Hello list,
I want to delete one reply attribute from the reply list if the access-request
is originating not from a special NAS-IP-Address.
Currently I have solved this by adding this unlang code in authorize section:
if(!NAS-IP-Address == x.x.x.x) {
update reply {
On 9 Oct 2013, at 07:05, Hachmer, Tobias tobias.hach...@stadt-frankfurt.de
wrote:
Hello list,
I want to delete one reply attribute from the reply list if the
access-request is originating not from a special NAS-IP-Address.
Currently I have solved this by adding this unlang code in
Hello Arran,
thanks for the answer. This has worked!
Regards,
Tobias Hachmer
-Ursprüngliche Nachricht-
Von:
freeradius-users-bounces+tobias.hachmer=stadt-frankfurt...@lists.freeradius.org
[mailto:freeradius-users-bounces+tobias.hachmer=stadt-frankfurt...@lists.freeradius.org]
Im
Hi,
we upgraded a freeradius setup from 1.x to 2.1.10+dfsg-2+squeeze1 on Debian
Squeeze.
Within the old version, we used a database config for groups with an attribute
Session-Timeout and the value `%{expr:06:00}`
With new version freeradius send an error while looking in debug mode like:
Tue
Just got a wee bit of trouble linking in the talloc libraries, but I'm sure
its not insurmountable
A
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Is anyone out there load balancing RADIUS with an F5 load balancer? We're doing
it here, but I can't help thinking that the actual load balancing algorithm
need some tweaking.
As far as I'm aware ( systems section support the F5 boxes)
1). We're using round robin to spread the load over
Dear Aran C. Bell
Thanks for everything, Here is update.
1.)
All-In-MB counter works. Please note, when a user has downloaded his
quota, counter
do not force log off . Saying other way, if the user is online, he would
remain online until he log off him self or stop browsing. But point to be
On Wed, Oct 9, 2013 at 3:41 PM, Alex Sharaz alex.sha...@york.ac.uk wrote:
While we have 900 switches doing mac and 802.1x based auth, we can have
6000+ users on our wireless network all authenticating to RADIUS via 3 RAS
clients. Looking at the back end server log files, it does look as if, in
Am Mittwoch, 9. Oktober 2013, 09:41:19 schrieb Alex Sharaz:
Hi,
Is anyone out there load balancing RADIUS with an F5 load balancer? We're
doing it here, but I can't help thinking that the actual load balancing
algorithm need some tweaking.
As far as I'm aware ( systems section support the
Hi,
Just got a wee bit of trouble linking in the talloc libraries, but I'm sure
its not insurmountable
Alan uses OSX so I'm *SURE* it compiles fine with the right support stuff
present - you
should have been compiling it before the official release ;-)
alan
-
List
On 09.10.2013 10:41, Alex Sharaz wrote:
Hi,
Is anyone out there load balancing RADIUS with an F5 load balancer? We're
doing it here, but I can't help thinking that the actual load balancing
algorithm need some tweaking.
I have f5 loadbalancers but atm I don't use them for our RADIUS
On 9 Oct 2013, at 10:16, Fajar A. Nugraha l...@fajar.net wrote:
On Wed, Oct 9, 2013 at 3:41 PM, Alex Sharaz alex.sha...@york.ac.uk wrote:
While we have 900 switches doing mac and 802.1x based auth, we can have 6000+
users on our wireless network all authenticating to RADIUS via 3 RAS
On 09.10.2013 11:25, Olivier Beytrison wrote:
On 09.10.2013 10:41, Alex Sharaz wrote:
I was wondering if there's a way off having a bit more granularity in terms
of how the f5 load balances incoming RADIUS requests.
Another nice thing to do is to do persistence based on radius AVP
Hi,
Just to give some infos if I can help (this mailing has helped me a lot !)
I have F5 BigIP devices in two 2 DCs. They have each a VirtualServer with a
shared IP (not activated in VLANs used to communicate between the 2 DC to avoid
IP conflits, a much simple config for NAS - only one IP
you don't know how hard it was to wait till the official release :-)
A
On 9 Oct 2013, at 10:19, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
Just got a wee bit of trouble linking in the talloc libraries, but I'm sure
its not insurmountable
Alan uses OSX so I'm *SURE* it compiles fine with the
Many thanks for this Olivier, much appreciated
Rgds
A
On 9 Oct 2013, at 11:07, Olivier Beytrison oliv...@heliosnet.org wrote:
On 09.10.2013 11:25, Olivier Beytrison wrote:
On 09.10.2013 10:41, Alex Sharaz wrote:
I was wondering if there's a way off having a bit more granularity in terms
of
On 9 Oct 2013, at 10:19, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
Just got a wee bit of trouble linking in the talloc libraries, but I'm sure
its not insurmountable
Alan uses OSX so I'm *SURE* it compiles fine with the right support stuff
present - you
should have been compiling it
On 9 Oct 2013, at 11:21, Alex Sharaz alex.sha...@york.ac.uk wrote:
you don't know how hard it was to wait till the official release :-)
A
brew install talloc
brew link talloc
./configure
make
make install
?
Arran Cudbard-Bell a.cudba...@freeradius.org
FreeRADIUS Development Team
-
List
On 10/08/2013 07:09 PM, Arran Cudbard-Bell wrote:
On 8 Oct 2013, at 17:44, Phil Mayers p.may...@imperial.ac.uk wrote:
On 08/10/13 17:01, Rok Kosir wrote:
authentication to mysql), when i run freeradius -X, i get Segmentation
Fault when it reaches dhcp listner.
