to clients.conf at all if you don't want to accept requests
from them?
Jonathan Gazeley
Systems Support Specialist
ResNet | Wireless VPN Team
Information Services
University of Bristol
-
List info/subscribe/unsubscribe? See http
--
Jonathan Gazeley
Systems Support Specialist
ResNet | Wireless VPN Team
Information Services
University of Bristol
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
need to install the Data::Dumper module from your package manager,
or from CPAN, or from somewhere else :)
--
Jonathan Gazeley
Systems Support Specialist
ResNet | Wireless VPN Team
Information Services
University of Bristol
-
List info
are running on the backup box, where
I was luckily able to disable automatic updates before they were applied.
Any advice will be gratefully received.
Cheers,
Jonathan
Jonathan Gazeley
Systems Support Specialist
ResNet | Wireless VPN Team
Information Services
University
Jonathan Gazeley wrote:
I have attached the relevant section of my yum.log to show which
packages were updated. The Radius server was tested once every minute
by authenticating with a test account. This was first reported to fail
at 10:48
Sorry - please read that as 13:48, i.e. halfway
Hi Ivan,
This worked perfectly - thanks very much. I guess you have sharper eyes
than me because I mised those lines in the debug output.
Cheers,
Jonathan
Jonathan Gazeley
Systems Support Specialist
ResNet | Wireless VPN Team
Information Services
University
forcing a disconnection?
Cheers,
Jonathan
Jonathan Gazeley
Systems Support Specialist
ResNet | Wireless VPN Team
Information Services
University of Bristol
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
have anything to do with the
AAA process.
Cheers,
Jonathan
Jonathan Gazeley
Systems Support Specialist
ResNet | Wireless VPN Team
Information Services
University of Bristol
-
List info/subscribe/unsubscribe? See http
but was unable to get that to work. The guy who
primarily looks after the WiSMs is away at the moment.
How is interim accounting normally done? I don't mind if the accounting
is pushed or pulled, whatever works.
Thanks,
Jonathan
Jonathan Gazeley
Systems Support
?
Cheers,
Jonathan
Jonathan Gazeley
Systems Support Specialist
ResNet | Wireless VPN Team
IT Services
University of Bristol
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 02/09/2011 10:38 AM, Alan DeKok wrote:
Jonathan Gazeley wrote:
What's the approved method for making radiusd open persistent
connections to an arbitrary database, and then using these handles from
a perl module?
Use static variables in the Perl code. This is really a Perl question
On 02/09/2011 10:33 AM, Alexander Clouter wrote:
However, why do you need to close the handle? Just when you open it, do
your work, store it to the side in a hash and mark it available for use
(remember to add locking as it sounds like your script is threaded).
Please excuse the ignorance -
database handles to its usual radius
database, and N database handles to the vlan database. Querying is much
faster than calling a perl script each time that opens the handle and
does the query.
I hope this is useful to someone else :)
Cheers,
Jonathan
Jonathan
Hi all,
Not directly related to FreeRADIUS but I gather people here have some
experience with Cisco WiSMs and 802.1x.
I'm trying to use radclient to craft a Disconnect-Request packet to
disconnect a user on an 802.1x network. I've checked the RFCs for the
Disconnect-Request packets and I
On 03/10/11 13:48, Alex rsm wrote:
Alan,
Thank you for the response.
How can I build the FreeRADIUS with EAP support? I checked the configure
and Makefile anc couldn't figure it out
No need to edit the Makefile. You need to install a package called
something like openssl-devel and then
on this field when I
analyse my accounting records.
Is there an easy way of doing this?
Cheers,
Jonathan
Jonathan Gazeley
Systems Support Specialist
ResNet | Wireless VPN Team
Information Services
University of Bristol
-
List info/subscribe
Alan DeKok wrote:
Jonathan Gazeley wrote:
What I'd like to know is how to add an extra field to say which virtual
server the request came from, so I can query on this field when I
analyse my accounting records.
Edit the queries schema. Then, use %{Virtual-Server} to reference
Jonathan Gazeley
Systems Support Specialist
ResNet | Wireless VPN Team
Information Services
University of Bristol
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks for your reply.
