Hi Alan,
Thanks heaps for your reply! :-)
So my basic question is: Does authorize_check_query complete fully
before
starting the call to authorize_reply_query?
To re-phrase your question:
Q: What work does the database perform after it's returned an answer
from a SELECT?
A:
Hi Mike,
I use a similar setup (PG Functions for auth/acct) and I never had an
issue with the query ordering.
Padam
freerad...@duxtel.com wrote:
Hi Alan,
Thanks heaps for your reply! :-)
So my basic question is: Does authorize_check_query complete fully
before
starting
How many radius accounting requests per second can free radius support?
I am using openser-1.1.1-1.1 .
I have tested up to around 400. But need it to support more than 600
requests per sec.
Please let me know the max rate it can support or if it has any
dependency on the hardware.
freerad...@duxtel.com wrote:
That is true for a select statement, but my authorize_check_query is /not/ a
simple select.
sigh Do you understand how databases work?
the 'auth()' function is a plpgsql function that does a variety of lookups
and other checks, and then depending on the
How many radius accounting requests per second can free radius support?
I am using freeradius-1.0.4-4.2
I have tested up to around 400. But need it to support more than 600
requests per sec.
Please let me know the max rate it can support or if it has any
dependency on the hardware.
Divya Shah wrote:
How many radius accounting requests per second can free radius support?
How fast is your database?
I am using freeradius-1.0.4-4.2
Upgrade.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
G'day!
sigh Do you understand how databases work?
Heheh - uh, yes: I understand how a database works!
Does the pgsql function do things AFTER it returns?
duh Of course not!
I have *no idea* how you concluded that when I said the exact opposite.
H, I read your last reply again
Hi,
My problem is that the response I send to our LAC has to contain
extra
information depending on the domain. Is it possible to query a local
mysql database for this extra information (these are cisco av pairs
needed to establish the tunnels between the LAC and LNS)
Yes. See man
Thanks Padam! That's just what I was hoping to hear :-)
Regards, Mike.
From: freeradius-users-bounces+freeradius=duxtel@lists.freeradius.org
[mailto:freeradius-users-bounces+freeradius=duxtel@lists.freeradius.org]
On Behalf Of Padam J Singh
Sent: Monday, 23 November 2009 8:57 PM
To:
by ESET Smart Security.
http://www.eset.com
__ Information from ESET Smart Security, version of virus signature
database 4629 (20091123) __
The message was checked by ESET Smart Security.
http://www.eset.com
-
List info/subscribe/unsubscribe? See http
Am Montag, 23. November 2009 11:19:41 schrieb Divya Shah:
How many radius accounting requests per second can free radius support?
I am using openser-1.1.1-1.1 .
I have tested up to around 400. But need it to support more than 600
requests per sec.
Please let me know the max rate it can
Craig Campbell wrote:
Thanks Alan,
I re -acquired the source, but there seems to be a (minor I think)
error.
$git clone git://git.freeradius.org/freeradius-server.git
$cd freeradius-server
$git fetch origin stable:stable
$git pull
No. See
freerad...@duxtel.com wrote:
sigh Do you understand how databases work?
Heheh - uh, yes: I understand how a database works!
Then there is no issue.
Perhaps I am missing some significant detail that is obvious to you...(?) I
am coming to this discussion with the assumption that the
Hello everyone!
After some work now I have succesfully got MySQL to work towards the Freeradius
server or at least I think it does.
But hurm.. I´ve added a user by adding a user in radcheck, ive written insert
into radcheck (id, username, attribute, op, value) VALUES (null, 'test-user',
Hi,
Craig Campbell cr...@ccraft.ca wrote:
I re -acquired the source, but there seems to be a (minor I think) error.
$git clone git://git.freeradius.org/freeradius-server.git
$cd freeradius-server
$git fetch origin stable:stable
$git pull - should be 'git
Peter Carlstedt wrote:
Well all of that works but from that point and forward it doesnt, I cant
get my new user to authenticate towards the radius server and I get from
attr_filter that the request matched entry DEFAULT at line 11, which
sends a reject message if I have understood it
Dan Fisher | Fluidata wrote:
However I am having real problems getting the mysql part working. I have
tried using examples other people are using that work and they either
just get treated as a string or the server wont even run in debug mode.