See doc/bugs.
and skip to
Volker Lieder wrote:
Within the old version, we used a database config for groups with an
attribute Session-Timeout and the value `%{expr:06:00}`
Which never worked. 06:00 isn't a number. You can't just invent
syntax and use i.
With new version freeradius send an error while looking in
Russell Mike wrote:
All-In-MB counter works. Please note, when a user has downloaded his
quota, counter do not force log off .
The counter modules DOES NOT DO THAT.
To see why, ask yourself what does FreeRADIUS see when the user has
downloaded his quota?
The answer is nothing. The
Hi All. I have some code in an sql policy:
sql_check_user_present {
update control {
Tmp-String-0 := %{sql_pwifi:SELECT COUNT(*) from voucher v left
join state s on v.id=s.voucher_id where v.id=s.voucher_id and
v.code='%{User-Name}' and (s.state='Inactive' or s.state='Active')}
}
switch
It appears the debugging switches don't work quite as I'd expect in FreeRADIUS
3 when RadSec is configured.
# radiusd -fxx -l stdout
Works as expected (threaded debugging with no timestamps), however:
# radiusd -fXx -l stdout
snip
Wed Oct 9 14:44:18 2013 : Error:
On 9 Oct 2013, at 11:56, Rok Kosir rok.ko...@cosylab.com wrote:
On 10/08/2013 07:09 PM, Arran Cudbard-Bell wrote:
On 8 Oct 2013, at 17:44, Phil Mayers p.may...@imperial.ac.uk
wrote:
On 08/10/13 17:01, Rok Kosir wrote:
authentication to mysql), when i run freeradius -X, i get
Franks Andy (RLZ) IT Systems Engineer wrote:
Trying version #d166290 results in
Which is old. The bug has already been fixed.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks Alan. D
So if you want to do something when the users traffic is over the quota,
you have to do it in the accounting section.
Could you please kindly indicate what should i do there ? i tried to
perform the check again when user is online by adding counter entry in *
session* section. but
Adam Bishop wrote:
It appears the debugging switches don't work quite as I'd expect in
FreeRADIUS 3 when RadSec is configured.
Yes. Because of OpenSSL limitations, the server MUST have multiple
threads when using radsec.
# radiusd -fxx -l stdout
Works as expected (threaded debugging
Hi,
It appears the debugging switches don't work quite as I'd expect in
FreeRADIUS 3 when RadSec is configured.
# radiusd -fxx -l stdout
yep. if you try 'radiusd -X' it will tell you to run it like that.
# radiusd -fXx -l stdout
# ./sbin/radiusd -Cfxx -l stdout
single thread
On 9 Oct 2013, at 15:22, Adam Bishop adam.bis...@ja.net wrote:
It appears the debugging switches don't work quite as I'd expect in
FreeRADIUS 3 when RadSec is configured.
# radiusd -fxx -l stdout
Works as expected (threaded debugging with no timestamps), however:
# radiusd -fXx -l
Russell Mike wrote:
So if you want to do something when the users traffic is over the quota,
you have to do it in the accounting section.
Could you please kindly indicate what should i do there ? i tried to
perform the check again when user is online by adding counter entry in
*session*
o.k. different method of getting talloc onto machine :-)
I used
curl -s https://raw.github.com/rudix-mac/package-manager/master/rudix.py | sudo
python - install rudix
then
rudix install talloc
:-))
On 9 Oct 2013, at 11:54, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
On 9 Oct
On 9 Oct 2013, at 15:47, Alan DeKok al...@deployingradius.com wrote:
Adam Bishop wrote:
It appears the debugging switches don't work quite as I'd expect in
FreeRADIUS 3 when RadSec is configured.
Yes. Because of OpenSSL limitations, the server MUST have multiple
threads when using
Thanks Alan D
understood. I will use unlang in accounting.
Thanks
On Wednesday, October 9, 2013, Alan DeKok wrote:
Russell Mike wrote:
So if you want to do something when the users traffic is over the quota,
you have to do it in the accounting section.
Could you please kindly indicate
On 10/07/2013 04:18 PM, Alan DeKok wrote:
After many years of development, the FreeRADIUS team is happy to
announce Version 3 of the world's most popular server. The release was
delayed from June in order to track down and solve a number of
last-minute issues. We'd like to thank all of the
On 09/10/13 16:36, Arran Cudbard-Bell wrote:
On 9 Oct 2013, at 15:47, Alan DeKok al...@deployingradius.com wrote:
Adam Bishop wrote:
It appears the debugging switches don't work quite as I'd expect in FreeRADIUS
3 when RadSec is configured.
Yes. Because of OpenSSL limitations, the
John Dennis wrote:
3.0 is not on the download page http://freeradius.org/download.html nor
is there a download link on the above announcement page.
The announcement says: Version 3.0.0 (sig) has been released...
The 3.0.0 is a link.
I've added a link on the download page.
Alan DeKok.
Arran Cudbard-Bell wrote:
Isn't it required for doing any RADIUS over TCP?
Nope. Only SSL.
The reason is that sometimes reading from an SSL socket requires SSL
writing data to the other end. So you end up with both ends waiting for
something. And that knowledge is buried inside of
Phil Mayers wrote:
Perhaps architecturally, but not inherently; you could, at least in theory:
1. Receive 4-byte length
2. Sanity-check the length
3. Allocate buffer
4. Read on TCP socket non-blocking in normal select loop until you've
filled the buffer
5. Parse packet from buffer,
38 matches
Mail list logo
