--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP
ing incoming and proxied requests. Any versions or
timeframe would be useful to better understand what changes were done
between the versions.
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy
s that do a lot of
tunnelled EAP and end up caching a lot of sessions.
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+
RADSEC is enabled/running too...)
Do you have an estimate of unique users? Do most of them use EAP such as
PEAP or EAP-TTLS?
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
___
radiator mailing list
radiator@open.com.au
http://www.open
ilently pinning 1.0 is an invitation to continue use of old and weak
> crypto protocols.
>
> Maybe this default could be changed in later versions...
Yes, I'll see that this gets attention.
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS serve
secret or TACACSC+ key is now
possible but managing the encryption keys will be enhanced in the future
releases.
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password,
currently in Radiator is the first release of Radiator part. The
load balancer works currently with NFV only, but will work making it
available as a non-NFV package too.
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS serve
supports StatusServer parameter similar to
RADIUS Clients. Requested by Christian 'wiwi' Wittenhorst.
fideliosim.pl in goodies now binds to 127.0.0.1 by default but
has command line switch to set the addresses to bind.
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, fle
anks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Va
for example sendmsg() and other functions.
The easiest way to handle problems with reply addresses on multi homed
hosts is to use BindAddress, if possible.
Thanks,
Heikki
--
Heikki Vatiainen
Open System Consultants
___
radiator mailing list
radi
required hooks to do that without blocking.
> Which version/patch introduced that feature? Seems I've missed it.
> Would simplify our config quite a bit.
This is in the current 4.16 patches which means it will be part of the
next release but it is still work in progress. In patches, see the en
were two choices:
o the default which is that AuthBy RADIUS returns IGNORE when it has
proxied the request
o Synchronous flag which tells AuthBy RADIUS to wait for the reply
before moving on.
Thanks for your input,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable,
but use what comes with Radiator.
If there will be need for customisation, $self is passed to the hook so
it's possible to call $self->log() to log what is required for failed OTPs.
Thanks again for reporting this,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator:
the credentials can be
encrypted/obfuscated so that they are not in clear text format in the
configuration file. There's initial support for that in the patches.
However, we have not looked at separate products for credential storage.
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the
why they do this?
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP
ss debugging is enabled, while
unexpectedly closed and unsuccessfully established connections are
logged at higher log level.
Maybe you could use trace 4 now to see where the shortlived client
connections come from?
Thanks for your comments,
Heikki
--
Hei
omes with Radiator.
The default check is simply a test if the submitted password equals the
expected password, so there's not much to log. I was thinking about
possible cases where the checks are different and additional logging
would be useful.
Thanks,
Heikki
--
Heikki Vatiaine
earlier.
I'd say the best option is to log any failure reason in the OTP's
VerifyHook if any special logs are needed.
Thanks for notifying us about this!
Heikki
--
Heikki Vatiainen
h...@open.com.au
___
radiator mailing list
radiator@open.com.au
http
ppens
on trace 4 (debug) level.
We also thought about further improvements for unexpectedly closed
connections so that they can be logged and handled more easily. However,
this is the first step before doing further changes.
Thanks,
Heikki
--
Heikki Va
the roadmap for Radiator soon after?
Is there something you are particulary interested in?
I'll ask the others here about publishing more information about the
upcoming features. There's nothing secret about the roadmap :)
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator:
lose).
I also noticed that we can get the peer IP and port from accept directly
instead of calling getpeername(). What is done now is to check accept
return value for success and call getpeername() immediately after that.
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
R
hing StreamServer does better in farm size environments.
I'll see if there's anything more that can be logged too.
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, passwor
essage context. In
other words, depending on the log caller, the call may or may not
include the request that provides Client etc, information.
I'll notify via this list when I have more information about these
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most p
he server side OCSP stapling support.
I will get back to this once there's working code.
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus
accounting requests, which might be useful if you have
accounting enabled.
Thanks,
Heikki
--
Heikki Vatiainen
h...@open.com.au
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
Cisco's MacSec deplyment guide and section '2.2.2 IEEE
802.1X and Master Key Distribution'
http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/deploy_guide_c17-663760.pdf
Thanks,
Heikki
--
Heikki Vatiainen
h...@open.com.au
__
When the EAP-Key-Name is
present, as described above, Radiator will calculate and reply with
EAP-Key-Name in Access-Accept.
Thanks,
Heikki
--
Heikki Vatiainen
h...@open.com.au
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
ase.
Thanks for reporting this. The line has been removed and the fixed
dictionary is in 4.16 patches.
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
ches download page also has the list of
what's been added recently.
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, ext
urable. At least text (similar to like trace 5 packet dump),
pcapng and JSON will be supported.
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platyp
ck look at the packaging docs did not
say anything about this so maybe this needs a check.
> I'm not very experinced debian package mantainer, in fact this my first
> and the only one package ;)
Thanks for sharing this! I'll get back to this once I have done some
experimenting with Debian, and p
ers for errors, warnings and notices:
>
> Trace 2
> Identifier radiatorlog
> Filename%L/radiatorlog
>
>
>
> Trace 2
> IgnorePacketTrace
> ...
>
>
Thanks,
Heikki
--
He
t known yet. If the inner
EAP-Message contains the identity, then it could be used for the first
message when EAPAnonymous %0 is configured. However, this is not in
Radiator or Radiator patches yet.
I hope the above clarifies how EAPAnonymous %0 works currently and why
you will see empty User-Name w
expecting a single line response --short-otp generates.
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, A
oint. We have used our own YubiHSM so that's why the
sample config is also geared towards running your own server with the
possibility to specify the server output format.
Thanks for letting us know about this. We'll take a look at the longer
response format.
Heikki
--
Heikki Vatiainen
LogFormatHook file:"%D/format-influx.pl"
LogSuccess 1
LogFailure 1
Filename %D/users
AuthLog myauthlogger-influxdb
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIU
ould also make it easier to add accounting and debug log
forwarding too since they can already be formatted when written to files.
If you need help with logformat hook, just let me know. I am interested
in helping you with this.
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiato
don't
have any specific advice, but maybe you could describe what/how the
eduroam config is problematic with the NATed configuration. Are the
eduroam root servers expecting to see Radiator server addresses directly
instead of F5 IPs?
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
ket dump:
> *** Sending to 10.240.1.1 port 20004
There are multiple retransmits back and forth and the authentication
does not proceed.
I would check the Wi-Fi controller logs and make sure it is receiving
the responses from Radiator.
Thanks,
Heikki
--
Heikki Vatiainen <h...@o
ackage.
> It simply doesn't dispatch to the inner handler! Am I missing to install
> something?
It's the AuthBy INTERNAL that's causing this. See if you have an older
configuration and compare what has changed.
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most
he Radiator reference manual section '5.31.19
ReplyHook' and '5.31.20 NoReplyHook'. Search for ReplyHook in the
configuration samples in Radiator distribution gooodies/ directory.
https://open.com.au/radiator/ref.pdf
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator:
p-check'
request attribute
6) The new Handler processes the request and does just the OTP verify
Please note the above is untested, but I'd say it should match how the
two phase authentication should go.
Please let us know if the above helps,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Rad
ry/how-global-catalog-servers-work(v=ws.10).aspx
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Acti
to Nick Lowe for letting us know about this.
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS
ng the authentication request. This can
happen if it does not like the authenticator in the reply and discards
the reply without processing it any further.
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. S
his:
- becomes
- becomes
- becomes
The Handlers are matched in the order they appear in the configuration
file.
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password,
base
> connections.
Ok, I was thinking about the case when just one DB object needs to be
changed which was not the case you had. Thanks for the clarification.
> if it is ok with you just let it go in as it is.
Yes, that's fine. Thanks again!
Heikki
--
Heikki Vatiainen <h...@open.com.
r) and we're
> back to normal. Even if we do have to deal with lock-step duplicates
> for the rest of the conversation, though, it still seems better to move
> forward and complete the authentication rather than having to start over
> from the very beginning.
And in any case all authentica
of sending a new RADIUS request with
the resent EAP response. It does get hairy :(
However, even if Radiator does not resend EAP requests, correctly
rejecting the RADIUS requests should keep the RADIUS server up from the
perspective of NAS while allowing the client to recover by doing
reauth
ion enabled (and it's not on by default) and I
have not seen any problems related to this.
That comes to the main topic, thanks for the extensive debugging and the
logs you have gathered. We'll check the duplicate handling too and I
will get back to you, and the list, when I have something to re
On 16.11.2015 13.32, a.l.m.bu...@lboro.ac.uk wrote:
> seems fussy about the upper/lower case eg
I'll see that this gets changed. I'd say case insensitive check is
enough here.
Thanks for reporting this!
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable,
elated to lengths of some of the varchar type fields.
The migration instructions are here, but the changes are for different
tokens and their management:
http://www.open.com.au/radmin/migration.html
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portab
hat they can be done with (if TLS 1.2 is support
and can be enabled etc.).
Besides Android 6, some of the recent Linux distributions ship with
wpa_supplicant that will try to use TLS 1.2, just like Android 6 does.
The working TLS 1.2 support should keep these users happy too.
Thanks,
Heikki
--
Hei
ware and then reload your old data:
I would not do this yet but try the steps first.
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus,
he RadSec Gossip features.
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,
oo.
>
> return;
> }
Please let me know if the original should go into goodies or if there's
anything you'd like change before it gets added.
Thanks!
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
a
instance that did the full authentication, then resume is possible. The
number of requests that need to be exchanged is similar for both
resumption methods. If there's a large farm of servers that can come and
go, then there might be a case, but there's still the question of there
are any EAP cli
s nothing in the patches yet.
We thought about adding them as configuration options instead of
creating separate modules. Most of the differences are just in
overriding the next hop selection algorithm for correct balancing.
Any comments and suggestions are welcome. The proxy algorithm changes
s
in goodies EAP-TLS, EAP-TTLS and PEAP
sample files.
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Director
r later, so we'll need to change the offending code to work with
older versions too. In case someone tries this patch with Perl 5.22, the
warnings related to changed code will also be taken care of. The updates
will be available in the patches as usually.
Thanks,
Heikki
--
Heikki Vatiainen <h.
So the question is: is this supported by the clients and what the need
for this would be?
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platy
at it also matches the alias name
Cisco-VPN-WebVPN-Content-Filter-Parameters, it's now an integer.
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Pl
using SQL and
other backends will be available later.
Please let us know if you have any questions or comments!
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, passwo
that support TLS v1.2 such as Apple iOS 9, OS X 10.11 El Capitan
and Android 6 Marshmallow.
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Pl
diator.
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX
at it for a while trying to determine what was being sent inside the
tunnel, and didn't figure it out).
'PEAP Authentication Failure' is only logged when client responds with
failure instead of success (the EPA Extensions Result TLV on page 59
diagram).
Thanks,
Heikki
--
Heikki Vatiainen h...@open.com.au
reconnection control behaviour,
provided by the checkbox in the GUI, to see what it really does. For
example, does it affect the TLS handshake.
Heikki
--
Heikki Vatiainen h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS
to earlier. Did you have time to
see if there were any AD policies that may have affected PEAP fast
reconnect? In any case, I'll do some testing with the settings too.
Thanks,
Heikki
--
Heikki Vatiainen h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere
with 4.15. If you are changing your
configuration, you may want to see the change log and consider upgrading
to the latest version too.
Thanks,
Heikki
--
Heikki Vatiainen h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP
us know if you have time to look at them
in more detail.
Also, thanks for the idea of debugging EAP contexts. A hook with a some
code that previously collects information about the request sounds like
a good idea. I've made a ticket about this for us to look at too.
Thanks,
Heikki
--
Heikki
during SIGHUP or periodic SQL reload for the unchanged clients. I
do not yet know when this might happen, but I've made a ticket to
request this.
Thanks!
Heikki
--
Heikki Vatiainen h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM
or nodes table? Is it something you have created locally?
Thanks,
Heikki
--
Heikki Vatiainen h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external
On 19.8.2015 18.42, Heikki Vatiainen wrote:
I have just sent you the 5.20 ActivePerl 64 bit PPM. I thought it might
be a good idea to not send binaries to all list members.
Win32-Lsa PPMs are now available in Radiator 4.15 patches for ActivePerl
and Strawberry Perl.
Strawberry Perl comes
the
compatibility with the upcoming Apple and Android versions. This (TLS
1.2 support) was discussed on this list last month.
Thanks,
Heikki
--
Heikki Vatiainen h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS
is 49.
I see it uses RPC calls to domain controllers.
This might be Radiator authenticating the TACACS+ users when they log in
to the client devices. For example, AuthBy LSA could cause the traffic
you see.
Thanks,
Heikki
--
Heikki Vatiainen h...@open.com.au
Radiator: the most portable
on. In other
words, Radiator talks to the host it runs on, not directly over the network.
Thanks,
Heikki
--
Heikki Vatiainen h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside
5.18
ActivePerl comes with Net::SSLeay 1.69 and OpenSSL 1.0.2d, so the
bundled software seems to be quite recent.
Thanks,
Heikki
--
Heikki Vatiainen h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT
to compile something from the CPAN, but since the compilers are
not wanted on the servers, then I'd say it might be best to skip CPAN.
I'll get back to you once I have more info about Win32-Lsa for
ActivePerl 5.20 or 5.22.
