Re: [RADIATOR] RADSEC error on Solaris
On 07/08/2013 05:16 PM, a.l.m.bu...@lboro.ac.uk wrote: Mon Jul 8 15:11:21 2013: ERR: Stream write error, disconnecting: Broken pipe Mon Jul 8 15:11:21 2013: ERR: Stream could not setsockopt SO_KEEPALIVE socket for connection to host1.domain.org:2083: Invalid argument this is on Solaris - the connections appear to be open after running but I'm thinking not optimally.. does the server need more admin rights to access socket option...or does Solaris require different code (Invalid argument) Which Perl and Radiator version are you currently running? We have a couple of versions installed with perlbrew and at least 5.12.5 and 5.14.4 do not complain about setsockopt. Thanks, Heikki -- Heikki Vatiainen h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] ERR: Stream sysread for radius1.dfn.de:2083 failed: . Peer probably disconnected
Hi radiator team, I tried to upgrade from 4.9 to 4.11 but I had to stop it due to this error: Tue Jul 9 12:42:25 2013: ERR: Stream sysread for radius1.dfn.de:2083 failed: . Peer probably disconnected. Tue Jul 9 12:42:25 2013: ERR: Stream sysread for radius2.dfn.de:2083 failed: . Peer probably disconnected. It's the same perl Installation and the same host/OS: # uname -a SunOS mizar 5.11 11.1 sun4v sparc SUNW,Sun-Fire-T200 # /radiator/perl-5.12.4/bin/perl -v This is perl 5, version 12, subversion 4 (v5.12.4) built for sun4-solaris Hmm, strange. Do you need more infos? Best Regards Charly -- Karl Gaissmaier Universität Ulm 89069 Ulm/Germany ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] proxying POD reply packets
On 07/05/2013 09:17 PM, Michael wrote: In AuthRADIUS.pm, routine sub handleReply, should Disconnect-Request-NAKed also be listed in the code bellow? I think all types can be proxied back. Good news or bad news, the requestor will surely like to know abou them. Works for me now. The NAKed request now gets forwarded to the original requester (radpwtst). Thanks for reporting the results. If nothing special comes up the additional messages types will be in patches soon. Thanks, Heikki -- Heikki Vatiainen h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] ERR: Stream sysread for radius1.dfn.de:2083 failed: . Peer probably disconnected
Hi Radiator team, regression tests are helpful: git diff Radius/AuthRADSEC.pm for version 4.9 to 4.11: @@ -119,13 +144,15 @@ sub initialize my ($self) = @_; $self-SUPER::initialize; -$self-{Secret} = 'mysecret'; +$self-{Secret} = 'radsec'; the default secret was changed between 4.9 and 4.11 and I used it, arrgh. I called the german-toplevel-eduroam-proxy-operator to chnage the password, and volia it works. Sorry, I'm sure it's somewhere in the relase notes, but 'read the source luke' is always true. Best Regards Charly -- Karl Gaissmaier Universität Ulm 89069 Ulm/Germany ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] ERR: Stream sysread for radius1.dfn.de:2083 failed: . Peer probably disconnected
Using the default isn't secure in any way... BR Alex On 2013-07-09 13:39, Karl Gaissmaier wrote: Hi Radiator team, regression tests are helpful: git diff Radius/AuthRADSEC.pm for version 4.9 to 4.11: @@ -119,13 +144,15 @@ sub initialize my ($self) = @_; $self-SUPER::initialize; -$self-{Secret} = 'mysecret'; +$self-{Secret} = 'radsec'; the default secret was changed between 4.9 and 4.11 and I used it, arrgh. I called the german-toplevel-eduroam-proxy-operator to chnage the password, and volia it works. Sorry, I'm sure it's somewhere in the relase notes, but 'read the source luke' is always true. Best Regards Charly *** T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien Handelsgericht Wien, FN 79340b *** Notice: This e-mail contains information that is confidential and may be privileged. If you are not the intended recipient, please notify the sender and then delete this e-mail immediately. *** ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] ERR: Stream sysread for radius1.dfn.de:2083 failed: . Peer probably disconnected
Am 09.07.2013 14:04, schrieb Alexander Hartmaier: Using the default isn't secure in any way... it's wihtin RADSEC and not RADIUS. Regards Charly -- Karl Gaissmaier Universität Ulm 89069 Ulm/Germany ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] ERR: Stream sysread for radius1.dfn.de:2083 failed: . Peer probably disconnected
On 2013-07-09 14:14, Karl Gaissmaier wrote: Am 09.07.2013 14:04, schrieb Alexander Hartmaier: Using the default isn't secure in any way... it's wihtin RADSEC and not RADIUS. So? You can configure the Secret in an AuthBy RADSEC section the same way you can configure it for a ServerRADSEC. Regards Charly *** T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien Handelsgericht Wien, FN 79340b *** Notice: This e-mail contains information that is confidential and may be privileged. If you are not the intended recipient, please notify the sender and then delete this e-mail immediately. *** ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] ERR: Stream sysread for radius1.dfn.de:2083 failed: . Peer probably disconnected
Am 09.07.2013 14:32, schrieb Alexander Hartmaier: On 2013-07-09 14:14, Karl Gaissmaier wrote: Am 09.07.2013 14:04, schrieb Alexander Hartmaier: Using the default isn't secure in any way... it's wihtin RADSEC and not RADIUS. So? You can configure the Secret in an AuthBy RADSEC section the same way you can configure it for a ServerRADSEC. sure, but we use RADSEC with TLS, the shared secret is just for compatibility in this case. Regards Charly ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] ERR: Stream sysread for radius1.dfn.de:2083 failed: . Peer probably disconnected
On 07/09/2013 02:39 PM, Karl Gaissmaier wrote: the default secret was changed between 4.9 and 4.11 and I used it, arrgh. I called the german-toplevel-eduroam-proxy-operator to chnage the password, and volia it works. Sorry, I'm sure it's somewhere in the relase notes, but 'read the source luke' is always true. Yes, reading the source works always. The change itself is related to aligning the defaults with the RADIUS/TLS aka RadSec RFC: Here's the change log entry for 4.10: http://www.open.com.au/radiator/history.html RadSec is now an official IETF RFC 6614. RFC 6614 is now included in the distribution. In accordance with RFC 6614, the default shared secret for RadSec has been changed to 'radsec', UseTLS is enabled by default, and TLS_RequireClientCert is enabled in Server RADSEC by default. Thanks, Heikki -- Heikki Vatiainen h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator