On 11 Jul 2013, at 22:39, Doug Hardie bc...@lafn.org wrote:
On 11 July 2013, at 06:09, Fajar A. Nugraha l...@fajar.net wrote:
On Thu, Jul 11, 2013 at 7:28 PM, Arran Cudbard-Bell
a.cudba...@freeradius.org wrote:
We are now in feature freeze for 3.0. The configuration format and behaviour
On 10.07.2013 07:48, Olivier Beytrison wrote:
if ( ADSL-Agent-Remote-Id =~ /(.{0,31})$/ ) {
if ( ADSL-Agent-Remote-Id =~ /(.{1,32})$/ ) {
that's even better as it won't match an empty attribute (you never know ...)
--
Olivier Beytrison
Network Security Engineer, HES-SO Fribourg
Mail:
On 9 Jul 2013, at 18:01, Brian Julin bju...@clarku.edu wrote:
Arran Cudbard-Bell wrote:
Soon. We've gone into official feature freeze. Still finding bugs though,
it'd be helpful if people could test.
Just to make sure it was understood during the foreach fixup patch I sent
on github,
Hi,
On Tue, Jul 09, 2013 at 10:58:15AM -0700, Julian Macassey wrote:
On 2013-07-09 at 10:18, Matthew Newton (m...@leicester.ac.uk) wrote:
Try adding the following to the *top* of your users file:
evergreen Cleartext-Password := pa55word, MS-CHAP-Use-NTLM-Auth := 0
When I use the users
On 10 Jul 2013, at 12:46, Mathieu Simon mathieu@gmail.com wrote:
G'day list
I have been tinkering with some Netgear managed L2/L3 switching stuff and
got the
login working via freeradius (actually quite simple compared to EAP stuff for
wireless).
But when issuing enable after
Fernando Hammerli wrote:
To avoid the need of installing our CA certificate on every Windows
machine, we´ll buy the server certificate from a public CA.
Can Freeradius allow me to have both methods at the same time, ie, the
PEAP with the public CA and certificate users with our 'self-signed'
Julian Macassey wrote:
It does when it is all in the 'users' file, in fact, when
I put my username and password in the users file, my laptop and
smartphone authenticate and connect to the WiFi.
That's good.
But, I want to get that info from /etc/password. I note
from looking
On 10 Jul 2013, at 13:38, Alan DeKok al...@deployingradius.com wrote:
Fernando Hammerli wrote:
To avoid the need of installing our CA certificate on every Windows
machine, we´ll buy the server certificate from a public CA.
Can Freeradius allow me to have both methods at the same time, ie,
Hi,
Currently we have 1000´s of users self-signed certificates (EAP-TLS),
and we´re planning to move our main authentication method to PEAP, but
keeping the certificates in use while valid.
To avoid the need of installing our CA certificate on every Windows
machine, we´ll buy the server
G'day
2013/7/10 Arran Cudbard-Bell a.cudba...@freeradius.org
On 10 Jul 2013, at 12:46, Mathieu Simon mathieu@gmail.com wrote:
FreeRADIUS doesn't have a dictionnary for Netgear stuff yet, I don't
think Netgear
copied Cisco's own AVpair use, but in case they do have own AV pairs,
how
Hi
As a possible hint since your question sounds similar to an issue I had:
I was looking to provide a server-side certificate to my clients from a
public CA
but only allow clients to authenticate via EAP-TLS when presenting a cert
from our
internal CA which avoids the misconfiguration to trust
Hi,
Thank you Arran, that's what I suspected but hoped that there would be
another way to find out.
I'll see if Netgear is willing to approve existence of AV pairs (and if
theyre willing to share them).
on some kit you can run a command to see the VSA list/desc
most vendors will
Hello,
To avoid the need of installing our CA certificate on every Windows
machine, we´ll buy the server certificate from a public CA.
Having the CA cert installed only does half of the job; for EAP
configuration purposes, the CA must explicitly marked as trusted /for
this EAP identity/.
So
Hi, thanks for you reply (extensive to the others),
Just put both CAs in the directory pointed to by CA_path.
