AW: AW: AW: EAP-TLS Failed in handler question

[PENZ Robert]

Hi!

Phil, thx again for your help - according to Extreme the bug has been fixed in 
summitX-15.2.2.7-patch1-2

PD4-3163943281 802.1x re-authentication fails when EAP ID reaches 255.

This version fixes also a bug we reported which is related to 802.1x

PD4-3271740739 While using Dot1x and MAC-based netlogin on the same port, the 
MAC reauthentication
timer should stop after the client is authenticated with dot1x credentials.

-Ursprüngliche Nachricht-
Von: freeradius-users-bounces+robert.penz=tirol.gv...@lists.freeradius.org 
[mailto:freeradius-users-bounces+robert.penz=tirol.gv...@lists.freeradius.org] 
Im Auftrag von PENZ Robert
Gesendet: Dienstag, 11. Dezember 2012 16:30
An: FreeRadius users mailing list
Betreff: AW: AW: AW: EAP-TLS Failed in handler question

Hi!

Phil, Really BIG THANKS for your help! I'll talk to Extreme Networks.

Robert
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

rlm_ippool does not create DB and IDX files

[John Dennis]

There was a thread back on April 18th with the subject rlm_ippool does 
not create DB and IDX files


There were several incorrect statements and assumptions in that thread 
culminating in it's a SELinux problem. Nope, it's not a SELinux problem.


The fundamental problem is db_dir is set in /etc/raddb/radiusd.conf to 
/etc/raddb. This is incorrect, in fact the comment above the 
initialization of db_dir


# Should likely be ${localstatedir}/lib/radiusd

is exactly correct, it should be /var/lib/radiusd, why?

1) Files under /etc are supposed to be configuration files only

2) The directory /etc/raddb is writable only by root, the radiusd daemon 
is drops root privileges and runs as radiusd:radiusd (by default).


3) Database files are supposed to be located under /var/lib/{application}

In the aforementioned thread the user apparently changed the ownership 
of /etc/raddb and the user:group the daemon was running under creating 
disinformation. If SELinux denied creating the db files under /etc/raddb 
after hacking the ownership and permissions then SELinux in fact 
operated correctly, you're not supposed to create/write database files 
under /etc, that violates the rules for what belongs under /etc.


Instead /etc/raddb should have this line:

db_dir = ${localstatedir}/lib/radiusd

This has been reported as a configuration bug for Red Hat in:

https://bugzilla.redhat.com/show_bug.cgi?id=891297

The above bug report also contains some additional information.

--
John Dennis jden...@redhat.com

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_ippool does not create DB and IDX files

[Alan Buxey]

That's just your/redhat view of the structure. Some might also say /opt is the 
place for things  if only there was a standard that wasn't LSB ;)

alan

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

dictionary_kineto

[Yashaswini Sathyanarayana]

How to add kineto specific attributes to free radius ??

 

 

Thanks  Regards,

Yashaswini | Prod Engg | Tech Mahindra Ltd.
9 / 7 Hosur Road, Bangalore - 560029, India.
(Office: +91 80 40243000, Extn: 3478

Mobile: +91 9611591177

www.techmahindra.com http://www.techmahindra.com/ 

 

 



Disclaimer:  This message and the information contained herein is proprietary 
and confidential and subject to the
 Tech Mahindra policy statement, you may review the policy at a 
href=http://www.techmahindra.com/Disclaimer.html;http://www.techmahindra.com/Disclaimer.html/a
 
externally and a 
href=http://tim.techmahindra.com/tim/disclaimer.html;http://tim.techmahindra.com/tim/disclaimer.html/a
 internally within Tech Mahindra.

