Hello!
we are using freeradius2 version 2.1.10 on a centos/rhel 5 Server. We
authenticate several ubnt clients on ubnt AP's via EAP-PEAP/MSCHAPV2.
This works very well, but sometimes the clients got an Access-Reject and i
don't know why ;(
I set the radius Server to debug mode and get those
On Wed, Aug 8, 2012 at 2:44 PM, stefan novak lms.bruba...@gmail.com wrote:
Hello!
we are using freeradius2 version 2.1.10 on a centos/rhel 5 Server. We
authenticate several ubnt clients on ubnt AP's via EAP-PEAP/MSCHAPV2.
This works very well, but sometimes the clients got an Access-Reject
Hi,
there's reject_delay in radiusd.conf
It is typcially set to one second to prevent some attacks. You could set
it to zero and then the reject may come through faster.
Still, 300 ms is *really* low even for that - depending on the time your
auth backend needs to even determine whether it was
Thanks but with sql I can send the attribute to Oracle DB without any
problem? So can you please help me with this unlang command to add? And
where?
In preacct section of my virtual sites?
Eric B.
-Original Message-
From:
Please do NOT send, forward, or reply an entire digest mail. It's
rude, useless, and will only make others unwilling to help you.
On Wed, Aug 8, 2012 at 3:19 PM, BELLIERE Eric
eric.belli...@mail.mobistar.be wrote:
Thanks but with sql I can send the attribute to Oracle DB without any
problem?
If it's sometimes, then it would be wise to compare the debug log of
when the client succeeds and when it does not. Also, IIRC RHEL5 has
2.1.12 already, so you should upgrade just in case this is a fixed
bug.
just updated my testserver to 2.1.12.
I test now with rad_eap_test utility to
Hi,
just updated my testserver to 2.1.12.
I test now with rad_eap_test utility to eliminate a client failure. the
behaviour gets more stranger. the test utility also fails sometimes, but
the radius server seams to be ok now?
[root@wlan-radius rad_eap_test-0.23]#
stefan novak wrote:
just updated my testserver to 2.1.12.
I test now with rad_eap_test utility to eliminate a client failure. the
behaviour gets more stranger. the test utility also fails sometimes, but
the radius server seams to be ok now?
Your method is wrong.
You ran the client 5
On Wed, Aug 8, 2012 at 3:43 PM, stefan novak lms.bruba...@gmail.com wrote:
If it's sometimes, then it would be wise to compare the debug log of
when the client succeeds and when it does not. Also, IIRC RHEL5 has
2.1.12 already, so you should upgrade just in case this is a fixed
bug.
just
On Wed, Aug 8, 2012 at 3:49 PM, alan buxey a.l.m.bu...@lboro.ac.uk wrote:
byt he way rad_eap_test isnt the best tool to use - use 'eapol_test' instead
http://wiki.freeradius.org/EAP-Clients#rad_eap_test says rad_eap_test
also uses eapol_test from wpa_supplicant. Shouldn't it produce the
same
http://wiki.freeradius.org/EAP-Clients#rad_eap_test says rad_eap_test
also uses eapol_test from wpa_supplicant. Shouldn't it produce the
same behavior?
rad_eap_test is only a wrapper script around eapol_test because it
produces much output.
Those are all access-accept, aren't they? The
Yes Thanks But I tried to force in preacct with update reply { Realm +=
%{Realm} } but still no attribute realm in the packet proxied to other
radius?
Eric B.
Send Freeradius-Users mailing list submissions to
freeradius-users@lists.freeradius.org
To subscribe or unsubscribe via the
Hi,
rad_eap_test is only a wrapper script around eapol_test because it
produces much output.
yes..and i believe it has a bug or 2
yes, sorry. understand that false
ok, then it seams that radius server is ok, but the clients are generating
false eap packets.
i will
Hi,
Yes Thanks But I tried to force in preacct with update reply { Realm +=
%{Realm} } but still no attribute realm in the packet proxied to other
radius?
..and you were already told that 'Realm' is an internal attribute - you need to
define
your own attribute...or borrow another that isnt of
On Wed, Aug 08, 2012 at 11:35:36AM +0200, BELLIERE Eric wrote:
Yes Thanks But I tried to force in preacct with update reply { Realm +=
%{Realm} }
This is pointless.
but still no attribute realm in the packet proxied to other
radius?
Please re-read what I wrote:
On Mon, Aug 06, 2012 at
when you say clients, you just mean these rad_eap_test requests? I assume
you are using
NAGIOS...and that occasionally you are getting a WARNING for the RADIUS
server? yes?
its a bug in rap_eap_test as far as I can see - I moved to a native
eapol_test with my NAGIOS
because of this bug.