If it doesn't run in debugging mode, it prints a
/freeradius-users/attachments/20091123/7742bdb9/attachment.html
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest, Vol 55, Issue 106
freeradius2-2.1.7-2.el5
freeradius2-utils-2.1.7-2.el5
freeradius2-libs-2.1.7-2.el5
CentOS 5.2
I'm trying to get freeradius to authenticate with an AD server, using
the instructions at
http://deployingradius.com/documents/configuration/active_directory.html
The initial confirmation of
On Mon, 2009-11-23 at 10:24 -0500, freerad...@corwyn.net wrote:
However, whether I use
ntlm_auth --request-nt-key --domain=MYDOMAIN --username=user
--password=password
or
ntlm_auth --domain=MYDOMAIN --username=user --password=password
the output/response looks the same:
NT_STATUS_OK:
--
Message: 2
Date: Mon, 23 Nov 2009 15:25:32 +0100
From: Alan DeKok al...@deployingradius.com
Subject: Re: No NAS-PORT seen
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID: 4b0a9b5c.6000...@deployingradius.com
I also got an error which I´ve had before, then Ivan Kalik I think told me
that i need to enable copy_request_to_tunnel = yes. Well I have that
enabled so I can authenticate by peap. But now I get the same error when I
try to authenticate the user which has been created in the MySQL database.
radiusd process would quit automatically while doing authorization and
accounting presure test about 150 times per second,can anyone tell me what the
problem is?-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
pangjiacai wrote:
radiusd process would quit automatically while doing authorization and
accounting presure test about 150 times per second,can anyone tell me
what the problem is??
Read doc/bugs
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
At 10:24 AM 11/23/2009, freerad...@corwyn.net wrote:
to confirm, and it looks like it's working.
Hmm. I have two sets of authentication I care about, VPN Users, and
Cisco switches. I'd like to be able to control access to each of
those separately (different AD Security Groups, and different
Hi,
I'm using FreeRADIUS with LDAP for authentication and mySQL for logging. The
LDAP queries seem to be stripping the realm name properly, whereas the mySQL
queries are not. I'm running FreeRADIUS 2.1.6 on FreeBSD:
FreeRADIUS Version 2.1.6, for host i386-portbld-freebsd7.2, built on Nov 10
On Mon, 2009-11-23 at 13:35 -0500, freerad...@corwyn.net wrote:
At 10:24 AM 11/23/2009, freerad...@corwyn.net wrote:
to confirm, and it looks like it's working.
Hmm. I have two sets of authentication I care about, VPN Users, and
Cisco switches. I'd like to be able to control access to each
t...@kalik.net wrote:
Also tried modify wpa_supplicant conf:
- ca_cert=ca.pem
+ ca_cert=server.pem
But with the same result.
Because the path is wrong, ie. certificate is not there. Put the correct
path to where you have imported the certificate.
Ivan Kalik
-
List
I'm sorta struggling with the same thing, a la a single NAS (Cisco
switch) requiring multiple auth types: 1,) VTY / enable access from
NetEng group (in AD), 2.) 8021.x auth for everyone! Similar with VPN
appliance, VTY's AND IPSec auths. The request type will differ for each
type of requests, so
Gary Gatten wrote:
I'm sorta struggling with the same thing, a la a single NAS (Cisco
switch) requiring multiple auth types: 1,) VTY / enable access from
NetEng group (in AD), 2.) 8021.x auth for everyone! Similar with VPN
appliance, VTY's AND IPSec auths. The request type will differ for
On Mon, 2009-11-23 at 20:37 +0100, Tomas Pelka wrote:
t...@kalik.net wrote:
Also tried modify wpa_supplicant conf:
- ca_cert=ca.pem
+ ca_cert=server.pem
But with the same result.
Because the path is wrong, ie. certificate is not there. Put the correct
path to where you have
At 02:33 PM 11/23/2009, Paul Ryszka wrote:
On Mon, 2009-11-23 at 13:35 -0500, freerad...@corwyn.net wrote:
Am I going to have to do something like create different modules
(ntlm_auth and ntlm_auth2) radiusd.conf in the module section?
You need to create two separate entries in modules having
Hmm. I have two sets of authentication I care about, VPN Users, and
Cisco switches. I'd like to be able to control access to each of
those separately (different AD Security Groups, and different shared
keys).
