP-Address == w.x.y.z
NAS-Identifier := vpn,
Fall-Through = Yes
and I believe it _does_ fall-through.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la
if the process is still there. Well, it skips the 8-second debug mode
(why is that there anyway?) and doesn't log into /var/log/radtest.log. But
you can see that the server was restarted anyway
in /var/log/radius/radius.log.
Greetings,
Stefan Winter
#!/bin/bash
RESULT=`/usr/local/bin/radtest UserName
Hello!
-rw-r- 1 root radiusd 1346 Oct 5 02:14 cacert.
16520:error:0200100D:system library:fopen:Permission
denied:bss_file.c:104:fopen('/etc/raddb/certs/demoCA/cacert.pem','r')
Well, your file name is cacert. but you configured to look for cacert.pem.
Greetings,
Stefan Winter
.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur réseau et système
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: [EMAIL PROTECTED] tél.: +352 424409-33
http://www.restena.lu
,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur réseau et système
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: [EMAIL PROTECTED] tél.: +352 424409-33
http://www.restena.lu
: GPLv2 licensing is perfectly okay for this
contribution. However, copyright is not at me personally, but the company I
work with:
Fondation RESTENA, 6, rue Richard Coudenhove-Kalergi, L-1359 Luxembourg
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de
at least
continue until sql is instantiated and the nas table is consulted. It could
still exit after that if there are still no clients. My workaround is to put
localhost in clients.conf and all others in the nas table, but again, that is
not very clean.
Greetings,
Stefan Winter
--
Stefan
401 - 495 of 495 matches
Mail list logo