On Mon, Nov 05, 2007 at 08:04:02AM +0100, Alan DeKok wrote:
Agreed. But that is *Redhat's* problem, not ours. *Redhat* should
provide support for 3-year-old versions of FreeRADIUS.
I never suggested that someone *should* support the old version. I posted
a message to a public mailing list
Florin Andrei wrote:
I attached an updated spec file for pam_radius_auth. The original one
fails when building as non-root. I fixed that and made a few other minor
changes.
The install stage SHOULD set the permissions correctly.
It would be nice if the build system could generate this spec
Alan DeKok wrote:
Why are you looking at the client side? The README, INSTALL, FAQ, and
daily messages on this list say that you should run in debug mode. What
do we have to add to the documentation to convince you that this is a
good idea?
Why is the password displayed in plain text
Phil Mayers wrote:
The occurrences tended to be spaced weeks apart, and consist of clusters
of hangs 4-12 hours apart over a few days. I had formed the hypothesis
that a particular client or type of client was triggering it - when they
realised they could never authenticate (because unknown to
Frank Winkler wrote:
Why is the password displayed in plain text instead of hashed as on
the old
server?
Because it helps with debugging.
I think you didn't get the point of my question. I was wondering about
the difference on two clients querying the same server for the same data.
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
radius_xlat:
'/opt/freeradius/var/log/radius/radacct/127.0.0.1/auth-detail-20071105'
rlm_detail:
/opt/freeradius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands
Frank Winkler wrote:
Auth-Type System sounds like the culprit ... but I can't find that in
radiusd.conf.
It's in the users file. I've deleted it in CVS (what will be 1.1.8,
and what will be 2.0).
Delete it, AND add pap as the last module in the authorize
section. Also add pap in the
Hi All
I want to hand off some custom processing to a ruby script. What would
be the best way to implement this. I need the same functionality
provided by rlm_perl. Should I use rlm_perl to call the ruby script? Or
is there a better way.
Thanks
--
Werner Stucky
Stucky Motors IT
Cell : +27 72
Hi Alan,
Any thought gone on this?
Why is the plugin unable to resolve the IP address of the RADIUS server, or
trying to resolve an IP to IP?
Is that something related to compilation?
Regards
Soban
From: Sobanbabu Bakthavathsalu
Sent: 02 November 2007
On Mon 05 Nov 2007, Werner Stucky wrote:
Hi All
I want to hand off some custom processing to a ruby script. What would
be the best way to implement this. I need the same functionality
provided by rlm_perl. Should I use rlm_perl to call the ruby script? Or
is there a better way.
The
Sobanbabu Bakthavathsalu wrote:
Hi Alan,
Any thought gone on this?
Why is the plugin unable to resolve the IP address of the RADIUS server, or
trying to resolve an IP to IP?
It's not. It's trying to resolve it's own IP address. Make sure DNS
works, or edit the code to remove all
Alan DeKok wrote:
It's in the users file. I've deleted it in CVS (what will be 1.1.8,
and what will be 2.0).
Indeed:
DEFAULT Auth-Type = System
Fall-Through = 1
Delete it, AND add pap as the last module in the authorize
section. Also add pap in the authenticate section.
That
Frank Winkler wrote:
Just out of curiousity: would it also be possible to have both system
and PAP?
Yes.
Does the order of the config entries influence the search order?
The order in the authenticate section doesn't matter. The order in
the authorize section does, because (for example)
Hello all,
I'm trying to integrate a Cisco wireless controller in web authentication
mode with freeradius which uses rlm_dbm as user database. I run also some
extra scripts using rlm_exec to update the session-timeout etc.
The odd thing is that this device sends as nas-port always the
http://linux.die.net/man/5/rlm_acct_unique
Try replacing NAS-Port with Calling-Station-Id.
Ivan Kalik
Kalik Informatika ISP
Dana 5/11/2007, John Kougoulos [EMAIL PROTECTED] piše:
Hello all,
I'm trying to integrate a Cisco wireless controller in web authentication
mode with freeradius which
Hello,
This doesn't seem to work. radwho always shows me only the user who logged
in last.
Thanks!