I've just got round to looking at your SQL statement - I take it you've
had to edit your queries in dialup.conf to get it to insert some extra
fields? If you wouldn't mind, could you post your changes to the
query/queries?
Thanks a lot,
Jonathan
Alexander Clouter
Alan DeKok wrote:
Update the reply. In the inner-tunnel server, post-auth section, add:
...
update outer.reply {
User-Name = %{User-Name}
}
...
Done this, doesn't seem to work. I guess the NAS doesn't accept it.
Tell the NAS which
Alan DeKok wrote:
Update the reply. In the inner-tunnel server, post-auth
section, add:
...
update outer.reply {
User-Name = %{User-Name}
}
...
When added in the inner-tunnel server, this block has no effect on the
content of the Access-Accept packets (as shown
to do, but
maybe this isn't the right thing. Previous tests showed that setting the
outer ID in the uobresnet server does make the NAS use the right username.
If anyone can shed any light on this, I'd be very grateful.
Thanks,
Jonathan
Alan DeKok wrote:
Jonathan Gazeley wrote:
When added
between using an identical piece of code in inner
or outer servers?
Alan DeKok wrote:
Jonathan Gazeley wrote:
Sorry to 'bump' my previous post. I'm at a loss as to why FreeRADIUS
expands the username as expected, but why this username never makes it
back to the NAS. Does anyone have any ideas
Sorry to 'bump' my previous post. I'm at a loss as to why FreeRADIUS
expands the username as expected, but why this username never makes it
back to the NAS. Does anyone have any ideas?
Thanks,
Jonathan
Jonathan Gazeley wrote:
I'm running FreeRADIUS 2.1.1.
My config block in the post-auth
Arran Cudbard-Bell wrote:
As far as i'm aware this has never worked, which is why I still return
attributes from the inner tunnel and get it that way.
eap {
peap {
use_tunneled_reply = yes
virtual_server = local.user.inner
}
}
server
Jonathan Gazeley wrote:
This is pretty much the config I had already. My eap.conf already
specifies a virtual inner server. The only difference was that I had
'use_tunneled_reply = no', so I changed that to 'yes'.
My inner virtual server, 'inner-tunnel' already had an 'update reply'
block
Jonathan Gazeley
Systems Support Specialist
ResNet | Wireless VPN Team
Information Services
University of Bristol
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jonathan Gazeley
Systems Support Specialist
ResNet | Wireless VPN Team
Information Services
University of Bristol
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
t...@kalik.net wrote:
In my my inner-tunnel virtual server, authorize section, I have some
code like this, for sorting users into vlans:
update control {
Tunnel-Type := VLAN
Tunnel-Medium-Type := IEEE-802
Tunnel-Private-Group-Id :=
of
their rsyslog.conf or can simply say how to match the radius syslog
packets, I'd be very grateful.
Cheers,
Jonathan
Jonathan Gazeley
Systems Support Specialist
ResNet | Wireless VPN Team
Information Services
University of Bristol
-
List info
Further to my previous query I've got global server messages being
syslogged to my log hosts.
However, all of my radius magic happens inside virtual servers, which
live in sites-available. I haven't been able to get any syslog packets
sent from within these virtual servers.
I've tried
On 07/06/2009 04:35 PM, Alan DeKok wrote:
Jonathan Gazeley wrote:
However, all of my radius magic happens inside virtual servers, which
live in sites-available. I haven't been able to get any syslog packets
sent from within these virtual servers.
The log section is global. See
generation of radius servers we are preparing are all
virtualised and only have a few GB of disk - so no room for logs.
Cheers,
Jonathan
--
Jonathan Gazeley
Systems Support Specialist
ResNet | Wireless VPN Team
Information Services
University of Bristol
@lists.freeradius.org
[mailto:freeradius-users-bounces+ted.behling=htc.hargray@lists.freeradius.org]
*On Behalf Of *Jonathan Gazeley
*Sent:* Monday, July 06, 2009 12:15 PM
*To:* FreeRadius users mailing list
*Subject:* Re: Syslog and FreeRADIUS
On 07/06/2009 05:02 PM, a.l.m.bu...@lboro.ac.uk wrote
On 08/19/2009 09:45 AM, ganesh nagpure wrote:
Hi,
Hi Ganesh,
Is there any way to change the following thing fron octects to bytes or bits?
