-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alexander Clouter wrote:
> a.l.m.bu...@lboro.ac.uk wrote:
>>> No one in London wants to go to Sussex though and from my logs it does
>>> not look like anyway from Sussex wants to go to London either ;)
>>>
>>> If someone gives me something better to us
Hi,
on the client can then extract? this could tunnel traffic through
an 802.1X restricted network? in fact, is the inner EAP traffic limited
at all? once the authentication outer layer is started i should be
able to just keep throwing data back/forward through that tube?
Karl Auer wrote:
> On Sun, 2009-06-07 at 12:22 +0100, Alexander Clouter wrote:
>
>> I have been using DHCP with a LDAP patch that is getting harder and
>> harder to maintain. FreeRADIUS can pretty much do the same, I get to
>> keep my LDAP policy schema stuff (and write a unlang glue to use i
Alexander Clouter wrote:
> Arran Cudbard-Bell wrote:
>
>> Alexander Clouter wrote:
>>
>>> a.l.m.bu...@lboro.ac.uk wrote:
>>>
>>>>> No one in London wants to go to Sussex though and from my logs it does
>>>>
Karl Auer wrote:
> On Sun, 2009-06-07 at 14:09 +0100, Arran Cudbard-Bell wrote:
>
>> Karl Auer wrote:
>>
>>> DHCP failover and load-balancing are not simple *at all*.
>>>
>>>
>> They're trivial once you're storing
Fajar A. Nugraha wrote:
> On Sun, Jun 7, 2009 at 8:09 PM, Arran
> Cudbard-Bell wrote:
>
>> Karl Auer wrote:
>>
>>> On Sun, 2009-06-07 at 12:22 +0100, Alexander Clouter wrote:
>>>
>>>
>>>> I have been using DHCP with a L
Alexander Clouter wrote:
> Karl Auer wrote:
>
>> On Sun, 2009-06-07 at 14:09 +0100, Arran Cudbard-Bell wrote:
>>
>>> Karl Auer wrote:
>>>
>>>> DHCP failover and load-balancing are not simple *at all*.
>>>>
>&
Alexander Clouter wrote:
> Fajar A. Nugraha wrote:
>
>> On Sun, Jun 7, 2009 at 8:09 PM, Arran
>> Cudbard-Bell wrote:
>>
>>> Karl Auer wrote:
>>>
>>>> On Sun, 2009-06-07 at 12:22 +0100, Alexander Clouter wrote:
>>>>
Alan DeKok wrote:
> Arran Cudbard-Bell wrote:
>
>> There's no reason why you couldn't tunnel IPv4 so long as the packets
>> had a valid EAP header prepended to them. Send your EAP start, send the
>> identity response... then you can pretty much do whatever you
>
> #
> # Make Reply-Message RFC3748 2.6.5 compliant
> #
*
#
# Make Reply-Message RFC3579 2.6.5 compliant
#
Odd that the mime encoded GPG sig validates ok, but the in-line one
doesn't... I wonder what's going on there.
signature.asc
Description: OpenPGP digital signa
and it seems like a sensible feature so I'm sure Cisco et al will have implemented it too.
Arran
--
Arran Cudbard-Bell (a.cudbard-b...@sussex.ac.uk),
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex,
tokens.
Arran
--
Arran Cudbard-Bell (a.cudbard-b...@sussex.ac.uk),
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
GPG: 86FF A285 1AA1 EE40 D228 7C2E
ion messages on XP.
On Vista, an EAPHost API method can get them if they ask. A RasEap API
method is SOL, because they are discarded and not responded to, breaking
the protocol. (Ask me how I know ;^} ) Look for a forthcoming patch for
Vista.
Arran
--
Arran Cudbard-Bell (a.cudbard-b...@sussex.ac.u
Ok i'm going to try and draw this back into a central thread.
