In RFC 2866, it says:
Acct-Input-Octets = This attribute indicates how many octets have
been received from the port over the course of this service being
provided.
Remember, this is from the view that users connect to a port on the
NAS. So data received from the port means from the
[EMAIL PROTECTED] wrote:
It is curious, then, why the RFC isn't as definitive in the
definition... I suppose it is intentionally left open for vendor
interpretation.
sigh No. The RFC *is* definitive. It just may not be overly clear,
10 years after the original text was written. It is NOT
Chris Bradshaw wrote:
The debug output was pretty much the same as my first email. I have
attached it below anyway. This debug output was taken with freeradius
1.1.7 and the following configured:
* Enabled use_tunneled_reply copy_request_to_tunnel.
* Have the following in the users file:
Hello
On 24 Sep 2007, at 09:58, Alan DeKok wrote:
Stefan Winter wrote:
I wonder what the sentence about MAX packet size on APs is about.
Is it their
maximum allowed length of a RADIUS packet? Frankly, that would be
quite
stupid because packets can legitimately be much larger than that.
David
Just one word on it: you are citing a RADIUS specific RFC. Thus, Acct-
Input-Octets is the value perceived by RADIUS instances. RADIUS RFCs
cannot possibly specify how terminals, wireless cards, GSM phones
etc. should or should not count packets, traffic, connections, etc.
It can
hello,
i'am trying to use radius authenticate and authorise users by EAP/TTLS from
XP and Linux ( Debian), i'am using only a « users » like database. i'am
reading the documentation : http://wiki.freeradius.org
i've imported root.pem both Windows XP and Linux
this log to Linux:
rad_recv:
hello,
i'am trying to use radius authenticate and authorise users by EAP/TTLS from
XP and Linux ( Debian), i'am using only a « users » like database. i'am
reading the documentation : http://wiki.freeradius.org
i've imported root.pem both Windows XP and Linux
this log to Linux:
rad_recv:
Read the explanation in eap.conf, FAQ, this list hundreds of times ...
Ivan Kalik
Kalik Informatika ISP
Dana 4/10/2007, elhammoud rachida [EMAIL PROTECTED] piše:
hello,
i'am trying to use radius authenticate and authorise users by EAP/TTLS from
XP and Linux ( Debian), i'am using only a Ť
Dear all,
I'm using the freeradius(freeradius-1.1.0-19
) on mobile network.
GGSN contacts the radius server like below.
1.GGSN---Accounting Off request---Radius
2.GGSN--Accounting Off response---Radius
3.GGSN---Accounting On request---Radius
After 5 sec,
4.GGSN---Accounting On request---Radius
elhammoud rachida wrote:
hello,
i'am trying to use radius authenticate and authorise users by EAP/TTLS
from XP and Linux ( Debian), i'am using only a « users » like database.
i'am reading the documentation : http://wiki.freeradius.org
i've imported root.pem both Windows XP and Linux
...
the
Hi Alan,
No. The standard is the RFC. The portmaster text is just
additional
text from the people building RADIUS systems.
It is NOT vendor specific. Do NOT say it is vendor specific.
Ok... I deserve a good slap for that one ;)
I will start thinking of it as vendor specific
hello,
i'am trying to use radius authenticate and authorise users by EAP/TTLS
from XP and Linux ( Debian), i'am using only a « users » like database.
i'am reading the documentation : http://wiki.freeradius.org
i've imported root.pem both Windows XP and Linux
...
the server no sends
Dear All,
Does any one have any tool to stress test the freeRadius ??
regards,
Amr el-Saeed
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
You do. ;-)
If you have freeradius you have radiusclient.
Ivan Kalik
Kalik Informatika ISP
Dana 4/10/2007, Amr el-Saeed [EMAIL PROTECTED] piše:
Dear All,
Does any one have any tool to stress test the freeRadius ??
regards,
Amr el-Saeed
-
List info/subscribe/unsubscribe? See
O/H [EMAIL PROTECTED] έγραψε:
You do. ;-)
If you have freeradius you have radiusclient.
Ivan Kalik
Kalik Informatika ISP
Dana 4/10/2007, Amr el-Saeed [EMAIL PROTECTED] piše:
Dear All,
Does any one have any tool to stress test the freeRadius ??
Hi
OKI tried using a User-Name of Bob as suggested, but still no joy.
I have attached a complete log of everything from the moment I click
OK on my Windoze laptop until the laptop says it has authenticated
successfully..
Thanx in advance for any help.
