Hi All,
I've been tinkering with rlm_perl for a few days now, and found it to be
fairly simple
and straight forward. However, there is something that I'm a little unsure
about it's possibility,
so I would like to address the list about it.
My aim is to have my rlm_perl script connect to a
Hello,
first you have to check if your perl is thread safe. perl -V | grep
THREAD will show.
And based on that info you can have 2 choices:
1) perl threads present
In this case you should use special subroutine called CLONE and
initialize socket here. This sub is called when rlm_perl is
Thanks, that helps a bunch.
Another question, may be non related. Anyone has an idea how does OpenSER and
FreeRadius
calculate the Digest response for rlm_digest?
According to the output of my rlm_perl RAD_REQUEST, I'm getting the following
request from
the OpenSER server:
rlm_perl:
On Tue 24 Jul 2007, FreeRadius-ML wrote:
Thanks, that helps a bunch.
Another question, may be non related. Anyone has an idea how does OpenSER
and FreeRadius calculate the Digest response for rlm_digest?
According to the output of my rlm_perl RAD_REQUEST, I'm getting the
following request
Hi Peter,
Well, according to the RFC, the string should be:
username:realm:password and then into the md5sum.
Now, according to my logs, I can see the following:
Packet-Type = Access-Request
Thu Jul 19 09:37:23 2007
User-Name = [EMAIL PROTECTED]
Digest-Attributes =
Ok,
I think I'm getting somewhere on this. After running wireshark and capturing
the traffic,
I actually realized that the Authentication/Authorization headers consists of a
random hash
that is identified by the nonce number. Following is an example:
Authorization: Digest username=101,
On Tue, 2007-07-24 at 11:43 +0300, FreeRadius-ML wrote:
Hi Peter,
Well, according to the RFC, the string should be:
username:realm:password and then into the md5sum.
No, the digest response is:
md5 (
concat (
md5 ( user:realm:passwd )
On Tue, 2007-07-24 at 13:54 +0300, FreeRadius-ML wrote:
Ok,
It would appear that I'm a little silly, due to the way FreeRadius logs the
information
on the console. I've been debugging the information that I get, and I can see
that the
Digest-Attributes actually contain the
Ok,
That makes more sense, do you have an example I can look at?
In any case, let me see if I understand the below:
I see that we perform 3 MD5 sums, each time on a different concatenated
string. The fields that I'm not recognizing are nc-val and entiry-body. Can
you please add
Hi Phil,
I would agree, however, it kind of negates the purpose of using rlm_perl,
doesn't it?
Z2L
- Original Message -
From: Phil Mayers [EMAIL PROTECTED]
To: [EMAIL PROTECTED], FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Sent: Tuesday, July 24, 2007
FreeRadius-ML wrote:
Now, my question is this, what is the formula to calculate the digest from
all of the
above information? I've tried backtracking the code, but ended up with a
slight headache.
If anyone has information, that would be highly appreciated.
I don't understand.
The
FreeRadius-ML wrote:
Now I understand you better, and I agree, that would constitute a much more
scalable method. In that case, I return to my previous question, do you have a
working rlm_perl script that does this, as I would like to see how this works.
If you can write Perl code to get
Hi Alan,
Yes, that was the initial idea. However, $RAD_CHECK{User-Password}, at least
according to
my log file doesn't exist:
rad_recv: Access-Request packet from host 192.168.2.80:36905, id=35, length=194
User-Name = [EMAIL PROTECTED]
Digest-Attributes = 0x0a05313031
FreeRadius-ML wrote:
Yes, that was the initial idea. However, $RAD_CHECK{User-Password}, at
least according to
my log file doesn't exist:
I don't understand. Did you update the Perl script to set that? Or
are you just looking at the debug output, and expecting to see
Hi,
Iam working with freeradius and mirkrotik routers since two years. However, I have never realized that the radius attributes acctoutputoctects and acctinputoctects are intechanged in mikrotik.
Does anyone know ths mikrotik bug?
SantiagoÉxitos, grandes clásicos y novedades. Un millón de
Hello,
I am curious about the methodology for using one authorization module
for one type of service and another for a different type of service.
basically we have wireless and VPN that is being authorized and
authenticated through our radius box. i would like to be able to control
authorization
Hi everyone :
I've been searching for the possible causes of a problem, that appears when
sqlcounter is enabled, and just in 64-bits plattforms (FreeBSD/Sparc64). The
radius_xlat function performed by rlm_sql seems to not reading well some
attributes like Expiration and always complains about
I have RouterOSv2.9 and input is input and output is output.
Ivan Kalik
Kalik Informatika ISP
Dana 24/7/2007, Santiago Balaguer García [EMAIL PROTECTED]
piše:
Hi,
I am working with freeradius and mirkrotik routers since two years.
However, I have never realized that the radius
Nevermind, i figured it out.
Joe Vieira wrote:
Hello,
I am curious about the methodology for using one authorization module
for one type of service and another for a different type of service.
basically we have wireless and VPN that is being authorized and
authenticated through our radius
Hi Martin,
If you already do not have it working, here are the steps that got mine to work,
1) Login to Novell iManager and under Roles and Tasks - LDAP options
- View Ldap Servers - Click on server - Connections - make sure
SSL Certificate IP is the server cert and Client Certificate - Not
I would love to know what the:
Invalid operator for item Expiration: reverting to '=='
I get them like so:
Invalid operator for item User-name: reverting to '=='
All three of my server logs are filled with them and I've been unable to
find the reason why. All the username's listed in the
If you have:
somegroup User-Name = whatever
That is normal. Huntgroup check item should have operator == not = and
server is clever enough to fix it. But it will grumble in the log so
you can change incorrect entries.
Ivan Kalik
Kalik Informatika ISP
Dana 24/7/2007, Chris Bell [EMAIL
Chris Bell said:
: RE: rlm_sql bug in 64-bit architecture ?
I would love to know what the:
Invalid operator for item Expiration: reverting to '=='
I get them like so:
Invalid operator for item User-name: reverting to '=='
All three of my server logs are filled with them and I've
Chris Bell wrote:
Invalid operator for item User-name: reverting to '=='
All three of my server logs are filled with them and I've been unable to
find the reason why. All the username's listed in the huntgroup can
successfully authenticate.
Have you looked at all of your references to
I'm testing FreeRADIUS's PEAP-EAP-MSCHAPv2 functionality with a wireless USB
adapter (D-Link AirPlus G DWL-G122) on Windows XP (SP2). I tried to capture
the EAP packets using Wireshark 0.99.6a but I failed.
Anyone can help? Thanks.
-
List info/subscribe/unsubscribe? See
On 7/25/07, Joe Vieira [EMAIL PROTECTED] wrote:
Nevermind, i figured it out.
I have the same question. How did you figure it out?
Joe Vieira wrote:
Hello,
I am curious about the methodology for using one authorization module
for one type of service and another for a different type of
Hi all,
What are the different backend data stores supported by the RADIUS Server?
Thanks Regards
Gaurav
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I believe http://wiki.freeradius.org/Modules#Available_Modules will give you
an idea
On 7/24/07, Gaurav Bandekar [EMAIL PROTECTED] wrote:
Hi all,
What are the different backend data stores supported by the RADIUS Server?
Thanks Regards
Gaurav
-
List info/subscribe/unsubscribe? See
28 matches
Mail list logo
