On 14 Oct 2013, at 16:27, Volker Lieder wrote:
> Hi,
> we tried to calculate it via expr.
>
> How would you calculate it?
Pretty sure the expiration module does exactly this.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.fr
esnt do the job.
Calculate time difference between now at 04:00am and insert it into
Session-Timeout?
If your NAS doesn't implement Session-Timeout then you can use CoA/DM or SNMP.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
pse is messing with the build system, if one
is defined and the other is not, then autoconf/the configure scripts are broken.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
request, vpt) != NULL) {
rcode = true;
} else {
rcode = false;
}
break;
Which works for
if (outer.request:Attribute)
and
if (outer.request)
It's just one of the functions called to convert the enumerated reque
> On 10 Oct 2013, at 18:32, Phil Mayers wrote:
>
> I've just ported our config to 3.0 and I'm seeing a few error messages; they
> don't seem to be critical but are concerning me.
>
> Specifically I'm seeing:
>
> ERROR: Conditional evaluation failed due to internal sanity check.
>
> ...whe
acle.so file. :/
run the configure script in src/modules/rlm_sql/drivers/rlm_sql_oracle and post
the output and config.log file.
-Arran
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ething additional you have to do as well as running the
previous command.
- retry - Repeat the previous command which generated this error message.
*sigh*
-Arran
>
> -Original Message-
> From: freeradius-users-bounces+puzzel1982=gmail@lists.freeradius.org
> [mailto:f
rop OpenSSL in Mavericks and we can do a clean
install without all the stupid deprecated pragmas from another package
management system.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the module directory.
all.mk is a make include not an actual make file.
It should pick up that rlm_sql_oracle has been configured (even if it's not
marked as stable) and build it.
-Arran
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
found. Use
> --with-oracle-lib-dir=.
> configure: WARNING: silently not building rlm_sql_oracle.
> configure: WARNING: FAILURE: rlm_sql_oracle requires: libclntsh libnnz.
> configure: creating ./config.status
> config.status: creating Makefile
Please use version 3.0.0 the configure
reads when using radsec.
Isn't it required for doing any RADIUS over TCP?
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
atter one, as it
> runs a config check on restart (which bails out due to the error above).
Ok that's a legitimate issue and should be fixed.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 9 Oct 2013, at 11:56, Rok Kosir wrote:
> On 10/08/2013 07:09 PM, Arran Cudbard-Bell wrote:
>> On 8 Oct 2013, at 17:44, Phil Mayers
>> wrote:
>>
>>
>>> On 08/10/13 17:01, Rok Kosir wrote:
>>>
>>>
>>>> authentication to my
On 9 Oct 2013, at 11:21, Alex Sharaz wrote:
> you don't know how hard it was to wait till the official release :-)
> A
brew install talloc
brew link talloc
./configure
make
make install
?
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscrib
le !*
> !* Aruba-Admin-Role
>
update reply {
Aruba-Admin-Role !* ANY
}
Will delete all.
update reply {
Aruba-Admin-Role -= "%{reply:Aruba-Admin-Role}"
}
Will delete the first instance.
-Arran
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 8 Oct 2013, at 17:44, Phil Mayers wrote:
> On 08/10/13 17:01, Rok Kosir wrote:
>
>> authentication to mysql), when i run freeradius -X, i get Segmentation
>> Fault when it reaches dhcp listner.
>
> See doc/bugs.
and skip to section 2. :)
Arran Cudbard-Bell
Fre
On 8 Oct 2013, at 15:40, Russell Mike wrote:
> Dear Arran C. Bell,
>
> Thank you very much, i am extremely grateful for your advise and guidelines
> for troubleshoot also. i am currently experimenting a different
> rlm_sqlcounter using CoovaChilli dictionary "All-In-MB". In result, i can
> s
dius-server/blob/v3.0.x/raddb/README.rst
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ule you'll find the user is rejected way way too early.
You also invented "counter-type" and "check-unit" config pairs. The server
isn't magic, just because it doesn't error out, doesn't mean it knows about
those config pairs or will use values assigned to
5integer64
ATTRIBUTE Acct-Output-Octets643006integer64
And specify their value in bytes.