On 7/6/09 17:57, Karl Auer wrote:
On Sun, 2009-06-07 at 17:20 +0100, Arran Cudbard-Bell wrote:
For purposes of resilience there is absolutely no requirement for DHCP
servers to communicate with each other directly. They just n
a.l.m.bu...@lboro.ac.uk wrote:
> Hi,
>
>
>> It's not a good sign that we bicker about terminology. Suffice it to say
>>
>
> whilst it was interesting that FreeRADIUS got DHCP support - certainly
> for those that want to ensure policy actually works - I never thought we'd
> get to have such
SyNC - Synergous/Synchronous Network Control, also reads as (Sync)
SyNAC - Synergous/Synchronous Network Access Control
Arran
--
Arran Cudbard-Bell (a.cudbard-b...@sussex.ac.uk),
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, U
stances of ISC DHCPD started handing out duplicate leases completely arbitrarily. We scrapped the second instance and went
down to a single one. Haven't tried it again since.
It didn't work then... it may do now.
Arran
--
Arran Cudbard-Bell (a.cudbard-b...@sussex.ac.uk),
Authentication
On 9/6/09 14:20, Karl Auer wrote:
On Tue, 2009-06-09 at 14:07 +0100, Arran Cudbard-Bell wrote:
See earlier messages in this thread. I (a) found a theoretical issue
with the protocol, and (b) demonstrated it in a live system.
I missed it. What was it again?
When we tried it back in 2007
Stephen Bowman wrote:
> I have a broken NAS with a bad race condition, and need to delay
> responses to it (like "sleep 1;"). Is there an easy method (maybe via
> unlang?) to do this?
>
Simple solution would be to use the exec module with "sleep 1;"
Arran
signature.asc
Description: OpenPGP
the Authentication protocol used in
802.1X (WPA-Enterprise etc...).
[snip]
That's what I hope for. That people who mean to help really do help.
I have my answer. My problem is solved. I can jsut walk away. But that
doesn't help the next person who falls over the same shortfall in the
John Kane wrote:
> I've been asked to implement freeradius on a proprietary system that
> uses the concept of a password 'grace period', a brief time period
> during which both the old and new passwords should be allowed. Is this
> possible with freeradius?
>
> The system uses pptp client access (M
...
If this doesn't work, post the debug output. There are some issues with rcode
priority assignments and unlang, but they're possible to work around.
Arran
--
Arran Cudbard-Bell (a.cudbard-b...@sussex.ac.uk),
Authentication, Authorisation and Accounting Officer,
Infrastructure S
Original Message
Subject: Re: Old password 'grace period'
Date: Thu, 25 Jun 2009 12:11:07 +0100
From: Arran Cudbard-Bell
Organization: University of Sussex
To: t...@kalik.net
[snip]
I have tested something like this yesterday - it doesn't. You can't ju
ot;%{sql_old:SELECT}"
}
mschap
}
}
}
Arran
--
Arran Cudbard-Bell (a.cudbard-b...@sussex.ac.uk),
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of
d hashes created on first call to
rlm_mschap
update control {
NT-Password -= "%{control:NT-Password}"
LM-Password -= "%{control:LM-Password}"
}
mschap
}
}
Arran
--
Arran Cudbard-Bell
On 25/6/09 14:53, Arran Cudbard-Bell wrote:
On 25/6/09 12:01, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
I leave you guys alone for 5 minutes
8-) as i said, theres probably a way of doing it
*sigh* the Coffee excuse doesn't work past lunch time does it... (missed out
some curly b
- Some have said EAP and LDAP can't be combined because LDAP requires
plain text passwords here and EAP doesn't play ball in that manner
What EAP method are you using... The different EAP methods have different
requirements.
--
Arran Cudbard-Bell (a.cudbard-b...@su
On 26/6/09 15:19, Aaron Mahler wrote:
On Jun 26, 2009, at 10:00 AM, Arran Cudbard-Bell wrote:
- Some have said EAP and LDAP can't be combined because LDAP requires
plain text passwords here and EAP doesn't play ball in that manner
What EAP method are you using... The dif
can't use passwords stored on Ldap server.
It can with EAP-TTLS-PAP or anything else that provides a cleartext password.
