Hi all,
During authentication process, I need to send an Accounting-Start to a network
equipment when the authentication is successful (when processing the
Access-Request), before sending the Access-Accept back.
Is it possible to create the Accounting-Request from inside a module and post
it
During authentication process, I need to send an Accounting-Start to a
network equipment
Just out of interest - what is network equipment going to do with the
accounting request?
It's a network filtering appliance. The Accounting-Request ships
attributes that say which filtering policy must
And you are absolutely sure that you are supposed to send it an
Accounting-Request and not proxy Access-Request? Considering that
filtering policies are a part of the access setup that would make much
more sense.
Yes I am. Actually, the appliance works like this, and is not the same
box as
Hi all,
I try to use FreeRADIUS to authenticate a wireless device using EAP-SIM.
Currently, my SIM card can be authenticated using a Cisco supplicant
(eap-sim-draft-v5) with a Cisco Access Registrar RADIUS server
(eap-sim-draft-v5) that gets SIM triplets from an ITP and a HLR simulator.
I
Hi all,
I have a question about EAP-SIM and EAP-AKA authentication.
Is fast-reauthentication supported (in eap or eap2 module)?
Thanks in advance for your answers.
Geoff.
_
Envoyez avec Yahoo! Mail. Une boite
Hi all,
I have 2 questions regarding FreeRADIUS and SNMP:
1/ Is it possible to run 2 FreeRADIUS servers on the
same box, with SNMP support activated? I understand
it's possible, using distinct values for smux_password
parameter.
2/ Connecting FreeRADIUS to Net-SNMP using SMUX is
quite easy. Has
Another question is, does the wimax forum dictate
what
to be done with these attributes in radius server
?
Yes. The WiMAX NWG specification has detailed
requirements. You need
to be a member of the WiMAX forum to obtain the
specifications, I believe.
Since v1, the specifications
Hello
I have 2 more problems (not necessarily bugs) with radsniff.
1- I can't enter a RADIUS attribute filter. I can't gifgure out what's the
syntax. I tried stuff like -r User-Name = toto and other types of operators,
but I still have the message
radsniff: Invalid RADIUS filter
2- I can't
Ok, the first problem comes that there is no call to fflush.
The patch is:
210a211,213
/* BEGIN_GAO */
fflush(stdout);
/* END_GAO */
336a340,342
/* BEGIN_GAO */
fflush(stdout);
/* END_GAO */
Geoff.
Hi all,
I am testing radsniff, and I have the following
behaviour:
When launching radsniff with the following input, the
program crashes (FreeRADIUS v2.0.0-pre2)
[EMAIL PROTECTED] bin]# ./radsniff -f udp
Device: [eth0]
PCAP filter: [udp]
RADIUS secret: [testing123]
*** glibc detected ***
The request used is a Status-Server request. The
content of the request is the following :
I have just tested sniffing a Status-Request
generated by radclient (v2.0.0-pre2), and radsniff
crashes the same way.
Regards,
Geoffroy
I have a question on virtual servers: can the same instance of a module
(rlm_detail for example) be used in 2 different virtual servers?
How are managed NO_THREAD_SAFE modules in this case (rlm_detail for example)?
Thanks
Geoff.
Brian Walters wrote:
With the new 2.0 release do we have to make 2
entries for each home
server? 1 for auth packets and 1 for acct packets?
Yes, because they are *different* servers. They
may be different
programs that share no memory or configuration.
Or, you can continue to
Hi all,
I have a small question on FreeRADIUS behaviour when
acting as a synchronous proxy:
Are the modules re-executed on a retransmission
reception, or is the forwarded request re-sent using
the cache?
I also have a 2nd question - not regarding proxy:
While processing an Access-Request, if a
Hi All,
I have a quick question on the shortname attribute for
clients: must it be unique among all clients?
Thanks in advance for your answers
Geoff.
___
Découvrez une nouvelle façon
Hi Guys
Is anyone actually using rlm_python in production?
We do. But with a home-made module, based on corrected
module stored in bugzilla.
We made adjustments in it to meet our customer needs,
and it is therefore not reusable.
Nevertheless, we did correct memory leaks, threading
issues and
FreeRADIUS 1.1.3 bug - Accounting requests reemission by FreeRADIUS
In file main\request_list.c, function refresh_request.
In the case of an accounting request (request-proxy-code ==
PW_ACCOUNTING_REQUEST), FreeRADIUS adds to the proxied packet the
attribute Acct-Delay-Time (or updates it, if
I am quite pleased to report I have, with minimal discomfort, version 1.1.3
running on Solaris 10.