Chris.
rad_recv:
elhammoud rachida wrote:
It's a certificate problem. The supplicants have decided that they
don't like the servers certificate. They then stop doing EAP.
can'i use the certificats existing in the freeradius-1.1.7 ? it's
sufficient.
What I mean is that the supplicants do not accept the
Chris Bradshaw wrote:
OKI tried using a User-Name of Bob as suggested,
Maybe.
The debug log you posted is either NOT the full debug log (-X). OR,
you have deleted all references to the files module from radiusd.conf.
If you tell the server to NOT look at the users file, then do NOT
[EMAIL PROTECTED] wrote:
Unfortunately, from a back-end perspective, if having to support a
variety of 'broken' commercial vendors, one doesn't have much choice
(apart from not supporting these vendors). I guess we have to live with
it as it would probably be difficult for these vendors to
by linux, I put this
wireshark -i eth0
but any response
eth0 isn't usually a wireless device.
because i make test in wired, not in wireless
one question, i should use openssl to generate the certificats?
I have difficulty in understanding the implementation of EAP / TTLS with
Kevin Bonner wrote:
Access-Request is not from an accounting packet. You have a detail module
listed in your authorize or post-auth section which is adding this data to
the detail-combined file. You should have something similar to this in your
radiusd.conf file:
Thanks for your reply.
one question, i should use openssl to generate the certificats?
You can also use scripts provided with the distribution (certs.sh and
CA.all).
I have difficulty in understanding the implementation of EAP / TTLS with
Windows XP?
Not difficult at all - there isn't one. You have to download
Walter Gould wrote:
Why would I not be
getting any accounting data written to this file?
This is in the FAQ.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Like most other RADIUS server load testers it merely tests how fast the
client load test can run and doesn't really test the server load.
The Evolynx tester is especially prone to this problem because you can't
set the client time out. And 20 concurrent threads won't result in
much of a
Hi,
We have a freeradius server sending auth requests to a ldap server. We
sniffed traffic between them and found search request messages from ldap
protocol asking for an user called root, but the client request authentication
for another user, an existing one. This request for user root
Michael Lecuyer wrote:
What we're seeing is that a long time out can make it appear that all
packets are being processed but the long time out also slows the client
load test. If half of those threads are waiting a very short time for
responses and half are waiting a long time (essentially
Hi
Thanx for your help. Its working now.
I did have the files module commented out in the authorize
sectionapologies.
Thanx again.
Chris.
On 04/10/2007, Alan DeKok [EMAIL PROTECTED] wrote:
Chris Bradshaw wrote:
OKI tried using a User-Name of Bob as suggested,
Maybe.
On Thu, 2007-10-04 at 14:39 +0200, Alan DeKok wrote:
[EMAIL PROTECTED] wrote:
Unfortunately, from a back-end perspective, if having to support a
variety of 'broken' commercial vendors, one doesn't have much choice
(apart from not supporting these vendors). I guess we have to live with
it
Acct-Input-Octets has one meaning: the right one.
You don't have to interoperate with broken vendors. You tell
users to
throw the equipment away, and to buy working equipment.
For some, that is not very economical - nor environmentally friendly :)
I started the list; sorry, I
Alan DeKok wrote:
Walter Gould wrote:
Why would I not be
getting any accounting data written to this file?
This is in the FAQ.
Alan DeKok.
Alan,
You were right - thanks for pointing me there.
2007/10/3, Alan DeKok [EMAIL PROTECTED]:
Sergio Belkin wrote:
Is 2.0.0-pre2 reliable for production usage?
You *can* use the certificates it creates in 1.1.7.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Well, finally I fixed the
Hello,
I am trying to configure freeradius with EAP/MD5+SQL support. I already
followed all the SQL configuration procedures suggested in the SQL HOW TO,
and the steps suggested in the EAP/MD5 HOW TO. However, for some reason when
I try to authenticate from the NAS i get the following output in
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
What I find weird is that when I do a radtest from the server it seems
to find the user and password and sends an access-accept. I guess this
would make sense since there is no
I don't know if this is something that would be wanted in the freeradius
source.
I created a dictionary.slipstream for my dialup accelerator users based
on slipstream_sp_6.0_installation_and_configuration_guide.pdf from
slipstream's portal. It is extremely simple, and defines one VSA.
--
Scott
Thanks Alan. That clarifies.
Alan DeKok wrote:
Sridhar B wrote:
Greetings,
Does the password change request from PAM RADIUS work with FreeRADIUS
server?
No.
It doesn't seem like, as I see the following log at the RADIUS server:
Deprecated password change request from
35 matches
Mail list logo