It might actually be an idea to add those to the internal dictionary to make it
a bit easier.
-Arran
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 7 Oct 2013, at 23:23, Arran Cudbard-Bell wrote:
>
> On 7 Oct 2013, at 23:00, Alan DeKok wrote:
>
>> Brian Julin wrote:
>>> You guys are truly obsessed. I get exhausted just reading your commit
>>> logs. :-)
>>
>> It's what I do.
>
ng knowledge of OpenLDAP client library.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
tive users through my StrongSwan server, with the
> simple following command:
>
> # strongswan leases
>
> FreeRadius should be so easy!
It is if you understand SQL, and don't insist on using arcane decade old
modules and utilities.
-Arran
Arran Cudbard-Bell
FreeRADIUS Developmen
Maybe an xlat
method which returns the state of a realm?
-Arran
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
nd
added
a call to set it on all request errors (RERROR, REDEBUG, REDEBUG2, REDEBUG3,
REDEBUG4),
which most, if not all modules use to log errors.
-Arran
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
t; true but we are still seeing stalled module in core messages that we did not
> see with 2.2.0
>
Any chance you could connect to one of the running processes and generate a
core?
-Arran
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to work so we can use the newer version of FR.
We'll be releasing 2.2.2 very soon to fix various issues with unlang. In the
mean time could you try the current v2.x.x HEAD to see if it resolves your
issues?
-Arran
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/s
ce at, would you be willing to try git head?
I'll roll a v2.2.2_rc0 if it sweetens the deal any? It'd just be really good to
know that that particular issue was fixed before rolling out 2.2.2 and then
finding it was something else and having to roll 2.2.3 a few weeks later.
-Ar
oes 2.2.2 fix?
Issue with workers not marking requests are being done correctly. Workers
appear to get hung, leading to issues.
I would upgrade to latest 2.x.x HEAD to avoid disruption if the proxying
functionality is heavily used.
There were also quite a few issues with the policy language.
term to
> search for in devices specifications ...
Look for claimed compliance with RFC3580/RFC4675 in the specifications of your
Access-Point.
-Arran
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
xying is being performed upstream server state will be lost.
It's also dangerous in that if someone has messed with the configurations, or
overwritten the radiusd/freeradius(debian) binary
you'll experience an unexpected migration to the new binary/config on next
restart.
Arran Cudba
gt;> if (Tmp-String-0 != "stop") {
>>
>> }
>>
>> That should work. Ugly, but functional.
>
> this is pretty much what I was going to suggest. ugly, yes. but sometimes
> simple is best.
> and its much easier for a non u
> We want to stop executing the in the first two cases
> ("infected" and "tempsus"), effectively doing something like a return.
Where you have ok in the case stanzas, put
ok {
ok = return
}
-Arran
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List
ve. I hate to pull the
experience card, but i've been working with RADIUS the entirety of my
professional career. I train people who work at telcos on RADIUS
security and RADIUS cluster management. The way you're trying to do this
is wrong.
-Arran
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ttribute by default.
You should see that the home server now refuses to process the request, instead
of continuing with a garbled password.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
>
> Any one have any similar battle scars that I can learn from (server
> performance tweaks, optimizations, etc?). I've optimized as best I can the
> SQL component. This all seems related to the samba/winbind/ntlm_auth.
I'll let someone else answer that one :)
Arran Cudbard-Bel
ity in authorize.
I don't know enough about crazy WiMAX authentication, but i'd guess one of
those SPI values needs to
be cached from the previous round, and checked this round? Maybe someone who
knows more can describe
how it's meant to work.
-Arran
Arran Cudbard-Bell
FreeRADIU
> Are you saying my default file has these sections as empty? Or that the vpn
> clients are sending empty data?
Sections. As the Warning clearly states, sections.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
processing
> retransmitting RADIUS message
> ... #goes on for a while for IPSec, only twice for PPTP
> RADIUS is not responding
>
Could you provide the full debug (radiusd -X).
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
've doesn't changed anything in db... and I haven't custom queries...
