piston wrote:
I'm putting the following code under /etc/freeradius/site-available/default,
authorize section just after preproccess
if (User-Name =~ ^ABC\/) {
That is not a valid regular expression. See man unlang for the form
of regular expressions:
if (User-Name =~ /^ABC\//) {
You have to implement some (perl, PHP, shell) code to remove the 'stale
session' from your database.
Date: Fri, 6 Mar 2009 20:33:05 -0300
From: alexan...@ondainternet.com.br
To: freeradius-users@lists.freeradius.org
Subject: stop old open session and star new..
Hello,
How i can solve
Hi,
Hi
I'm putting the following code under /etc/freeradius/site-available/default,
authorize section just after preproccess
if (User-Name =~ ^ABC\/) {
update control {
Realm == %another_realm}
}
But i'm getting such error:
Expected
Hi all,
Does anybody know how to enable TLS Session Cache? To use the EAP-TLS
fast re-authentication.
Thanks,
Fernando.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Just a clarification, My freeradius version is 2.0.2 and I would like to
enable EAP-TLS session resumption.
Is it possible?
Fernando wrote:
Hi all,
Does anybody know how to enable TLS Session Cache? To use the EAP-TLS
fast re-authentication.
Thanks,
Fernando.
-
List
You enable that on your AP not your radius server.
Ivan Kalik
Kalik Informatika ISP
Dana 9/3/2009, Fernando fber...@um.es piše:
Just a clarification, My freeradius version is 2.0.2 and I would like to
enable EAP-TLS session resumption.
Is it possible?
Fernando wrote:
Hi all,
Does anybody
I have trying both
if (%{User-Name} =~ /^ABC\// ) {
update control {
Realm := 'another_realm'
}
}
if (%{User-Name} =~ /^ABC\// ) {
update request {
Realm := 'another_realm'
}
The same thing happens to me. I have peapv0 and ttls working but eap-tls
refuses to work with XP. t...@kalik.net on the list was very helpful in
finding that XP was ignoring the challenge because it could not find an
acceptable client cert even though one was present with the correct
OID's. We
I have trying both
if (%{User-Name} =~ /^ABC\// ) {
update control {
Realm := 'another_realm'
}
}
if (%{User-Name} =~ /^ABC\// ) {
update request {
Realm := 'another_realm'
}
Hi,
if (%{User-Name} =~ /^ABC\// ) {
if (%{User-Name} =~ /^ABC\// ) {
read a few online regex resources.
++? if (%{User-Name} =~ /^ABC\//)
expand: %{User-Name} - ABC/use...@my_realm
? Evaluating (%{User-Name} =~ /^ABC\//) - FALSE
++? if (%{User-Name} =~ /^ABC\//) - FALSE
this
t...@kalik.net wrote:
You enable that on your AP not your radius server.
No, in the AP you can use PMKSA caching. I want session resumption in
EAP-TLS which is enabled in RADIUS server. In Freeradius version 2.1.1 I
have seen that there is a section cache ...
cache {
No, in the AP you can use PMKSA caching. I want session resumption in
EAP-TLS which is enabled in RADIUS server. In Freeradius version 2.1.1 I
have seen that there is a section cache ...
cache {
#
# Enable it. The default is no.
[Thanks for the response. My original email was very lengthy, but at the
bottom
you can see a wireshark capture showing the packet arrival. (My understanding
is
wireshark is a pretty GUI based on tcpdump)
Yes, it arrived but can't get through the firewall. You say you are
using default
Hi !
We have a odd problem on one of our FreeRadius servers :
SunOS 5.10 Generic_13-03 sun4u sparc
Mon Mar 9 13:39:26 2009 : Error: Discarding duplicate request from client
hostname:1814 - ID: 179 due to unfinished request 2603
Mon Mar 9 13:39:32 2009 : Error: Discarding duplicate
According to the documentation, radiusd -C is supposed to Check
configuration and exit. I was assuming that would catch errors in the
configuration that might prevent it from restarting. However, if I
intentionally mangle the configuration to the point it won't start, the -C
check still
Fernando wrote:
Just a clarification, My freeradius version is 2.0.2 and I would like to
enable EAP-TLS session resumption.
Is it possible?
No.
If you want to use the cache, use a version that supports it (see the
changelog), and read eap.conf for how to configure it.
Alan DeKok.