Curently my CA_path is where my users certificates are stored.
I thought I had to offer a different server certificate to the user. I
was able to make it work (PEAP only, not the TLS)
On 10/07/13 15:43, Arran Cudbard-Bell wrote:
Update sections may now also return fail.
Can you clarify - AIUI, sql xlat can now also distinguish between empty
and fail, so if I do this:
update {
request:Tmp-String-0 := %{sql:...}
}
...and the SQL server is down, the xlat will fail and
User a deployment tool as then things like CN checks are done
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Mathieu, thanks for your reply.
It´s not clear to me what exactly has to be done.
So, I´ll place both server certificates inside the certificate_file,
correct? Do I declare it only under the 'tls' section (not on the peap)?
How does FR knows which certificate for each method?
How do I declare
Got it now, as you said.
Using the public CA certs on certificate_file (and related private key),
and included the public CA chain on the CA_file (together with my own
CA). Still needs more testing (in more enviroments), but seems to be
working.
Thanks!
Check the difference of CA_file
On 10 Jul 2013, at 16:29, Phil Mayers p.may...@imperial.ac.uk wrote:
On 10/07/13 15:43, Arran Cudbard-Bell wrote:
Update sections may now also return fail.
Can you clarify - AIUI, sql xlat can now also distinguish between empty and
fail, so if I do this:
update {
On 10 Jul 2013, at 23:59, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
On 10 Jul 2013, at 16:29, Phil Mayers p.may...@imperial.ac.uk wrote:
On 10/07/13 15:43, Arran Cudbard-Bell wrote:
Update sections may now also return fail.
Can you clarify - AIUI, sql xlat can now also
Julian Macassey wrote:
In the Wifi sign on window of both a Macbook and an
iPhone, I enter the username and the password. So, from my sign
on I have told the server both.
Well, no. That's telling the *client* what the password is.
You need to tell the *server* the correct password,
Brendan Kearney wrote:
i have found this write up:
http://www.clearfoundation.com/docs/howtos/setting_up_radius_to_use_ldap
but it does not work.
See the FAQ for it does not work. You need to run it in debugging
mode, as suggested in the FAQ, man page, web pages, and daily on this
list.
Good day,
I have a problem wherein daloradius doesn't read the freeradius log file.
Do I need to chown or chmod anything? Am using CentOS 6.4, and log file is
located in /var/log/radius/radius.log. I already chmod'ded 777 the log file
and it still wouldn't open thru daloradius interface. I can
Read the compatability matrix. Check what EAP method your clients are using
versus the password storage method you are using.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Julian,
On Mon, Jul 08, 2013 at 03:10:31PM -0700, Julian Macassey wrote:
I'm just trying to do a bog standard username and
password for OS X and Linux users on laptops - Plus the
ubiquitous smartphones of course. I have no Microsoft gear on the
LAN.
Try adding the following to the
On 9 Jul 2013, at 13:10, Rahul Godbole rahulmg1...@gmail.com wrote:
Hi
I cross compile Freeradius 2.1.9 for my embedded device. So far we have been
compiling it with OpenSSL and everything works fine. However, I now want to
compile it without OpenSSL. Can you tell me hat option I should
David Peterson wrote:
Any ETA on 3.0 being released?
We're just working on a few last-minute issues. We'll get it released
ASAP.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 9 Jul 2013, at 16:27, David Peterson dav...@wirelessconnections.net
wrote:
Any ETA on 3.0 being released?
Soon. We've gone into official feature freeze. Still finding bugs though, it'd
be helpful if people could test.
Configuration files and packages are more or less in their final state
What the hurry? Are you actually using the pre release? I ask because we may
find some other hitherto unknown bug
alan
Original message
From: David Peterson dav...@wirelessconnections.net
Date: 09/07/2013 16:33 (GMT+00:00)
To: FreeRadius users mailing list
] On Behalf Of Alan Buxey
Sent: Tuesday, July 9, 2013 12:00 PM
To: FreeRadius users mailing list
Subject: Re: 3.0
What the hurry? Are you actually using the pre release? I ask because we may
find some other hitherto unknown bug
alan
Original message
From: David Peterson dav
Arran Cudbard-Bell wrote:
Soon. We've gone into official feature freeze. Still finding bugs though,
it'd be helpful if people could test.