Here is a post describing possible causes. I've never seen this with the stock
queries and schema.
http://stackoverflow.com/questions/2332768/how-to-avoid-mysql-deadlock-found-when-trying-to-get-lock-try-
On 25 Sep 2013, at 20:08, Alisson wrote:
> Hi,
>
> I have a lot of logs with deadlocks
Those would be caused by a bug in your custom SQL queries?
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Arran
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 24 Sep 2013, at 18:12, Arran Cudbard-Bell wrote:
>>
>> Note: Comp128-4 (milenage) is still unknown (please contact one of the
>> developers
>> if you have access to it's specification), but just algorithms 1-3 are still
>> useful.
>
>
> A
>
> Note: Comp128-4 (milenage) is still unknown (please contact one of the
> developers
> if you have access to it's specification), but just algorithms 1-3 are still
> useful.
Actually it's not, it's published in the 3GGP standards, neat :)
Arran Cudbard-Bel
se contact one of the
developers
if you have access to it's specification), but just algorithms 1-3 are still
useful.
[1] http://www.hackingprojects.net/2013/04/secrets-of-sim.html
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
s you can set the
attributes required in the users file (files).
-Arran
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problem is that all my
> User-Passwords is database is stored with SMD5-Password attribute and when
> I'm trying it with EAP authentications fails and I get these messages in
> debug:
http://deployingradius.com/documents/protocols/compatibility.html
MD5/SMD5 requires the reference p
hat i should fill in any section ?
> specially in authenticate section that other module need information from
> database (check attribute).
Yes the *-Password attributes, e.g. SHA1-Password, Cleartext-Password etc...
You need to retrieve a 'known good' or 'reference'
rlm_acct_unique module, which were present in the request.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
er to me because I've put EAP-TLS to
> work.
No, the easier way is to complete the certificate chain using the
signing cert which created the client certs in the first place. This needs
to be made available to the EAP-TLS module.
-Arran
Arran Cudbard-Bell
FreeRADIUS Development Team
-
L
On 17 Sep 2013, at 19:02, Wederson Rodrigues wrote:
> I used radtest just to show the attributes that are returning.
>
> I'm using a debian (ppp) as NAS, with the enabled plugins: plugin
> rp-radius.so pppoe.so radattr.so
Even better, RTFS.
Arran Cudbard-Bell
FreeRADIUS
RADIUS rfcs. Consult the manuals for your
NAS to check it is supported, and if that fails contact their support team
and raise a feature request.
I'm not sure which you're returning Acct-Status-Type in an Access-Accept, or
Calling-Station-ID it is not correct/appropriate to insert them
ut this problem.
>
Looks like MySQL (or something else) is closing the connection after one query?
Why don't you trace it and find out.
-Arran
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
x27;s more consistent, and has pretty colours too, ooo look at the pretty
colours.
>> PS has anyone tested it with MariaDB? Wondering if its 100% drop-in
>> compatible?
>
> It's 100% drop-in compatible from what I've seen.
RE the death of MySQL:
http://commu
On 16 Sep 2013, at 13:44, Alan DeKok wrote:
> The list of changes is large:
Seems sort of small to me :)
Here's the changelog:
https://github.com/FreeRADIUS/freeradius-server/blob/v2.x.x/doc/ChangeLog
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscr
servers, instead of waiting a couple of months for the next official release.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
if appropriate.
If you do it the way I suggested I highly recommend you use V3.0.0
(release_branch_3.0.0 or master/HEAD) instead, as the list/attribute handling
is much better.
-Arran
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ate-Group-Id = 2
}
}
}
}
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> It's like you're asking for flying lessons, and showing up with a
> bicycle. There's a bit of a disconnect somewhere.
Not true, they make these awesome little fold up bikes you can chuck in the
back of the plane.
Arran Cudbard-Bell
FreeRADIUS Development Team
xyz.local,serv02.xyz.local"
...
}
libldap handles failover.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 12 Sep 2013, at 16:29, Arran Cudbard-Bell wrote:
>
>> It's like you're asking for flying lessons, and showing up with a
>> bicycle. There's a bit of a disconnect somewhere.