-
Mike Diggins wrote:
According to the documentation, radiusd -C is supposed to Check
configuration and exit. I was assuming that would catch errors in the
configuration that might prevent it from restarting. However, if I
intentionally mangle the configuration to the point it won't start, the
Hi,
Mike Diggins wrote:
According to the documentation, radiusd -C is supposed to Check
configuration and exit. I was assuming that would catch errors in the
configuration that might prevent it from restarting. However, if I
intentionally mangle the configuration to the point it won't
Thanks it was the Linux firewall. I opened UDP ports 1812:1816 and everything
works
-Original Message-
From: mbhor...@aol.com
To: freeradius-users@lists.freeradius.org
Sent: Mon, 9 Mar 2009 9:08 am
Subject: radiusd server does not respond to radtest from another host
Hi,
Thanks it was the Linux firewall. I opened UDP ports 1812:1816 and
everything works
any reason for 1815 and 1816 ?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi all,
I use Freeradius 1.1.7 (yes, sorry I know it is a little bit old but
there is no time to upgrade :(
I want that the requests from some servers are checked and authenticated
through LDAP-Groups for example
Requests from IP x.x.x.x should be authenticate only if the user is in
ldap-group
a.l.m.bu...@lboro.ac.uk wrote:
2.1.3 was mentioned in the subject title...
Maybe I should read the messages.
radiusd -XC does most things okay here...
radiusd: Skipping IP addresses and Ports
Configuration appears to be OK.
though i did note from its reintroduction into the
Hi,
It checks:
a) if the configuration files are formatted correctly
b) if some modules can be loaded
If more things need to be checked, we will need a patch to add
that functionality.
much as thought. is it also the case that it only checks
stuff that can be 'HUP'd' ?
Guys,
I have a question about different failure modes in FreeRadius, basically I
want to differentiate between different scenarios of failures and return a
proper response (if any) to NAS device.
Failure example:
Backend database is down
Right now FreeRadius returns reject to NAS
rlm_sql (sql):
Hi,
Right now FreeRadius returns reject to NAS
rlm_sql (sql): Failed to connect DB handle #8
rlm_sql (sql): reconnect failed, database down?
rlm_sql_getvpdata: database query error
[sql] SQL query error; rejecting user
rlm_sql (sql): Released sql socket id: 8
++[sql] returns fail
Sending
a.l.m.bu...@lboro.ac.uk wrote:
much as thought. is it also the case that it only checks
stuff that can be 'HUP'd' ?
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Roar Pettersen wrote:
We have a odd problem on one of our FreeRadius servers :
...
Mon Mar 9 13:40:30 2009 : Error: WARNING: Unresponsive child (id 104)
for request 2604 (in component authenticate module rlm_pam)
PAM is blocking the server.
When this problem occur, then no radius
Thanks Alan
With this:
if (%{User-Name} =~ /^ABC\//) {
update request {
Realm := 'another_realm'
}
}
The regex is working by now, but the other problem exist, the rewrite not
working properly.
freeradius acct log shown that:
Tue Mar 10
Hi,
Thanks Alan
With this:
if (%{User-Name} =~ /^ABC\//) {
update request {
Realm := 'another_realm'
}
}
The regex is working by now, but the other problem exist, the rewrite not
working properly.
dont play with User-Name!
No. in my company we use a freeradius, not a TACACS, and we want to get
a control under some users which work on cisco console and for this we
would be like take a 'log command'. If you know how we make do that and
freeradius implemet this, please tell us or give a some howto, patch,
url etc.
Just as a quick example, I added this line to radius.conf:
$INCLUDE dsdfsdf/ # bogus line
radiusd -C doesn't complain:
[r...@rad01 raddb]# /usr/local/freeradius/sbin/radiusd -C
[r...@rad01 raddb]#
But:
Radius -XC does:
including files in directory
Mike Diggins wrote:
Just as a quick example, I added this line to radius.conf:
$INCLUDE dsdfsdf/# bogus line
radiusd -C doesn't complain:
[r...@rad01 raddb]# /usr/local/freeradius/sbin/radiusd -C
[r...@rad01 raddb]#
Err.. try echo $? after that. It doesn't print out log
Николай Г. Петров wrote:
No. in my company we use a freeradius, not a TACACS, and we want to get
a control under some users which work on cisco console and for this we
would be like take a 'log command'. If you know how we make do that and
freeradius implemet this, please tell us or give a
On Mon, 9 Mar 2009, Alan DeKok wrote:
Mike Diggins wrote:
Just as a quick example, I added this line to radius.conf:
$INCLUDE dsdfsdf/# bogus line
radiusd -C doesn't complain:
[r...@rad01 raddb]# /usr/local/freeradius/sbin/radiusd -C
[r...@rad01 raddb]#
Err.. try echo $? after
Ok! Where can I find information about howto make freeradius undarstand
a TACACS+ ?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Николай Г. Петров wrote:
Ok! Where can I find information about howto make freeradius undarstand
a TACACS+ ?
My email messages?
You need to write C code to implement the feature.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
I am running FreeRADIUS version 1.1.3. I'm trying to setup LDAP
authentication for Windows users accessing our networking devices especially
with Cisco switches and routers. Windows authentication is working properly
on my FreeRADIUS server, but I'm trying to figure out how to give
Thanks Alan for reply.