Octets are the same thing as bytes.
If i want information about uplink and downlink bit/Bytes how do i get this
information logged in radius log
?
Jonathan.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Jonathan Gazeley
Systems Support Specialist
ResNet | Wireless VPN Team
Information
-User-Name does not have a value.
I'm not interested in the domain in my accounting, so does anyone have
any guidance on how to safely strip/sanitise the usernames?
Thanks,
Jonathan
--
Jonathan Gazeley
Systems Support Specialist
ResNet | Wireless VPN Team
On 10/07/2009 10:44 AM, Ivan Kalik wrote:
I'm seeing a problem with stripping usernames during accounting.
Accounting is done on a separate physical server from the authentication
(which works fine).
Most of our users don't include a domain so their accounting works
normally. Some users do
Hi Jeremy,
I had exactly the same need as you, except I wanted my rollover to take
place on an hourly basis for live accounting.
I found this guide helpful:
http://www.netexpertise.eu/en/freeradius/daily-accounting.html
Regards,
Jonathan
Jonathan Gazeley
I rolled and deployed an RPM of FreeRADIUS 2.2.0. As expected for RPM
packages, it left a number of *.rpmnew files in /etc/raddb.
Trouble is, FreeRADIUS reads these files as live configs and was unable
to start after the upgrade, until I had manually intervened and deleted
the .rpmnew files.
I am migrating and modernising a FreeRADIUS config that was written a
couple of years ago, to make it more modular.
I have written my own uobsql-rnwc module , based on the built-in sql
module. To date, I have been loading this module in radiusd.conf, by doing:
instantiate {
uobsql-rnwc
}
On 14/03/13 14:26, Matthew Newton wrote:
Just put it in the global instantiate section, as above, then use
it in the virtual server.
The point of my exercise is to make my FreeRADIUS config fully modular
in preparation for my suite of RADIUS servers being managed by a config
management tool,
On 09/08/13 10:52, Arran Cudbard-Bell wrote:
Whilst making up features is a fun pastime it's not very productive.
There is one global policy section at the top level. Virtual servers do not
have different policy name spaces.
Hi Arran,
Thanks for this. So you're saying that there can only
On 09/08/13 11:18, Matthew Newton wrote:
On Fri, Aug 09, 2013 at 11:05:47AM +0100, Jonathan Gazeley wrote:
On 09/08/13 10:52, Arran Cudbard-Bell wrote:
Whilst making up features is a fun pastime it's not very productive.
There is one global policy section at the top level. Virtual servers do
We've recently upgraded our radius servers from 2.1.12 (CentOS 6
packaged default) to 2.2.1 (latest stable from FR, built by hand).
A config that used to work under 2.1.12 no longer appears to work the
same way under 2.2.1. Our Cisco WLCs send periodic probes in the form of
a test
On 04/10/13 13:46, Arran Cudbard-Bell wrote:
If I asked particularly nicely, and promised you a beer at the next networkshop
we were both in attendance at, would you be willing to try git head?
I'll roll a v2.2.2_rc0 if it sweetens the deal any? It'd just be really good to
know that that
On 07/10/13 08:40, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
if (Service-Type == NAS-Prompt-User) {
if (NAS-IP-Address =~ /^172\.17\.107\./) {
if (User-Name =~ /^wisms\-testing/) {
update control {
Auth-Type := Accept
}
ouch do you realise how dangerous that is? there
should
On 10/10/13 15:01, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
Any chance you can point me in the direction of these?
heres one:
http://support.microsoft.com/kb/2688798
Semi-related, but to my annoyance we're seeing rather less SSL
resumption than I would expect, given that iOS and Android both do
On 10/10/13 15:03, a.l.m.bu...@lboro.ac.uk wrote:
Samba 4 is lurvely... apparently 100% compatible with existing AD
installations, although, as always, it's a bit finicky and info is a bit thin on
the ground (and I've not written up a guide when I set my test environment up that
uses an S4
49 matches
Mail list logo