Thanks,
Heikki
--
Heikki Vatiainen h...@open.com.au
Radiator: the most
received over the new
connection, can you try it to gather some additional logs?
I can get back to you with the enhanced logging tomorrow.
Thanks,
Heikki
--
Heikki Vatiainen h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP
, we'll update the installation instructions to be more clear that
the ppms now come with Radiator. We thought it would make sense to
distribute them with the Radiator distribution package instead of
requiring a separate download.
Thanks for your patience,
Heikki
--
Heikki Vatiainen h
--
Heikki Vatiainen h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP
this can be problematic because of local
policies, etc., so that's why we'd like to see that Radiator works with
the system supplied modules too.
Are the clients Apple clients or are you seeing Android or Windows
clients using TLS 1.2 too?
Thanks,
Heikki
--
Heikki Vatiainen h...@open.com.au
Radiator
::SSLeay and OpenSSL
combinations TLS 1.1 and 1.2 can be left enabled.
Thanks,
Heikki
--
Heikki Vatiainen h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM
choice too.
I noticed your other message too, and failing to start might be too
severe action to take. I'd rather see Radiator defaulting to TLS 1.0 in
this case and logging a message that TLS 1.1 and 1.2 are not available.
Thanks,
Heikki
--
Heikki Vatiainen h...@open.com.au
Radiator: the most
has a change that seems
relevant.
--
Heikki Vatiainen h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC
--
Heikki Vatiainen h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP
, that fixed the problem for Net::SSLeay and
Radiator too.
Thanks,
Heikki
--
Heikki Vatiainen h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active
might be visible there, as David's
findings hint.
Thanks,
Heikki
--
Heikki Vatiainen h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active
On 16.7.2015 18.10, Hartmaier Alexander wrote:
On 2015-07-16 15:07, Heikki Vatiainen wrote:
There's also an example of how to use a custom module, possibly modified
from Radius/LogFormat.pm, to change the formatting or add new formats.
I know because I was the one who requested the feature
want to take a look at this document if they plan
to experiment with TLS versions and ciphersuites.
Thanks,
Heikki
--
Heikki Vatiainen h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus
, TLSv1 is the minimum so
SSLv3 is not possible which means what you can use is TLSv1 or better.
Thanks,
Heikki
--
Heikki Vatiainen h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus
on Strawberry Perl 5.20 or 5.22.
Disabled AuthBy DBMFILE checks from test.pl on Windows meanwhile this is
investigated.
Updates to EAP-MSCHAP-V2 and EAP-pwd identity handling. See OSC security
advisory OSC-SEC-2015-01.
--
Heikki Vatiainen h...@open.com.au
Radiator: the most portable, flexible
be needed to
understand what happens. In case you do not want to send the log to this
public list, please send them to me directly. I can then send a summary
to the list to describe what happens and how to fix it.
Thanks,
Heikki
--
Heikki Vatiainen h...@open.com.au
Radiator: the most portable
individual instance(s) and the direct
'kill -USR...' is a good hint how to do this.
Thanks,
Heikki
--
Heikki Vatiainen h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside
to see
if the instances are starting to have problems processing all the
requests. If this happens, the queue management can log the problem or
start additional instances. Other useful features include log routing,
as you mentioned, maybe as a control plane service too.
Thanks,
Heikki
--
Heikki
to process the logs to your
log storage system. Especially when you use debug logging, the logs will
contain non-ascii characters. There's currently no option to make sure
all characters in log messages are from e.g., us-ascii.
Thanks,
Heikki
--
Heikki Vatiainen h...@open.com.au
Radiator: the most
a custom module for your local logging
requirements.
[1] https://en.wikipedia.org/wiki/Gossip_protocol
[2] https://wiki.mozilla.org/Security/Server_Side_TLS
--
Heikki Vatiainen h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files
and goodies/logformat.cfg. The
LogFormatHook is already present in 4.14 and the patches now have more
examples about how to use it. You might be able to use the hooks to make
sure the logs are formatted as required.
Thanks,
Heikki
--
Heikki Vatiainen h...@open.com.au
Radiator: the most portable
it calculates its
expected value. You should not rewrite it for plain MSCHAPv2.
Thanks,
Heikki
--
Heikki Vatiainen h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside
On 9.6.2015 15.05, Christian Kratzer wrote:
On Tue, 9 Jun 2015, Heikki Vatiainen wrote:
snipp/
It should now return accept or reject, not a challenge. If it accepts,
it will tunnel MS-CHAP2-Success back to the client with the accept.
this seems to lead to the problem in our setup.
We have
1 - 100 of 996 matches
Mail list logo