--
Arran Cudbard-Bell (a.cudbard-b...@sussex.ac.uk),
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT Services),
E1-1-08, Engineering 1,
Alan DeKok wrote:
> Aaron Mahler wrote:
>
>> It is issued by GoDaddy and does trace back to a valid root cert that
>> I've found exists by default on my OS X systems.
>>
>
> This isn't a good idea for RADIUS systems. It means that the 802.1X
> clients will happily hand their credential
[JK] This works beautifully.I want to thank Arran and others for the
quick response. Very much appreciated.
Excellent. Glad to hear :)
Thanks,
Arran
--
Arran Cudbard-Bell (a.cudbard-b...@sussex.ac.uk),
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT
at the system can
send a username=password for authorization AND a proper authentication
can happen WITHOUT (hers a gotcha) the user doing something cute
like putting their username in as their password! ;-)
Slightly confused as to what you want... Try again without the caffeine ?
Arran
addresses ?
Arran
--
Arran Cudbard-Bell ,
Systems Administrator (AAA),
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2
-
List info/subscribe/uns
on a different port that does the authorisation job only.
its a little natty but seems the best way :-|
Can't you bind the same virtual server to multiple IPs? Less duplication...
Arran
--
Arran Cudbard-Bell ,
Systems Administrator (AAA),
Infrastructure Services (IT Services),
E1
Leighton Man wrote:
> Hi,
> I tar the entire raddb directory (from the level above), reinstall, and untar
> the original config over the top of the new one. That way I can keep multiple
> configs whilst experimenting and switch between them.
>
Just move the raddb directory to /etc/raddb and ch
ling users
to quickly and simply replicate the solution in their own environment.
Read the guide, posted here:
http://www.mysql.com/why-mysql/white-papers/mysql_wp_deploying_FreeRADIUS.php
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Arran Cudbard-Bell ,
Sys
the EAP stanza?
Arran
--
Arran Cudbard-Bell ,
Systems Administrator (AAA),
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2
-
List info/subscribe/unsubs
filtering mac address (calling-station-id) as username and password, so that
client can authenticate directly.
Please help me to configure freeradius so that i can implement that i explain
before.
Sure, see here http://wiki.freeradius.org/Mac-Auth
Regards,
Arran
--
Arran Cudbard-Bell
shivashankar wrote:
> hi ,
>
>
> give me assistence
>
> i new to freeradius
>
> how to convert radius request to SOAP request.
>
> is there any way to do this...
>
>
Yes using rlm_perl or rlm_python, but there are no standard scripts to
do this.
In my experience Web Service APIs can be
To: FreeRadius users mailing list
mailto:freeradius-users@lists.freeradius.org>>
Message-ID: <4a828b19.7070...@deployingradius.com
<mailto:4a828b19.7070...@deployingradius.com>>
Content-Type: text/plain; charset=ISO-8859-1
David Jansen wrote:
> Although passwords are filtered in radius log i do still see
unencrypted
> p
It used to get angry when you did that
--
On 12 Aug 2009, at 20:49, Alan Buxey wrote:
Hi,
default {
accounting {
if(Acct-Status-Type = 'stop'){
sql
or edit the required dialup.conf for the chosen SQL solution
and only have the STOP insert command there?
alan
-
Li
MD5 and
EAP-TTLS-PAP. But not with methods such as EAP-TTLS-MSCHAPv2 or EAP-PEAP.
Regards,
Arran
--
Arran Cudbard-Bell ,
Systems Administrator (AAA),
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
GPG: 86FF
themselves, then it'd be pretty easy to
write a small web app to look through the failure codes and convert them into
something humanly readable.
Arran
--
Arran Cudbard-Bell ,
Systems Administrator (AAA),
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Bri
e and
the next request is processed.
This also has the advantage of buffering requests in case of the remote server
goes down.
For additional Tees into other DBs,Remote server just create additional detail
writer/reader pairs.
Regards,
Arran
--
Arran Cudbard-Bell ,
Systems Administrator (AAA),
vol...@ufamts.ru wrote:
> Alan DeKok wrote:
>
>> What do you mean "duplicate records"?
>>
>> Alan DeKok.
