Andy An wrote:
Hi Ivan:
The password is in the ldap server as one of attributes binded to the
user (userPassword: {CRYPT}something).
...
rlm_ldap: performing search in ou=People,dc=eciad,dc=ca, with filter
(uid=andyan)
...
WARNING: No known good password was found in LDAP. Are you sure that
EvilEzh wrote:
I use relays (because i want to use option 82 ... not tested yet) ... so
replay to relay is unicast. And if i want relay to broadcast replay
message, i need to update broadcast flag.
So after relay receive message it will broadcast to client (i hope so).
Ah, OK. I've added
Hi,
Where can I check wether postgresql support is compiled in or not??
try configuring postgres in your FR config - if, when
you run FR with full debug (radiusd -X) you get
to see lots of lovely postgres stuff - then its got support
built in.
if you compiled the thing yourself, then simply
Evgeniy Kozhuhovskiy wrote:
Does anybody already implemented dynamic allocation of ips
from pool?
I don't think so.
In fact, main problem in native rlm_sql_ippool is that freeing of ip
is done via accounting section - and there is no analog of Stop packet
in dhcp (but it can be simulated,
The password is in the ldap server as one of attributes binded to the
user (userPassword: {CRYPT}something).
I posted the debugging info here and thanks a lot for your help!
1. crypt and mschap don't mix:
http://deployingradius.com/documents/protocols/compatibility.html
2. Even the encrypted
Alan DeKok wrote:
In fact, main problem in native rlm_sql_ippool is that freeing of ip
is done via accounting section - and there is no analog of Stop packet
in dhcp (but it can be simulated, using Lease-Time)
Yes. There is some work that needs to be done in order to integrate
DHCP into the
Fernando wrote:
ok, I have another question, is TNC_PATH has a default path to
libTNCS.so but i can't find libTNCS.so exists?
FreeRADIUS doesn't include library binaries for OpenSSL, PostgreSQL,
MySQL, LDAP, or TNC.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Evgeniy Kozhuhovskiy wrote:
Keep us informed :-)
As always, patches are welcome.
It's easy for me to do 1-2 line fixes. Re-writing the SQL IPPool
module to handle DHCP is not a priority, and will not be a priority for
a long time.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Alan DeKok wrote:
Evgeniy Kozhuhovskiy wrote:
Keep us informed :-)
As always, patches are welcome.
In fact, i'm thinking about it. I'll try :)
It's easy for me to do 1-2 line fixes. Re-writing the SQL IPPool
module to handle DHCP is not a priority, and will not be a priority for
a
Ah, OK. I've added the ability to update the flags via the flags
attribute.
Just checked out from cvs .. and got compile error:
creating .libs/radiusdS.c
(cd .libs gcc -g -O2 -c -fno-builtin radiusdS.c)
rm -f .libs/radiusdS.c .libs/radiusd.nm .libs/radiusd.nmS .libs/radiusd.nmT
gcc
Haralds Ulmanis wrote:
Just checked out from cvs .. and got compile error:
...
/root/freeradius/radiusd/src/main/listen.c:309: undefined reference to
`request_stats_reply'
Edit src/main/Makefile, and add stats.c to the SERVER_SRCS line.
It's in Makefile.in, but you probably didn't re-run
Jelle Langbroek wrote:
Hi,
I know it's plain English but I still can't figure out where the warning
is comming from and what I have to change. It finds the password, but
still gives the auth(failure):
You're running 2.0.4, and you need to install
raddb/sites-enabled/inner-tunnel.
Alan
/var/log/radius/radacct/172.16.27.37/auth-detail-20080620
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/
172.16.27.37/auth-detail-20080620
expand: %t - Fri Jun 20 15:25:59 2008
++[auth_log] returns ok
++[chap
hi,
this is very cool - i guess it would be handy to let remote
authorised machiens query it (trivial to have one central stats
store then) but still. I hope to see a lot of useful tools/widgets
using this. bit of RRDTool is calling.
alan
-
List info/subscribe/unsubscribe? See
[EMAIL PROTECTED] wrote:
this is very cool - i guess it would be handy to let remote
authorised machiens query it
Yes. But... it is a potential security issue to expose those
statistics to anyone who asks.
I could see external sites querying these statistics if:
- the connection is
Alan DeKok wrote:
[EMAIL PROTECTED] wrote:
this is very cool - i guess it would be handy to let remote
authorised machiens query it
Seconded.
Yes. But... it is a potential security issue to expose those
statistics to anyone who asks.
I could see external sites querying
Arran Cudbard-Bell wrote:
But it also kinda limits the usefulness of the feature. Couldn't you
place it in the hands of the server admins to decide which hosts can
query and which can't? Another configuration item in clients?
grumble
It's possible. I guess.
I think the safest thing to
I still can't get some clients to receive my dhcp packets.
After some more testing i figured out packet size differences.
In other dhcp server responses it's 342 bytes ... on radius dhcp server i've
618 bytes.
Is it possible to make send back messages as short as possbile ? :)
Also found some
Hi,
Yes. But... it is a potential security issue to expose those
statistics to anyone who asks.
obviously.
I could see external sites querying these statistics if:
- the connection is encrypted
- the client is querying a socket dedicated to Status-Server messages.
yep.
[EMAIL PROTECTED] wrote:
yep. now...although I'm thinking RADSEC could be involved...just
a new port that is properly firewalled would do. i guess
a 'statistics virtual server' would be the ideal thing.
Done. Listen type = status. In CVS.
i noted! grabbed the CVS to just have a look
Hi,
Done. Listen type = status. In CVS.
:-)
You have local modifications, and the CVS update didn't do a merge,
because it didn't know how.
okay. yup. auth.c - modified a while back now - was the
goodpass/badpass logging issue. removed and it now works
alan
-
List
Arran Cudbard-Bell wrote:
But it also kinda limits the usefulness of the feature. Couldn't you
place it in the hands of the server admins to decide which hosts can
query and which can't? Another configuration item in clients?
grumble
It's possible. I guess.
I think the
Tuc at T-B-O-H.NET wrote:
Maybe a quicker solution would be to enable libwrap for it?
I understand the changes to the code to support libwrap aren't too much,
and it can even be made optional via the ./configure .
Ugh. The IP configuration / filter in the server already does as
much,
Tuc at T-B-O-H.NET wrote:
Maybe a quicker solution would be to enable libwrap for it?
I understand the changes to the code to support libwrap aren't too much,
and it can even be made optional via the ./configure .
Ugh. The IP configuration / filter in the server already does as
- Original Message -
From: EvilEzh [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Friday, June 20, 2008 8:12 PM
Subject: Re: dhcp server (udp packet size)
I still can't get some clients to receive my dhcp packets.
After some more
Hi,
this is a weird one for ya'll.
windows clients (xp sp2 and what not) can be configured to pass there
credentials along to wireless when they authenticate to the computer(to
the AD domain). that seems to work fine.
then randomly it seems to stop working and their login seems to be
Hi,
In other dhcp server responses it's 342 bytes ... on radius dhcp server
i've 618 bytes.
Is it possible to make send back messages as short as possbile ? :)
Also found some references that dhcp clients can refuse messages if thay
are larger that expected.
Have schange defaulr packet
Hi,
Hi,
this is a weird one for ya'll.
windows clients (xp sp2 and what not) can be configured to pass there
credentials along to wireless when they authenticate to the computer(to the
AD domain). that seems to work fine.
then randomly it seems to stop working and their login seems to
I've net with over 1k dhcp clients.
Problem with packet size was with linksys routers. They have udhcp client.
Now it looks ok. Will do more testing.
In other dhcp server responses it's 342 bytes ... on radius dhcp server
i've 618 bytes.
Is it possible to make send back messages as short as
Hi,
I've net with over 1k dhcp clients.
so? you just sniff the traffic of one of them...or a limited subnet
of those. or, you sniff the traffic on a single client itself.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
All of them .. i've redundant(duplicate) dhcp server also :)
I tried to comapre response packets from both servers, new one (freeradius
dhcp) and old one. And understand what's different.
- Original Message -
From: [EMAIL PROTECTED]
To: FreeRadius users mailing list
Can someone explain more about subj.
Let see:
incoming broadcast 0.0.0.0 - 255.255.255.255 i can get thease packets
incoming broadcast 10.4.0.1-255.255.255.255 i can't get thease packets.
In another words, if there is ip address in source, i can't get thease
packets to process (mostly thease
Actualy i see in packet source x.x.x.x (client) - z.z.z.z (server).
replay is z.z.z.z - y.y.y.y (relay).
There is several retries from client. So i think clien't don't receive
packet from relay.
So if there is unicast from already configured client .. response should be
sent directly back to
btw .. it works anyway with dhcp relay set. So nothing to do with it.
With relay everything looks ok. :) It works. option 82 is also ok.
Actualy i see in packet source x.x.x.x (client) - z.z.z.z (server).
replay is z.z.z.z - y.y.y.y (relay).
There is several retries from client. So i think
Hi Leander and all,
In message [EMAIL PROTECTED], Leander S.
[EMAIL PROTECTED] writes
Yes, thanks I understood this. But the Reason why I'm asking is,
because I want to know about the version numbers which are required for
example with snmp - because I use FreeBSD 7.0 RELEASE and there might
David Wood wrote:
The correct way ahead with the FreeRADIUS SNMP code is widely
acknowledged to be a rewrite using AgentX - however the new statistics
code may turn out to be a better option. I wonder if the current SNMP
code will be retired now that the statistics code is available.
The
36 matches
Mail list logo