Just to make sure it was understood during the foreach fixup patch I sent
on github, I mentioned that indexed attribute accesses were broken.
None of
On 2013-07-09 at 10:18, Matthew Newton (m...@leicester.ac.uk) wrote:
Julian,
On Mon, Jul 08, 2013 at 03:10:31PM -0700, Julian Macassey wrote:
I'm just trying to do a bog standard username and
password for OS X and Linux users on laptops - Plus the
ubiquitous smartphones of course. I
On 10.07.2013 05:20, Peter Lambrechtsen wrote:
In pseudo code it would be something like:
if (length(ADSL-Agent-Remote-Id) 31) {
update reply {
strncat(SubscriberID, ADSL-Agent-Remote-Id +
(strlen(ADSL-Agent-Remote-Id) - 31), 31)
}
}
else {
update reply {
SubscriberID :=
Sorry for not including it in the first post, freeradius version used is
the latest in CentOS repo.
The output on the first post is for the web-based login, I forgot that I
only configured it on console login
Here is the output:
Ready to process requests.
rad_recv: Access-Request packet from
Hi,
Ready to process requests.
rad_recv: Accounting-Request packet from host 10.141.1.129 port 49154,
id=0, length=84
snip thats an accounting packet
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Sending Access-Accept of id 0 to 10.141.1.129 port 49154
^^
Access-Accept sent from the server. the RADIUS server has done
its thing. if the NAS isnt working then you have missed some
configuration option on the NAS
alan
-
Hi, thanks for the reply.
(Sorry if this is OT) As I understand, I couldn't use 802.1x authentication
on just the switches themselves? Since a client must have certificates to
authenticate to a server. What i just wanted to accomplish is to
authenticate the switches only on the radius server, so
Hi,
(Sorry if this is OT) As I understand, I couldn't use 802.1x
authentication on just the switches themselves? Since a client must have
certificates to authenticate to a server. What i just wanted to accomplish
is to authenticate the switches only on the radius server, so this
On Thu, Jul 04, 2013 at 07:05:09PM +0100, Arran Cudbard-Bell wrote:
Don't try and use the users file for complex stuff like this.
In your profile objects add an attribute for preferredNetwork.
Use ldap xlat to search in the directory for an profile object with a
preferredNetwork attribute
-Acc-Dereg = 39
SNA-RP-Reg-Upd-Sent = 60
SNA-RP-Reg-Upd-Re-Sent = 20
Event-Timestamp = Jul 8 2013 08:28:23 MSK
3GPP2-Service-Reference-Id = 0x0104000102040001
Framed-IP-Address = 94.77.22.81
Framed-IP-Netmask = 255.255.255.255
Starent-Attr-24
Yes, issues can appear in new code as well as get fixed. Known problems in
2.2.0 will be solved in 2.2.1 which is near/ready for release
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 08/07/13 14:59, Lovaas,Steven wrote:
Exec-Program output: Reading winbind reply failed! (0xc001)
Check the permissions on the winbind socket, which usually lives in
either /var/cache/samba/winbindd_privileged or
/var/lib/samba/winbindd_privileged
-
List info/subscribe/unsubscribe?
Am 08.07.2013 16:30, schrieb Phil Mayers:
On 08/07/13 14:59, Lovaas,Steven wrote:
Exec-Program output: Reading winbind reply failed! (0xc001)
Check the permissions on the winbind socket, which usually lives in
either /var/cache/samba/winbindd_privileged or
Simon
Sent: Monday, July 08, 2013 8:44 AM
To: FreeRadius users mailing list
Subject: Re: MS-CHAP2 fails - samba version?
Am 08.07.2013 16:30, schrieb Phil Mayers:
On 08/07/13 14:59, Lovaas,Steven wrote:
Exec-Program output: Reading winbind reply failed! (0xc001)
Check the permissions
On Mon, Jul 08, 2013 at 01:49:47PM -0700, Julian Macassey wrote:
I have a Netgear WiFi router set up for WPA2 Enterprise.
It is pointed at a freeradius server. I am trying to use the
username and password of that server to authenticate. It fails
consistenty with:
[pap] WARNING! No
On 2013-07-08 at 22:16, Matthew Newton (m...@leicester.ac.uk) wrote:
On Mon, Jul 08, 2013 at 01:49:47PM -0700, Julian Macassey wrote:
I have a Netgear WiFi router set up for WPA2 Enterprise.
It is pointed at a freeradius server. I am trying to use the
username and password of that
Julian Macassey wrote:
So, I put it back in. I took it out earlier as 1. I
couldn't connect with it. 2. My understanding from reading the
docs was that pap alone would do the job.
(1) No, and (2) Not for 8021.X
I'm just trying to do a bog standard username and
password for OS
On 2013-07-09 at 00:52, Alan DeKok (al...@deployingradius.com) wrote:
Julian Macassey wrote:
So, I put it back in. I took it out earlier as 1. I
couldn't connect with it. 2. My understanding from reading the
docs was that pap alone would do the job.
(1) No, and (2) Not for 8021.X
Thura Hlaing wrote:
I am wondering if there is anyway for freeradius to reject auth requests
based on the number of active (connected) users. For example, I would like to
limit the number of active (authorized) users to 50 in my radius+CoovaChilli
deployment, so that connection speed
On 07/04/2013 04:35 AM, Patrick Gawthorne wrote:
update request {
Class = “%{Ldap-Group}”
}
You can't do that, because Ldap-Group is not a real attribute with a
value; it's a virtual attribute, which you compare against (think about
it - you can be in 1 group)
You would
On 4 Jul 2013, at 08:22, Phil Mayers p.may...@imperial.ac.uk wrote:
On 07/04/2013 04:35 AM, Patrick Gawthorne wrote:
update request {
Class = “%{Ldap-Group}”
}
You can't do that, because Ldap-Group is not a real attribute with a value;
You can do:
update reply {
On 04/07/13 11:00, Franks Andy (RLZ) IT Systems Engineer wrote:
Hi,
I’m experimenting with a system involving an access-challenge to a
NAS. It works fine with FR so far on, say, the cisco ipsec vpn client,
which waits a long time until timing out waiting for user input. I’d
like to also
Hi,
waits a long time until timing out waiting for user input. I'd like to
also discover how other NAS's behave using this and have found the timeout
on a particular cisco 1131 access point to be quite short.
most NAS devices have configurable options for their RADIUS/EAP timers.
Gustavo Vieira Oliveira wrote:
We have a Cisco Wireless Controller 5508 with Aironet 1041 APs.
To make the AP authenticate with RADIUS we need to set the following
command manually in the AP:
This isn't a Cisco support list.
The thing is, the APs can only authenticate if this command is
On 4 Jul 2013, at 13:12, Gustavo Vieira Oliveira gusta...@sc.senai.br wrote:
Hello!
We have a Cisco Wireless Controller 5508 with Aironet 1041 APs.
To make the AP authenticate with RADIUS we need to set the following command
manually in the AP:
- radius-server vsa send
Which as
Hi,
This isn't a FreeRADIUS issue, and shouldn't really be on this
list.
However -
On Thu, Jul 04, 2013 at 09:12:40AM -0300, Gustavo Vieira Oliveira wrote:
We have a Cisco Wireless Controller 5508 with Aironet 1041 APs.
We have the same, authenticating against FreeRADIUS.
To make the AP
Yeah, i'm not saying it's a problem with RADIUS.
I'm just asking trying to understand why it's happening and if there may
be any workaround for this.
Matthew, we have some remote places that we chose to authenticate
locally with Radius.
I'm guessing the configuration (radius-server vsa
Quoting Phil Mayers p.may...@imperial.ac.uk:
On 04/07/13 11:00, Franks Andy (RLZ) IT Systems Engineer wrote:
Hi,
Session-timeout and Idle-timeout are attributes mentioned by the cisco
docs but neither of these seem to be what I'm after.