>>
>
> If home server does not respond, FR does not respond too -> NAS repeats
> request -> FR writes request data to SQL again.
>
> So we got two problems:
> 1) repeating requests
> 2)
Hello!
You using ProCurve NAS then? Or have other people started using
Service-Type = 'Call-Check' to hint at Mac-Auth?
-Arran
>
> Alan Buxey wrote:
>
>>> It's that time of year to overhaul the cesspool that makes up my
>>> FreeRADIUS config files.
>>>
>>> I am running FreeRADIUS from git[1]
Hi,
Long time no see.
Indeed.
Arran Cudbard-Bell wrote:
You using ProCurve NAS then? Or have other people started using
Service-Type = 'Call-Check' to hint at Mac-Auth?
Cisco always have from what I can tell, well since they introduced mac
auth back roughly two or so years
1 20:10:39 2009
> rlm_detail: Freeradius-Proxied-To = 66.133.129.108
> ++[detail.dpi-proxy-tee] returns ok
> }
> Finished request 0.
> Cleaning up request 0 ID 24 with timestamp +2
> Going to the next request
> WARNING: Marking home server 66.133.129.108 port 1813 as zombie (it loo
Fajar A. Nugraha wrote:
> On Sat, Aug 22, 2009 at 7:59 AM, Arran
> Cudbard-Bell wrote:
>
>> On 21/08/2009 21:15, John Morrissey wrote:
>>
>
>
>>> Is decoupled-accounting (writing all detail to disk and replaying it
>>> serialized with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 23/08/2009 18:17, Fajar A. Nugraha wrote:
> On Sun, Aug 23, 2009 at 11:54 PM, Ivan Kalik wrote:
>>> On Sat, Aug 22, 2009 at 5:53 PM, Arran
>>> Cudbard-Bell wrote:
>>>> Fajar A. Nugraha wrote:
>>>>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 24/08/2009 16:46, John Morrissey wrote:
> On Sat, Aug 22, 2009 at 01:59:00AM +0100, Arran Cudbard-Bell wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> On 21/08/2009 21:15, John Morrissey wrote:
>&g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 24/08/2009 13:56, Alan DeKok wrote:
> Arran Cudbard-Bell wrote:
>> No, that'll get you the timestamp of when the packet was read back into the
>> server. The only way to calculate the original received timestamp is to
>&g
; FALSE
> .
>
> Could version 2.1.4 have a bug in this area ?
No. Wrong list. I think it's something like Proxy-Reply:Packet-Type, check man
unlang for details.
You didn't specify you were wanting to match a Proxied Accept in your original
post.
- -Arran
- --
Ar
e PMK.
Were mandating WPA2-AES for this academic year.
- --
Arran Cudbard-Bell ,
Systems Administrator (AAA),
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25
behaviour?
Arran Cudbard-Bell
a.cudba...@freeradius.org
Betelwiki, Betelwiki, Betelwiki http://wiki.freeradius.org/ !
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
chitect (UNIX and Networks), Network Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
> For IT help contact helpdesk extn. 2253,
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
> -
> List info/s
On 5 Mar 2012, at 12:28, Alan DeKok wrote:
> Mulindwa wrote:
>> Hallo there, i have an issue with my wimax setup, am trying to have my
>> users authenticate using the wonderful freeradius but still failing.
>>
>> Am suing WASN9970 and using freeradius 2.1.12,
>>
>> When i turn on radius using r
> > > Mon Mar 5 12:36:33 2012 : Debug: WARNING: Unprintable characters in the
> > > password. Double-check the shared secret on the server and the NAS!
> >
> > This message should be clear, no?
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.
ted in the DB are
> > different. You will need to fix the client password or update the DB.
> >
> > --Ward
> >
> >
> > --
> > View this message in context:
> > http://freeradius.1045715.n5.nabble.com/Authentification-tp5537600p5537725.html
>
On 7 Mar 2012, at 07:11, Tim White wrote:
> I'm wondering if anyone has worked out some way to translate reply messages
> easily?