The source actually compiles perfectly once OS dependencies etc. are met.
I will share a few tips here for any who may be attempting the same.
My main goal was LDAP functionality. Other
Hi all,
Maybe my mail will be out of the discussion, but we plan in middle term to
migrate an existing AAA system from a commercial software to FreeRADIUS.
We already made a prototype to check the feasability (existing system performs
authentication against Oracle database sotred procedures).
Hi,
I have observed the following behaviour with FreeRADIUS 1.0.2, working in proxy
mode, with synchronous set to YES:
If the realm server is not responding, after max_request_time has expired, the
request is rejected, and the realm is marked to dead. I tried to add a backup
server to the
Hi all,
I have question for those who use rlm_detail module. I saw in source code that
this module is thread unsafe. My understanding is that will not avoid
FreeRADIUS to run multi-thread, but that only one thread will be able to log
details at a time. Am I right?
Second question: does
Hi,
I am going to configure a FreeRADIUS as a RADIUS proxy. My proxy will have to
listen on a couple of ports on 2 interfaces, so I set the following
configuration in radiusd.conf:
listen {
ipaddr = IP1
port = 1812
type = auth
}
listen {
ipaddr = IP1
port = 1813
type =
Hi,
I just get the last CVS update, and I discovered a hidden attribute in
mainconfig.c, name proxy_fail_type.
By reading the source code, my understanding is that setting this attribute to
fail (for example) in proxy.conf, and setting the value fail for
Post-Proxy-Type in
Hi all,
I have a question regarding Vendor-specific attribute encoding: What type of
smart encoding are supported by radclient (and thus FreeRADIUS). I mean, I
know I can use TLV encoded VSA - as described in the RFC, for example:
WISPr-Redirection-URL=http://www.google.fr
or
I receive for instance Framed-MTU = 1500 in Access-Request and now I have
to put in the Access-Accept Class = 05DC (the hex value of the framed-MTU)
and sent it back to the NAS.
Maybe you can do it by developing a simple module by your own?
Geof.
-
List info/subscribe/unsubscribe? See
It's USR's old format. 4 bytes of attribute type, and no length.
The VSA length is used for the length instead.
Thank you for the info.
Ugh. What the heck is the project type?
Actually, the vendor has several projects, each one owning potentially 256
attributes.
If the server does
Hi all,
I have a question regarding EAP-SIM authentication, in the case where
authentication is performed by an external AAA system.
We already perform LEAP and EAP-TLS authentication against an external AAA
system authentication through FreeRADIUS (FreeRADIUS acts as a proxy for EAP
Thank you for your answer.
I mean EAP-SIM has been described in 16 successive drafts, and finally
became a RFC.
I don't know the content of the RFC itself, but I know that other AAA
server (Cisco Access Registrar for example), performing EAP-SIM against
SS7 network and HLR do need to upgrade
Hello all,
Would it be possible to have some information about FreeRADIUS SNMP capacities.
Which version of snmp are supported?
What can be done?
Which types of trap can be sent to the manager?
Which type of info can the manager ask?
What are the other features?
Is it stable?
Any peice of
Hello,
I'm working with Nicolas - who sent the first mail.
The module failing is not the one showed in the
request (its cod eis too big). When we saw that
something was going wrong, we quickly wrote a very
simple module to stress the failure, and we built it
with release 1.0.1.
Geoffroy
---
Hello,
I know I can send VSA using radclient, by putting the
following line in my request file:
Cisco-AVPair=Hello!
What I want to know, is if I can send VSA which
content is not formatted like mentionned in RFC2865
(§5.26). I mean that I want to send:
+++++
|
Hello,
I am using radclient fom FreeRADIUS in CVS version
1.60. It works fine.
I saw that radclient evolved to deal with several
files / several requests per file. That's an
interesting feature for what I need.
Nevertheless, reading radclient.c (I haven't tested it
yet), I think that a
Hello,
I think there is a bug in radclient (since v1.63?).
I currently use radclient v1.60, and it works fine.
I saw that new functionalities appeared, and I
downloaded V1.72. Reading the radclient.c source file,
I became a little plerplex about the '-i' feature,
which allows to set the ID of
Hello,
I am training at FreeRADIUS, and I'm writting my own module to make different
stuff on request. It works well.
I use FreeRADIUS snapshot-20040102.
I think I've found an error in the libradius, in the file valuepair.c, into the
function pairreplace.
My valuepair.c is in version 1.74, but
34 matches
Mail list logo