On Mon, 5 Nov 2007, [EMAIL PROTECTED] wrote:
http://linux.die.net/man/5/rlm_acct_unique
Try replacing NAS-Port with Calling-Station-Id.
Ivan Kalik
Kalik Informatika ISP
Dana 5/11/2007,
Think about using sql. Simultaneous use check is configurable there. And
you will be able to get online users simply by checkig that AcctStopTime
is 0 (mysql - I think it's NULL for postgre).
Ivan Kalik
Kalik Informatika ISP
Dana 5/11/2007, John Kougoulos [EMAIL PROTECTED] piše:
Hello,
This
It's mysql that goes to sleep. There is some default setting that kills
the idle connections after 8 hours. Once all threads are gone ... Read
their list to find out what setting it is and how to ?incease it to 24
hours.
Ivan Kalik
Kalik Informatika ISP
Dana 5/11/2007, Norbert Wegener [EMAIL
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan
DeKok
Sent: Friday, November 02, 2007 6:42 PM
To: FreeRadius users mailing list
Subject: Re: Security of sql md5 vs unix auth
Ben Wiechman wrote:
Background: we use freeradius to provide AAA for our
Norbert Wegener wrote:
In a cvs version of pre2, which is newer than pre2, on one machine,
after some time of inactivity, freeradius does not seem to answer at
all- sometimes, not
reliable reproducable.
When did you take the CVS snapshot? Did -pre2 NOT have this behavior?
...
with a few
crypt, sha etc. also won't work with PEAP. Only NT-hash.
Ivan Kalik
Kalik Informatika ISP
Dana 5/11/2007, Ben Wiechman [EMAIL PROTECTED] piše:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan
DeKok
Sent: Friday, November 02, 2007 6:42 PM
To:
Alan DeKok wrote:
Norbert Wegener wrote:
In a cvs version of pre2, which is newer than pre2, on one machine,
after some time of inactivity, freeradius does not seem to answer at
all- sometimes, not
reliable reproducable.
When did you take the CVS snapshot?
the cvs is from
got the opportunity earlier than expected...
The system is suse 10.2.
# gdb radiusd 30251
GNU gdb 6.5
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
my last popsting was about a sleeping radius.
The same version on another machine makes just the opposite:
It uses all the cpu power of a 2.4Ghz machine.
A gdb output with bt is at:
http://www.wegener-net.de/freeradius/typescript
Norbert Wegener
-
List info/subscribe/unsubscribe? See
On Mon 05 Nov 2007, Norbert Wegener wrote:
my last popsting was about a sleeping radius.
The same version on another machine makes just the opposite:
It uses all the cpu power of a 2.4Ghz machine.
A gdb output with bt is at:
http://www.wegener-net.de/freeradius/typescript
Which modules are
Hi,
I made some more tests on this topic and I've found the following:
1) I get the same problem with the fresh configuration files as
installed by freeradius 1.1.7. This time I'd expect the server say it
can't contact ldap.your.domain instead it will stop like when started
with
Peter Nixon wrote:
On Mon 05 Nov 2007, Norbert Wegener wrote:
my last popsting was about a sleeping radius.
The same version on another machine makes just the opposite:
It uses all the cpu power of a 2.4Ghz machine.
A gdb output with bt is at:
http://www.wegener-net.de/freeradius/typescript
Norbert Wegener wrote:
my last popsting was about a sleeping radius.
The same version on another machine makes just the opposite:
It uses all the cpu power of a 2.4Ghz machine.
A gdb output with bt is at:
http://www.wegener-net.de/freeradius/typescript
OK. It looks like a failure to
Massimo Meregalli wrote:
1) I get the same problem with the fresh configuration files as
installed by freeradius 1.1.7. This time I'd expect the server say it
can't contact ldap.your.domain instead it will stop like when started
with my configuration file. The ps command say the server
Norbert Wegener wrote:
got the opportunity earlier than expected...
The system is suse 10.2.
# gdb radiusd 30251
...
(gdb) bt
...
#5 0xb7b083c8 in vio_read () from /usr/lib/mysql/libmysqlclient_r.so.15
So it's blocked on a MySQL read...
All I can suggest right now is to try
30 matches
Mail list logo