I'm not sure what you mean by different shared keys - can you clarify? Also,
On Mon, 2009-11-23 at 15:05 -0500, freerad...@corwyn.net wrote:
At 02:33 PM 11/23/2009, Paul Ryszka wrote:
On Mon, 2009-11-23 at 13:35 -0500, freerad...@corwyn.net wrote:
Am I going to have to do something like create different modules
(ntlm_auth and ntlm_auth2) radiusd.conf in the module
Paul Ryszka wrote:
On Mon, 2009-11-23 at 20:37 +0100, Tomas Pelka wrote:
t...@kalik.net wrote:
Also tried modify wpa_supplicant conf:
- ca_cert=ca.pem
+ ca_cert=server.pem
But with the same result.
Because the path is wrong, ie. certificate is not there. Put the correct
path to where you
At 02:33 PM 11/23/2009, Paul Ryszka wrote:
On Mon, 2009-11-23 at 13:35 -0500, freerad...@corwyn.net wrote:
Am I going to have to do something like create different modules
(ntlm_auth and ntlm_auth2) radiusd.conf in the module section?
You need to create two separate entries in modules having
t...@kalik.net wrote:
Also tried modify wpa_supplicant conf:
- ca_cert=ca.pem
+ ca_cert=server.pem
But with the same result.
Because the path is wrong, ie. certificate is not there. Put the correct
path to where you have imported the certificate.
Ivan Kalik
-
List
Hi,
I'm using FreeRADIUS with LDAP for authentication and mySQL for logging.
The LDAP queries seem to be stripping the realm name properly, whereas the
mySQL queries are not. I'm running FreeRADIUS 2.1.6 on FreeBSD:
FreeRADIUS Version 2.1.6, for host i386-portbld-freebsd7.2, built on Nov
Paul Ryszka wrote:
On Mon, 2009-11-23 at 20:37 +0100, Tomas Pelka wrote:
t...@kalik.net wrote:
Also tried modify wpa_supplicant conf:
- ca_cert=ca.pem
+ ca_cert=server.pem
But with the same result.
Because the path is wrong, ie. certificate is not there. Put the
correct
path to where
Hi,
Problem is on the server site, isn't it? CA and server certs are now in
same dir as whole RADIUS configuration, is necessary put certs into
trusted directory like /etc/ssl/certs?
you can stick them whereever the server user can read them - but you must
specify the path of the file
I have tried this with and without the
Output looks like:
WARNING: Unknown module sql in string expansion %{sql: SELECT
Attribute from radreply where Username ='burst.net' and
Attribute='Tunnel-Password'}
You haven't configured (or included in radiusd.conf) sql.conf.
Tim Gustafson t...@soe.ucsc.edu wrote:
I'm using FreeRADIUS with LDAP for authentication and mySQL for
logging. The LDAP queries seem to be stripping the realm name
properly, whereas the mySQL queries are not. I'm running FreeRADIUS
2.1.6 on FreeBSD:
FreeRADIUS Version 2.1.6, for
...erm, '%{%{Stripped-User-Name}:-%{User-Name}}', I think what
you have there is some really old depreated or bad syntax'ed
version. Same in your SQL queries too strangely. You will want
to make sure you use 'SQL-User-Name' instead too, and not
directly 'User-Name' (think SQL injection).
://git.freeradius.org for the exact commands.
$ git checkout stable
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
__ Information from ESET Smart Security, version of virus
signature database 4629 (20091123) __
The message was checked by ESET
Perhaps do what is suggested wherever you care to look (this
list, documentation, website, ...) - run server in debug mode
(radiusd -X). Then you will see exactly what is happening.
I did that, and it didn't help. I added a realm definition back in to the
config file, and here's the debug
Just getting back to this project.
I want the request to come from a standard radius request from another server
(or the same server).
I was to do some external checks with a bash shell script and then have the
script allow or deny access to the user.
I am using the flatfile for user entries.
I am using freeradius to proxy eduroam requests. These could be for any
number of different realms so I only have a DEFAULT realm configured.
I now want to reject authentication to one specific realm (my own) but pass
all others. The proxy server can't do this for me so I need to do it before
47 matches
Mail list logo