Neither are relevant; they're for established
Those are VSA that you are getting from the NAS. You're WiFi kit is centrally
managed so config is pushed from the controller
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 04/07/13 14:34, David Mitton wrote:
Quoting Phil Mayers p.may...@imperial.ac.uk:
On 04/07/13 11:00, Franks Andy (RLZ) IT Systems Engineer wrote:
Hi,
Session-timeout and Idle-timeout are attributes mentioned by the cisco
docs but neither of these seem to be what I'm after.
To: freeradius-users@lists.freeradius.org
Subject: Re: Access-challenge timeout on IOS
On 04/07/13 14:34, David Mitton wrote:
Quoting Phil Mayers p.may...@imperial.ac.uk:
On 04/07/13 11:00, Franks Andy (RLZ) IT Systems Engineer wrote:
Hi,
Session-timeout and Idle-timeout
Oh for sure...
I used Cisco 1200s @ RSA and the Windows EAP interfaces
I was always fighting with the system timing out the authentication
before a user would time in a token code. This frequently takes a
minute or more, because people have to get their token, often they
wait for the code
On 4 Jul 2013, at 22:32, David Mitton da...@mitton.com wrote:
Oh for sure...
I used Cisco 1200s @ RSA and the Windows EAP interfaces
I was always fighting with the system timing out the authentication before a
user would time in a token code. This frequently takes a minute or more,
Bruce Bauman wrote:
Right now we have freeradius configured so that EAP and non-EAP are
handled by separate virtual servers which are listening on separate
virtual ports.
Why?
We'd like to simplify our configuration and use the same port for both.
I've looked through the documentation
On 03/07/13 15:29, Bruce Bauman wrote:
Right now we have freeradius configured so that EAP and non-EAP are
handled by separate virtual servers which are listening on separate
virtual ports.
We'd like to simplify our configuration and use the same port for both.
I've looked through the
Hi Arran,
Could you tell me what is the reason why there are duplicated records in
radacct? NAS's configuration mistakes? Why AcctUniqueId is not a UNIQUE
INDEX by default? Is a bug?
Could I have any problem after execute this alter into the radacct table?
I hope your answer.
Best regards,
On 3 Jul 2013, at 15:50, Antonio Fernández Pérez
antoniofernan...@fabergames.com wrote:
Hi Arran,
Could you tell me what is the reason why there are duplicated records in
radacct? NAS's configuration mistakes? Why AcctUniqueId is not a UNIQUE INDEX
by default? Is a bug?
Should of been
I have reported you dozens of times as spam yet get several emails a day
from you. I am not a part of a technicians advice social net work site a
university campus tit bits on the delight of identifying gremlins on a
computer or discussion forum group on the intricacies of using a computer.
What
On 3 Jul 2013, at 16:07, RONAN BLANEY ikeavolkswa...@gmail.com wrote:
I have reported you dozens of times as spam yet get several emails a day from
you. I am not a part of a technicians advice social net work site a
university campus tit bits on the delight of identifying gremlins on a
Ok, thank you for your answer.
Best regards,
Antonio.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Júlíus Þór Bess Ríkharðsson wrote:
For some reason I cannot get Stripped-User-Name attribute to get
populated when using nostrip for a realm. Is this normal behaviour or am
I missing something?
That's how it works. If you don't strip the name, you don't get a
stripped name.
I need the
On 03/07/13 16:24, Júlíus Þór Bess Ríkharðsson wrote:
Hi,
For some reason I cannot get Stripped-User-Name attribute to get
populated when using nostrip for a realm. Is this normal behaviour or am
I missing something?
Normal. nostrip means don't populate Stripped-User-Name
I need the
Ok. I'll be firing up gdb and adding more logging. Before I did that I added a
post_proxy detail log to see what the proxy server saw in that phase and for
Access-Rejected packets they never get to the post_proxy section. Not sure if
that sheds any more light on this.