> I'm guessing I probably need to make this happen on the GUI side of my
> application (Grase Hotspot), but what do other people do in a multi language
> environmen
?
Depends on the AP, some will send the NAS-Identifier attribute which you could
use to distinguish between them. Otherwise most will include a
Called-Station-ID attribute which *may* contain a Mac-Address associated with
the Access point, you'll need what your Access Point sends.
Arr
27;ll probably want to use a text field type and the built in SQL function to
concatenate the HP-Command-String field from multiple accounting update packets.
-Arran
Arran Cudbard-Bell
a.cudba...@freeradius.org
Betelwiki, Betelwiki, Betelwiki http://wiki.freeradius.org/ !
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
([-a-z0-9_.
]*)?/i){
Updated the wiki... Really I guess it should be
if(Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?(.*)?/i){
But you're the first one who's complained ;)
Arran
On 9 May 2012, at 09:51, Thomas Glanzmann wrote:
> Hello Alan,
>
>> Torsten Lehmann wrote:
>>> http://wiki.freeradius.org/ (or faq) returns:
>>> Forbidden
>
> * Alan DeKok [2012-05-09 09:44]:
>> It works for me. We upgraded the machine, and had a few problems with
>> editing the wiki. But i
I have problem editing the page, accessing is fine. But Arran seems to
> fix that.
Yep working on it, expect some downtime today whilst I try and cleanup the ruby
installation and Gollum... The upgrade to 12.04 has really messed things up.
Arran Cudbard-Bell
a.cudba...@freeradius.org
Betel
ow a 'Sponsored by' link at the bottom of the page, as they're
the company who's actually paying for the hosting ;)
Apologies for the down time/
Arran Cudbard-Bell
a.cudba...@freeradius.org
Betelwiki, Betelwiki, Betelwiki http://wiki.freeradius.org/ !
-
List i
On 10 May 2012, at 15:41, Alan DeKok wrote:
> Paolo Barbato wrote:
>> accessing http://wiki.freeradius.org
>>
>> return forbidden
>
> It works for me.
>
Might be an intermediary cache misbehaving? Is it an nginx forbidden message or
a tiny little non-descri
ggering in the CSRF prevention logic.
To diagnose i'd need a packet trace of a request to the wiki server.
-Arran
Arran Cudbard-Bell
a.cudba...@freeradius.org
Betelwiki, Betelwiki, Betelwiki http://wiki.freeradius.org/ !
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rg
>> [mailto:freeradius-users-
>> bounces+j.d.f.palmer=swansea.ac...@lists.freeradius.org] On Behalf Of
>> Arran Cudbard-Bell
>> Sent: 10 May 2012 14:53
>> To: FreeRadius users mailing list
>> Subject: Re: wiki problems...
>>
>>
>> On 10 May 2012, at 15:41, Alan DeK
On 10 May 2012, at 16:40, Paolo Barbato wrote:
>
> On 10/mag/2012, at 16:18, Arran Cudbard-Bell wrote:
>
>>
>> On 10 May 2012, at 15:55, Paolo Barbato wrote:
>>
>>> Glad to hear…it's has been working also for me in the past…now return
>>> &
Ok, just to let everyone know, that the 'Forbidden' error should now be fixed.
-Arran
Arran Cudbard-Bell
a.cudba...@freeradius.org
Betelwiki, Betelwiki, Betelwiki http://wiki.freeradius.org/ !
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
er.git
> Cloning into 'freeradius-server'...
> fatal: remote error: access denied or repository not exported:
> /freeradius-server.git
>
Fixed. Apologies; recently migrated to gitolite.
-Arran
Arran Cudbard-Bell
a.cudba...@freeradius.org
Betelwiki, Betelwiki, Betelwiki..
On 15 May 2012, at 21:26, mimir wrote:
> Hello,
>
> I want to add a custom attribute before replicate the accounting package
> with null value.
> I see that it is added successfully before replication, but when I check it
> on remote server, I can not see
> userid1 and userid2 attributes. Do you
essary documentations if it is possible and I can
> read and understand how.
>
> Thank you !!
Yes - Google radsec.