>
> Not true, they make these awesome little fold up bikes you can chuck in the
On 12 Sep 2013, at 11:02, Nikolaos Milas wrote:
> On 12/9/2013 11:47 πμ, Arran Cudbard-Bell wrote:
>
>>
>> --with-rlm-ldap-lib-dir=
>> --with-rlm-ldap-include-dir=
>>
>> Top level configure.
>
> Thanks Arran,
>
> It worked! I have built and
Just because the
server doesn't complain, doesn't mean that the config will actually be used.
The config is parsed to an intermediary format. Only known config items and
sections get any kind of validation. If the config is syntactically correct
then the server will start.
Arran Cudbar
--with-rlm-ldap-lib-dir=
--with-rlm-ldap-include-dir=
Top level configure.
>
> Thanks,
> Nick
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ealm := "ALLOT-SMP"
Replicate-To-Realm += "Procera-SMP"
}
replicate
}
Just be aware there's no retransmission, and any accounting responses received
will be silently discarded.
-Arran
Arran Cudbard-Bell
FreeRADIUS Development Team
On 11 Sep 2013, at 15:37, Nikolaos Milas wrote:
> On 11/9/2013 5:05 μμ, Arran Cudbard-Bell wrote:
>
>> Define production-ready...
>
> Production-ready DHCP Server: A DHCP Server that can be used as such in a
> real-life, mission-critical, organizational environme
admap as to when the software will be
> production-ready, so as to prepare some type of deployment schedule.
Define production-ready...
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
airs, use the -f option, or pipe them
through to stdin.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
k at mailing list history would show you.and the answer is no. dont
> run in debug if
> you dont want to see debug.
Sure, but radtest should probably have a password argument where it does a
secure read from stdin.
FreeRADIUS shouldn't obfuscate passwords in debug, that'd be
there an option to do not show the fiedl User-Password in cleartext?
no. I guess we should do something with it to make it FIPS compliant but it's
not a big priority. You're welcome to submit a patch.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? S
th too often.
> And of course I am trying to do this on the typical budget provided by a
> non-profit such as my college is.
The majority of Universities in the UK and many smaller colleges implement
Eduroam which require 802.1X authentication. It's not terribly expensive
seeing as
sform the MSHCAPV2 responses in the cleartext
password or to a SHA1 password.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fair enough.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a round-robin
FQDN, or set a comma delimited list of servers in the 'server' config item,
libldap handles the failover.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ion 1.x.x? Which doesn't support Cleartext-Password. I think you
can use User-Password as a check item there, but I honestly can't remember.
You might want to consider upgrading.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
caused by installing over the top of a previous
installation, which IMHO is always an extremely bad idea with any unpackaged
software.
-Arran
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dius/openssl-1.0.1c/lib
>
> (and that's the reason it knows about /usr/local/freeradius/config/raddb
> at all)
>
> I believe that way to make "make install" ignore raddb used to work with
> rc0 and numerous GIT snapshots.
I guess we'll have to come up with a proper fix.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
in the
> MS-CHAP calculations. The character set could be UTF-8, or any
> non-standard 16-bit encoding. So the calculation of the NT hash will
> depend on the character set... which is largely secret.
>
> This makes it very difficult to create the *correct* NT hash.
Can't
n
* Fix ./configure --with-shared-libs=no
* Fix crashes related to opaque request data and regular expressions
* Fix heimdal krb5 build
The tarball is available here:
https://github.com/FreeRADIUS/freeradius-server/archive/release_3_0_0_rc1.tar.gz
Arran Cudbard-Bell
FreeRADIUS Develo
p would
> then have to figure out a way to pull the data out in near-real time and
> insert it into their own database, which they would like to avoid.
>
Nah...
Replicate the packet stream, let them do whatever they want with it. That's
usually the easiest way to solve these sorts of issues.
-Arran
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 5 Sep 2013, at 18:08, Ben wrote:
> Hi,
>
> Am I being stupid or what ?
Yes. The main binary is called radiusd, not freeradius.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
h sets
> Auth-Type to "AD".