Connection to another backup DB from the same radius server will help only
if the primary DB has real problem. But if there is a network issue to
connect to DB and DB is fine just radius daemon fails to communicate to the
database so in this case radius needs not to respond
Hi there,
I get a little problem with Ubuntu 8.04 + freeradius + EAP/TLS/PEAP + mysql,
'couse I don't receive an Accounting package even response. In Ubuntu is
installed freeradius, mysql and open ssl.
Could someone help me with this?
Thanks
I finally got a chance to try to update the Wiki again. It worked
fine today. Anyway, there are now instructions for creating modules
for both Version 1 and Version 2.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Say I do not want to return reject in this case and I want the switch to
understand that radius is down and retry another radius server (a
backup/failover).
So call a script that executes killall radiusd - that should do it. But
that's insane.
Because if I return reject the NAS device treats
Does Huntgroup support only IP-Addresses or I can fill up Network
Addresses too?
It's not what huntgroups support but what does the attribute
(NAS-IP-Address) support. And it is an IP address, not network.
Or there is another workaround? Or maybe this issue is already changed
in the new version
Hi,
Err.. try echo $? after that. It doesn't print out log messages to
stdout unless you also do -X.
I was about to say the same thing - the man page clearly
states that it fails with a value - this is a shell fail,
not a human readble fail - exit value isnt 0
therefore something is wrong.
I am running FreeRADIUS version 1.1.3.
Why? Upgrade to current version.
I'm trying to setup LDAP
authentication for Windows users accessing our networking devices especially
with Cisco switches and routers. Windows authentication is working properly
on my FreeRADIUS server, but I'm trying to
I get a little problem with Ubuntu 8.04 + freeradius + EAP/TLS/PEAP + mysql,
'couse I don't receive an Accounting package even response. In Ubuntu is
installed freeradius, mysql and open ssl.
Is your NAS sending them? If it is, there is a firewall stopping them.
Ivan Kalik
Kalik Informatika
Thanks Ivan for your reply.
Regarding redundant databases:yes it can help because the problem will arise
only if all of them
sql1,sql2,sql3 are not reachable or dead.
We are keeping NAS table in database and do not use flat files
I am having another issue with readclients = yes option
I can't
I have two problems:
One is with compiling in mysql support. Despite using the following
./configure line ./configure --prefix=/usr/local/freeradius
--with-mysql-include-dir=/usr/local/mysql-5.1.30-osx10.5-x86/include/
--with-mysql-lib-dir=/usr/local/mysql-5.1.30-osx10.5-x86/lib/
it still says
Is your NAS sending them? If it is, there is a firewall stopping them.
Ivan Kalik
Kalik Informatika ISP
Thanks Ivan for fast reply,
So, I'm very newer with linux also freeradius. If you permit, how can I see if
the NAS send the account package? I'm using a ZINWELL G220 Plus and TP LInk
I am having another issue with readclients = yes option
I can't keep this option set to yes in all 3 files:
sql1.conf,sql2.conf,sql3.conf
I want to keep NASes in the database and use DB replication to all 3
databases so all 3 databases have exact same mirrored data.
The problem happens that it
So, I'm very newer with linux also freeradius. If you permit, how can I see if
the NAS send the account package? I'm using a ZINWELL G220 Plus and TP LInk
WA501G.
First run freeradius in debug mode (radiusd -X). If you don't see
accounting packets use wireshark. If wireshark can't see them
I want to keep NAS table replicated in redundant SQL servers for failover
reasons, is this fair?
Now, if NAS is kept only in one SQL server this will become a single point
of failure and if this particular DB fails then radius application cannot
just seemlessly failover to another redundant DB
leopold wrote:
I want to keep NAS table replicated in redundant SQL servers for failover
reasons, is this fair?
Yes.
How do you propose solving SQL NAS table replication challenge?
Use 2.1.4 when it comes out. I've fixed this problem, and this
behavior will be allowed.
Alan DeKok.
-
Doug Hardie wrote:
I finally got a chance to try to update the Wiki again. It worked fine
today. Anyway, there are now instructions for creating modules for both
Version 1 and Version 2.
Thanks.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Paul Bartell wrote:
Im am using the version from cvs.
What's CVS?
We've moved to git for new development. See git.freeradius.org.
My main machine is now a Mac. Trust me... it builds on a Mac.
It appears that freeradius is trying to compile a universal binary. On
a PPC machine I
Hi,
{cut}
There are some notes in the copy-acct-to-home-server example that talk
about automatic throttling of the reads depending on the backend. This
is what led me to question latency.
It might be a latency issue.
Is there any way to speed up the reading and shipping of acct records
Edwin Isada wrote:
I am running FreeRADIUS version 1.1.3.
Why?
I'm trying to setup LDAP
authentication for Windows users accessing our networking devices
especially with Cisco switches and routers. Windows authentication is
working properly on my FreeRADIUS server, but I'm trying to
56 matches
Mail list logo