Arran Cudbard-Bell
a.cudba...@freeradius.org
Betelwiki, Betelwiki, Betelwiki http://wiki.freeradius.org/ !
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
n a
user is removed from the radcheck or radreply tables…
-Arran
Arran Cudbard-Bell
a.cudba...@freeradius.org
Betelwiki, Betelwiki, Betelwiki http://wiki.freeradius.org/ !-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 10 Jul 2012, at 14:56, perl-list wrote:
> We have a couple customers whose FreeRADIUS servers do not respond if a user
> does not exist on their FreeRADIUS system. If a user authenticates using
> username: idontexist and password: notarealpass the FreeRADIUS server does
> NOT send an acces
On 18 Jul 2012, at 12:07, Ferenc Tóth wrote:
> Hello!
>
> I'm having problems configuring freeradius with smsmotp. I did every step
> according to the materials found here:
> http://wiki.freeradius.org/Rlm_smsotp
>
> The problem is that freeradius doesn't start up succesfully. According to the
On 19 Jul 2012, at 01:11, Aldo Zavala wrote:
> Hi, everybody.
>
> I was reading the "Deploying FreeRADIUS with the MySQL Cluster Database"
> whitepaper downloaded from MySQL website, it mentions in "3.1 Deployment
> Topologies" section that MySQL cluster can be integrated with FreeRADIUS but
> This seems to be the case for duplicated connections, there are several
> accounting start requests sent within a few seconds from each other, all of
> them create a new accounting record, and no stop request is sent for these
> sessions.
I don't know about your original issue, but there's a
On 19 Jul 2012, at 08:52, Arran Cudbard-Bell wrote:
>
> On 19 Jul 2012, at 01:11, Aldo Zavala wrote:
>
>> Hi, everybody.
>>
>> I was reading the "Deploying FreeRADIUS with the MySQL Cluster Database"
>> whitepaper downloaded from MySQL website, it
> 1.- Although there are more options to achieve redundancy in MySQL I will
> choose either MySQL Cluster or MySQL Replication in which I believe (please
> correct me any time if I am wrong) you have the option of have a floating IP
> address,
> all nodes will be master in Cluster, and Master/S
On 20 Jul 2012, at 19:49, Simha wrote:
> All,
>
> Will FreeRADIUS support Proxim Wireless (IANA ID - 841) - Vendor Specific
> Attributes?
>
> I have few Tsunami 8000 - MP-8100-BSU and MP-8150-CPEs and need to provision
> VLAN and QoS using FreeRADIUS.
>
> Any information in this regard will
On 22 Jul 2012, at 11:56, Amir Tal wrote:
> Adding unique key to the database results in the following being returned
> from rlm_sql,
> What happen to accounting data when a duplicate entry is encountered?
> In addition, currently there is no scheduled clearing of the data in radacct
> table, w
The accounting section of rlm_sql has been modified to use reference based
accounting queries.
Accounting and post-auth now have their own subsections, and contain a config
pair called reference. The value of this is expanded to give a config path, and
the config pair this resolves to is used a
On 24 Jul 2012, at 10:34, Arran Cudbard-Bell wrote:
> The accounting section of rlm_sql has been modified to use reference based
> accounting queries.
>
> Accounting and post-auth now have their own subsections, and contain a config
> pair called reference. The value of this
On 23 Jul 2012, at 14:06, Amir Tal wrote:
> Dialup.conf :
>
> [root@RADIUS4 radius]# cat /etc/raddb/sql/mysql/dialup.conf
Looks ok… Could you build with the 2.1x head and post the debug output?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 24 Jul 2012, at 13:49, Phil Mayers wrote:
> On 24/07/12 13:26, Andrei Petru Mura wrote:
>> I'm running FreeRADIUS on a PC with a dual CPU of 2 GHz and 2 GB of RAM.
>> It is working with PostgreSQL database.
>> When I perform tests with radperf, running :
>>
>> radperf -s -f ../users.csv -p 80
On 24 Jul 2012, at 14:24, Alan DeKok wrote:
> Amir Tal wrote:
>> After additional debugging the fault seems to be with a rouge backup
>> process running on DB host, causing it to be slow to un-responsive for
>> 10-20 minutes.