Output from the ubnt client:
Aug 7 07:15:18 wpa-supplicant: CTRL-EVENT-EAP-STARTED EAP authentication
started
Aug 7 07:15:21 wpa-supplicant: CTRL-EVENT-EAP-METHOD EAP vendor 0 method
25 (PEAP) selected
Aug 7 07:15:57 pppd[1714]: No response to 5 echo-requests
Aug 7 07:15:57 pppd[1714]: Serial
I'm not 100% sure but as I know the UBNT equipment has introduced RADIUS
client support in firmw. 5.x which is still active and under development...
RADIUS MAC authentication was introduced in latest firmware (5.5) so I
believe that some things are still not as they should.
On 8.8.2012
I have a user that has Session-Timeout set to 2 hours (7200sec). I want
that user to have time for using its connection one day after first login.
So, if after one day after he logged in first time, he didn't use his full
amount of time, his account will be expired. Is there an attribute that can
Many thanks
I have then create a new dictionary with IANA number of my entreprise
and add a new attribute
Now I can see it in the proxyed packet.
Yes Thanks But I tried to force in preacct with update reply { Realm
+= %{Realm} } but still no attribute realm in the packet proxied to
other
After moving MYSQL to a clustered environment, and moving all backup and not
related tasks to slave hosts,
It seems the issue is resolved, radius has been running for several days
without any errors and/or sessions not being stopped.
Thanks for all your help and suggestions,
Amir.
-
List
Hi,
I'm thinking about changing the engine of the radacct and radippool tables
from MyISAM to InnoDB, as these tables suffers with a lot of updates and,
in my head, row locking in this case could be better than table locking. Is
that right?
Thanks in advance.
-
List info/subscribe/unsubscribe?
Cool.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Yes. That's the engine you should be using. I believe the current release has
that by default. It really improves performancethen just tweak some innodb
settings as per online performance guides for mysql.then after some more
months of pain, migrate to postgresql. ;)
alan
-
List
On Wed, Aug 8, 2012 at 7:38 PM, Antonio Modesto mode...@isimples.com.br wrote:
Hi,
I'm thinking about changing the engine of the radacct and radippool tables
from MyISAM to InnoDB, as these tables suffers with a lot of updates and,
in my head, row locking in this case could be better than
Hi,
We're (again) close to releasing 2.2.0. This time for real.
In order to make the server more future-proof, I've made some changes
to the TTLS parser. This will solve issues in the long term. But it
needs more testing now.
Please try the git v2.1.x branch with various
Hi everybody!!
I have been using Freeradius as AAA of some wireless hotspots and it works
great!!
After reading the Rlm_sqlcounter wiki page I started to use it, and it also
works great. This is the code of my sqlcounters:
sqlcounter dailycounter {
counter-name = Daily-Session-Time
Hi,
It's running only since a few minutes, so hard to make a long-term
prediction, but at least there's no immediate problem in sight.
Well... EAP-TLS seems not to work for me. My iPhone gets Rejects now.
primary server (2.1.12):
Wed Aug 8 12:57:46 2012 : Auth: Login OK:
Good, thanks guys!
2012/8/8 Fajar A. Nugraha l...@fajar.net
On Wed, Aug 8, 2012 at 7:38 PM, Antonio Modesto mode...@isimples.com.br
wrote:
Hi,
I'm thinking about changing the engine of the radacct and radippool
tables
from MyISAM to InnoDB, as these tables suffers with a lot of
Hi,
I have neither touched the iPhone nor the server; primary and backup run the
same configuration - synced via SVN.
I can revert back to 2.1.12 on the backup to verify that that fixes it to be
sure...
Never mind; a file in sites-enabled was out of sync with the primary,
and did
Hi,
Well... EAP-TLS seems not to work for me. My iPhone gets Rejects now.
radiusd -X debug output... you know the rules ;-)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi,
regarding testingmy 2 test/dev boxes are both now running the 3.x GIT
release
and so the configs are very different and wont work on 2.x - I'm not sure about
whether
I'd ever be running 2.2.x now anyway
alan
-
List info/subscribe/unsubscribe? See
I'm sure there are other ways to do this but I do it with a post auth
query matching a specific max all session value. If it matches, it
updates the attribute to expiration and sets the value 24hr from now.
When I wrote it, freeradius only supported one post auth query so I
use cases to match an
Stefan Winter wrote:
It's running only since a few minutes, so hard to make a long-term
prediction, but at least there's no immediate problem in sight.
Thanks. I'll try to get the release out this week. (finally)
Alan DeKok.
-
List info/subscribe/unsubscribe? See
On Wed, Aug 8, 2012 at 8:34 PM, Andres Gomez Ruiz
andres.go...@urbalink.co wrote:
I have some users that I need to reject their sessions at midnight, because
of that Im using the dailycounter...
IIRC that's not what dailycounter is for.
but I need that user can't login again
(the user is
Hi,
On the online users gui page of dialup admin, there are serveral columns, one
of the columns states name, which is after the caller ID column.
I would like to know where this comes from, I have set the name on the user
info page, but it doesn't seem like that works.
Thanks.
-
List
36 matches
Mail list logo