#  Kineto Wireless Dictionary
#  dictionary.kineto
#
#  As posted to the list by Swaran Sethi sse...@kinetowireless.com
#
#  Version:   1.02  11-Nov-2005  Swaran Sethi sse...@kinetowireless.com
# $Id: dictionary.kineto,v 1.0.0  2005/11/11 17:00:00 ssethi 
Exp $
# $Id: dictionary.kineto,v 1.0.2  2006/18/04 11:00:00 ssethi 
Exp $
#
#  For documentation on Kineto Wireless RADIUS attributes, see:
#   http://www.kinetowireless.com/
#

# Note: format=2,1 indicates to freeRADIUS that vsaType=2bytes, and vsaLen=1byte
#
VENDOR  Kineto  16445   format=2,1


BEGIN-VENDORKineto

#  Kineto Vendor Specific Attributes Based on UMA Information Elements
#
#   For documentation on UMA Information Elements, see:
#   http://www.umatechnology.org/specifications/index.htm
#   Unlicensed Mobile Access (UMA) Protocols (Stage 3), Release 1.0.4, May 
2005
#
ATTRIBUTEKineto-UMA-Release-Indicator2   octets
ATTRIBUTEKineto-UMA-AP-Radio-Identity3   octets
ATTRIBUTEKineto-UMA-Cell-Identity4   octets
ATTRIBUTEKineto-UMA-Location-Area-Identification 5   octets
ATTRIBUTEKineto-UMA-Coverage-Indicator   6   octets
ATTRIBUTEKineto-UMA-Classmark7   octets
ATTRIBUTEKineto-UMA-Geographical-Location8   octets
ATTRIBUTEKineto-UMA-SGW-IP-Address   9   octets
ATTRIBUTEKineto-UMA-SGW-FQDN10   octets
ATTRIBUTEKineto-UMA-Redirection-Counter 11   octets
ATTRIBUTEKineto-UMA-Discovery-Reject-Cause  12   octets
ATTRIBUTEKineto-UMA-RRC-State   17   octets
ATTRIBUTEKineto-UMA-Register-Reject-Cause   21   octets
ATTRIBUTEKineto-UMA-Routing-Area-Code   41   octets
ATTRIBUTEKineto-UMA-AP-Location 42   octets
ATTRIBUTEKineto-UMA-Location-Status 44   octets
ATTRIBUTEKineto-UMA-Utran-Cell-Identity 49octets
ATTRIBUTEKineto-UMA-Location-Blacklist-Indicator58   octets
ATTRIBUTEKineto-UMA-AP-Service-Name 61   octets
ATTRIBUTEKineto-UMA-Service-Zone-Information62   octets
ATTRIBUTEKineto-UMA-Serving-UNC-Table-Indicator 67   octets
ATTRIBUTEKineto-UMA-Registration-Indicators 68   octets
ATTRIBUTEKineto-UMA-UMA-PLMN-List   69   octets
ATTRIBUTEKineto-UMA-Required-UMA-Services   71   octets
ATTRIBUTEKineto-UMA-3G-Cell-Identity73   octets
ATTRIBUTEKineto-UMA-MS-Radio-Identity   96   octets
ATTRIBUTEKineto-UMA-UNC-IP-Address  97   octets
ATTRIBUTEKineto-UMA-UNC-FQDN98   octets



#  Kineto Vendor Specific Attributes
#

ATTRIBUTE  Kineto-URR-Transaction-Type  0xff01   octets
ATTRIBUTE  Kineto-Location-Key  0xff02   octets
ATTRIBUTE  Kineto-UP-Client-Remote-Address  0xff03   octets
ATTRIBUTE  Kineto-Hand-In-Control-Flag  0xff04   octets
ATTRIBUTE  Kineto-Hand-Out-Control-Flag 0xff05   octets
ATTRIBUTE  Kineto-Billing-Rate-Indicator0xff06   octets
ATTRIBUTE  Kineto-Service-Area-Code 0xff09   octets
ATTRIBUTE  KW_IUH_MESSAGE_TYPE  65408string
ATTRIBUTE  KW_HNB_REMOTE_ADDRESS65409ipaddr
ATTRIBUTE  KW_HNB_IDENTITY  65410string
ATTRIBUTE  KW_HNB_LOC_INFO_MACRO_COVERAGE_IND   65411integer
ATTRIBUTE  KW_HNB_LOC_INFO_GERAN_CELL_ID65412string
ATTRIBUTE  KW_HNB_LOC_INFO_UTRAN_CELL_ID65413string
ATTRIBUTE  KW_HNB_LOC_INFO_GEO_COORDINATES  65414integer