>
> Stop that. The database used by the RADIUS server should ONLY be
On 24 Jul 2012, at 18:18, Arran Cudbard-Bell wrote:
>
> On 24 Jul 2012, at 14:24, Alan DeKok wrote:
>
>> Amir Tal wrote:
>>> After additional debugging the fault seems to be with a rouge backup
>>> process running on DB host, causing it to be slow to un
On 25 Jul 2012, at 14:57, Carl Pierre wrote:
> Hello:
>
> Is it at all possible to access this information within these modules? I am
> trying to code different behavior in my code based on IP.
NAS-IP-Address yes, Client-IP-Address maybe not, i'd have to check the code…
Are you definitely try
On 26 Jul 2012, at 09:20, alan buxey wrote:
> Hi,
>
>> Are there plans to enable reading of a new crl without restarting the
>> server?
>
> without severaly crippling performance, how?
You could add caching to the OSCP module and use that?
-
List info/subscribe/unsubscribe? See http://ww
On 27 Jul 2012, at 15:06, vazoumana fofana wrote:
> Hello every body,
>
> i got a question about linelog :
>
> Indeed i want to log and store any informations . I'm focusing on accounting
> data.
> The filename is linelog under logdir. I create linelog under
> /var/log/radius/linelog mys
On 27 Jul 2012, at 22:24, Alan DeKok wrote:
> David Peterson wrote:
>> I came up with that conclusion as well. I am going to use my known good
>> source.
>
> Please also say which supplicant you're using. Knowing *which*
> software is broken is useful.
>
Or even just posting the full debu
On 30 Jul 2012, at 01:04, Matthew Newton wrote:
> On Sun, Jul 29, 2012 at 07:39:52PM +, Khapare Joshi wrote:
>> I see Acct-Status-Type = Interim-Update in my detail log. does it mean
>> Acct-Status-Type = Alive ?
>
> No, it means Interim Update.
>
> You get Start at the beginning when the
On 4 Aug 2012, at 11:57, Matthew Newton wrote:
> On Sat, Aug 04, 2012 at 11:10:38AM +0200, Klaus Klein wrote:
>> Therefore I'm a bit puzzled that if no matching entry in users
>> is found that the authentication still takes place.
>
authorize {
files
if (notfound || noop) {
*sigh*
Don't use this configuration with wired 802.1X. As the user's identity is not
protected within the tunnel, someone sitting between your machine and the
switch could easily switch out identities at the start of 802.1X auth, and use
it of a way of performing privilege escalation.
Hm, you
On 6 Aug 2012, at 06:47, Alan DeKok wrote:
> lscrlstld wrote:
>> I´m making initial tests with FR 3 (from git) using default configs with
>> mysql db, but have mysql error.
>>
>> Debug info:
>> rlm_sql_mysql: MySQL error 'You have an error in your SQL syntax; check the
>> manual that correspond
On 6 Aug 2012, at 23:05, "lscrlstld" wrote:
The %{Event-Timestamp} used in query have a wrong date/time format, it
>> is
not the timestamp.
>>>
>>> Yes. That's why the "master" branch uses %{integer:Event-Timestamp},
>>> which causes the timestamp to be printed as a Unix 32-bit numbe
On 10 Aug 2012, at 12:43, Alan DeKok wrote:
> Stefan Winter wrote:
>> Hi,
>>
Anyway, adding an example would still be nice :-)
>>> Submit a patch, or edit the wiki? :D
>>
>> Here goes a unified diff - took the statement from sql/mysql/dialup.conf.
>
> Looks good to me, thanks.
Crazy id
>
> Do you have a SAN that you could utilize? For performance, I’d suggest a
> MySQL Cluster running on something with quite a few spindles. The SAN
> provides great performance in that arena. Otherwise, you are looking at
> having to do a Master/Slave scenario for MySQL DB Replication
(cit
501 - 600 of 1463 matches
Mail list logo