Anyway, so I know where
On 3 Jul 2013, at 17:19, Ti Leggett legg...@mcs.anl.gov wrote:
Ok. I'll be firing up gdb and adding more logging. Before I did that I added
a post_proxy detail log to see what the proxy server saw in that phase and
for Access-Rejected packets they never get to the post_proxy section. Not
On 03/07/13 17:34, Martin Kraus wrote:
Now my setup stopped working because suddenly ldap-eduroam was checking for
groups when matching Ldap-Group. I was under the impression that when not
specificed with ldap-eduroam-Ldap-Group the default ldap entry would be used.
No. Most recently
On 3 Jul 2013, at 17:34, Martin Kraus lists...@wujiman.net wrote:
Hi.
I had to create 3 instances for the ldap module. One is the default
ldap {
}
and then I got two named
ldap ldap-eduroam {
}
ldap ldap-netdefault {
}
That right there:
On 3 Jul 2013, at 17:47, Phil Mayers p.may...@imperial.ac.uk wrote:
On 03/07/13 17:34, Martin Kraus wrote:
Now my setup stopped working because suddenly ldap-eduroam was checking for
groups when matching Ldap-Group. I was under the impression that when not
specificed with
Hi,
We'd like to simplify our configuration and use the same port for both.
the default configuration does that
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Júlíus Þór Bess Ríkharðsson wrote:
Alan: The goal is to be able to use EAP and still be able to authorize user
using LDAP. The objects name is obviously not named realm\user.
Yes. Plenty of other people get this to work.
The behaviour is the same for EAP (just longer output :)), I don't
Ti Leggett wrote:
Ok. I'll be firing up gdb and adding more logging. Before I did that I added
a post_proxy detail log to see what the proxy server saw in that phase and
for Access-Rejected packets they never get to the post_proxy section.
I'm not sure how that happens. The proxy reply is
...@lists.freeradius.org wrote: -To: FreeRadius users mailing listfreeradius-users@lists.freeradius.orgFrom: Alan DeKok Sent by:freeradius-users-bounces+julius.bess=nyherji...@lists.freeradius.orgDate: 07/03/2013 08:28PMSubject: Re: Stripped-User-Name not set when using nostrip?Phil Mayers wrote: Have you actually
Júlíus Þór Bess Ríkharðsson wrote:
I'm not sure why you say that my LDAP is not working because in the
second debug output you can see that I find the object and use it's DN
and also extract an attribute from the object. There is no known good
password however because AD doesn't store
Can I know what brand of radius server you are going to use for EAP-SIM/AKA
? I am interesting on this
On Tue, Jul 2, 2013 at 3:51 PM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 07/02/2013 07:56 AM, Ming-Ching Tiew wrote:
So this
On 07/02/2013 02:30 AM, Matt Zagrabelny wrote:
If a user is not in the secret group, then their login should fail if
the Vendor-3076-Attr-146 = 0x554d44 pair is in the request.
This is pretty easy:
authorize {
...
if (Vendor-3076-Attr-146 == 0x554d44) {
if (SQL-Group == secret) {
On 01.07.2013 18:34, Alan DeKok wrote:
It's not possible for one proxy radius to send request to different EAP
SIM/EAP AKA radius server (based on certain criteria) ?
When you're proxying an EAP packet, the ONLY criteria you have is the
EAP identity. You do NOT have the EAP type available.
On 2 Jul 2013, at 07:18, Phil Mayers p.may...@imperial.ac.uk wrote:
On 07/02/2013 02:30 AM, Matt Zagrabelny wrote:
If a user is not in the secret group, then their login should fail if
the Vendor-3076-Attr-146 = 0x554d44 pair is in the request.
This is pretty easy:
authorize {
...