> Users who are only in local ldap, the module does this automatically.
Ah, fair enough. Just be aware that LDAP bind will be significantly faster
than calling out to ntlm_auth.
Doesn't matter if you've got fairly light auth traffic, but may be a factor if
your server(s) are heaving loaded.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ng ntlm_auth because I just want to check the password
> against AD, am I right?
>
Yes.
update control {
LDAP-BaseDN !* ANY
}
open_ldap.authorize
open_ldap
Or the other way around to auth against AD.
-Arran
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(but not exactly the same)
> while executing my PL/SQL function.
>
> Anyone knows what encode format it is?
=
You can edit safe_characters in dialup.conf to include additional chars that
you don't want to convert.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List inf
quot;profile_attribute" configuration item to
"radiusGroupName". IIRC you also need to use full DNs for the radiusGroupName
values.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
r/blob/v2.x.x/src/modules/rlm_sql/rlm_sql.c#L52
By changing the value of filename. If it's not working you may have a very old
version of FreeRADIUS. You should try upgrading to the latest released version.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
..
> }
>
>
>
> Where should I declare the connection to sqlite file?
With the 'filename' config item, and you need to set database to 'sqlite'
sql {
database = 'sqlite
On 31 Aug 2013, at 13:49, Nikolaos Milas wrote:
> On 31/8/2013 12:03 πμ, Arran Cudbard-Bell wrote:
>
>>> 1. Is DHCP functionality supported against an LDAP Server (in v2.2.0)?
>> Yes.
>>
>>> >2. If so, is there a planned freeradius ldap schema change (in
HCP-* attributes?
No. But you're welcome to submit a pull request.
-Arran
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
s however may not.
version 3.0.0 has queries specifically for sqlite, so you may want to try that.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
one know how?
>
Yeah it's the 'filename' config item in sql.conf.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rtext-Password := "e806882925ce"
>
> #Range of mac addresses:
>
> 94ebcd** Cleartext-Password := "94ebcd**"
DEFAULT User-Password =~ '^94ebcd[0-9a-f]{6}$', Auth-Type := Accept
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 28 Aug 2013, at 15:38, Phil Mayers wrote:
> On 28/08/13 15:11, Arran Cudbard-Bell wrote:
>>
>> On 28 Aug 2013, at 15:01, Phil Mayers wrote:
>>
>>> On 28/08/13 14:49, Arran Cudbard-Bell wrote:
>>>
>>>> Does anyone have a configuration
On 28 Aug 2013, at 15:26, Matthew Newton wrote:
> On Wed, Aug 28, 2013 at 03:11:04PM +0100, Arran Cudbard-Bell wrote:
>>
>> On 28 Aug 2013, at 15:01, Phil Mayers wrote:
>>
>>> On 28/08/13 14:49, Arran Cudbard-Bell wrote:
>>>
>>>> Does
On 28 Aug 2013, at 15:01, Phil Mayers wrote:
> On 28/08/13 14:49, Arran Cudbard-Bell wrote:
>
>> Does anyone have a configuration which gets it down to a single LDAP query
>> for PEAP?
>
> What inner?
MSHCAPv2 - I thought PEAPv0 was only MSCHAPv2?
Arran Cudbard-Bell
s
smaller than a byte.
For boolean does anyone know if they really mean a standard 32bit integer with
the values 0/1, or
if they're wanting a single byte with the values 0/1, or whether it's some
other cisco craziness?
-Arran
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List i
d PEAP, 0x03
> is the client_hello,
># 0x04-0x06 are the EAP-Response that ack server side of the handshake so
> we skip the first 6
># EAP-Response packets from the client. This is a heuristic, might not work
>if ( (EAP-Type == EAP-TLS) && (EAP-Message !~
rocade[8]: unknown option "Brocade"
I've added brocade dictionaries to v2.x.x and master branches.
Use one of those and it'll probably work.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
our format string, and call it from the
inner server.
-Arran
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the ldap module after the eap module in the default configuration
then the default config already does this.
You may also want to consider using the rlm_cache module.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
1 - 100 of 1463 matches
Mail list logo