On 2 Jul 2013, at 07:41, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
On 2 Jul 2013, at 07:18, Phil Mayers p.may...@imperial.ac.uk wrote:
On 07/02/2013 02:30 AM, Matt Zagrabelny wrote:
If a user is not in the secret group, then their login should fail if
the Vendor-3076-Attr-146
From: Iliya Peregoudov iperegu...@cboss.ru
To: freeradius-users@lists.freeradius.org
Sent: Tuesday, July 2, 2013 2:20 PM
Subject: Re: Using freeradius as proxy for EAP-SIM/EAP-AKA
On 01.07.2013 18:34, Alan DeKok wrote:
It's not possible for one proxy radius to send request to different EAP
Hi
I'll see if I can send through some dictionary file entries later today
Alan
This smartphone uses eduroam which gives me free WiFi around the world. Now
thats what I call smart!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 07/02/2013 07:56 AM, Ming-Ching Tiew wrote:
So this [^@]*@wlan.mncX.mccY.3gppnetwork.org is unique ? All the SIMs
from the same mobile operator will have the same string and it will be
different from another mobile operator ?
Yes, though be aware the pattern given isn't exactly valid; X
On 07/02/2013 07:52 AM, Arran Cudbard-Bell wrote:
This may work for 2.x.x but definitely wont't work for 3.0 which uses
direct DICT_ATTR pointer comparisons in some places (instead of
comparing vendor/attribute number).
So... what *can* you do with Vendor-X-Attr-Y?
-
List
On 2 Jul 2013, at 08:53, Phil Mayers p.may...@imperial.ac.uk wrote:
On 07/02/2013 07:52 AM, Arran Cudbard-Bell wrote:
This may work for 2.x.x but definitely wont't work for 3.0 which uses
direct DICT_ATTR pointer comparisons in some places (instead of
comparing vendor/attribute number).
On 02/07/13 11:37, Arran Cudbard-Bell wrote:
On 2 Jul 2013, at 08:53, Phil Mayers p.may...@imperial.ac.uk
wrote:
On 07/02/2013 07:52 AM, Arran Cudbard-Bell wrote:
This may work for 2.x.x but definitely wont't work for 3.0 which
uses direct DICT_ATTR pointer comparisons in some places
Hi,
We have a generic VPN profile that we'd like to allow *all* users to
login to - this works well.
When users login to the secret profile, then the following VPN
attribute is included in the request:
Vendor-3076-Attr-146 = 0x554d44
use/load the dictionary.cisoc.vpn3000 dictionary file
On 2 Jul 2013, at 11:57, Phil Mayers p.may...@imperial.ac.uk wrote:
On 02/07/13 11:37, Arran Cudbard-Bell wrote:
On 2 Jul 2013, at 08:53, Phil Mayers p.may...@imperial.ac.uk
wrote:
On 07/02/2013 07:52 AM, Arran Cudbard-Bell wrote:
This may work for 2.x.x but definitely wont't work for
On 2 Jul 2013, at 12:15, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
On 2 Jul 2013, at 11:57, Phil Mayers p.may...@imperial.ac.uk wrote:
On 02/07/13 11:37, Arran Cudbard-Bell wrote:
On 2 Jul 2013, at 08:53, Phil Mayers p.may...@imperial.ac.uk
wrote:
On 07/02/2013 07:52 AM,
On 2 Jul 2013, at 12:19, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
On 2 Jul 2013, at 12:15, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
On 2 Jul 2013, at 11:57, Phil Mayers p.may...@imperial.ac.uk wrote:
On 02/07/13 11:37, Arran Cudbard-Bell wrote:
On 2 Jul 2013,
Ti Leggett wrote:
Tue Jul 2 10:39:04 2013 : Error: WARNING: Unresponsive child for request 0,
in component core module thread
Fix your scripts so that they don't block the server.
The upstream server does get the request, send the reject back to the proxy
and the proxy receives the
I'm not sure how the script could be blocking the server after it's already ran
and returned the updated packet so the proxying can take place which does
happen:
• rlm_perl: Changing User-Name: legg...@yubiauth.mcs.example.com
• rlm_perl: Added pair NAS-Port-Type = Virtual
Ti Leggett wrote:
I'm not sure how the script could be blocking the server after it's already
ran and returned the updated packet so the proxying can take place which does
happen:
I don't know. All I know is that the default configuration doesn't
have child threads blocking when sending
1001 - 1100 of 59048 matches
Mail list logo