o.k deinstalled the package and package manager I was using, installed
homebrew, installed latest openssl and talloc and ….. just compiled and
installed. Simples!
Thanks for that
A
On 9 Oct 2013, at 11:54, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
On 9 Oct 2013, at 11:21, Alex
On 10 Oct 2013, at 12:02, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
On 10 Oct 2013, at 10:44, Alex Sharaz alex.sha...@york.ac.uk wrote:
o.k deinstalled the package and package manager I was using, installed
homebrew, installed latest openssl and talloc and ….. just compiled
Just got a wee bit of trouble linking in the talloc libraries, but I'm sure
its not insurmountable
A
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Is anyone out there load balancing RADIUS with an F5 load balancer? We're doing
it here, but I can't help thinking that the actual load balancing algorithm
need some tweaking.
As far as I'm aware ( systems section support the F5 boxes)
1). We're using round robin to spread the load over
On 9 Oct 2013, at 10:16, Fajar A. Nugraha l...@fajar.net wrote:
On Wed, Oct 9, 2013 at 3:41 PM, Alex Sharaz alex.sha...@york.ac.uk wrote:
While we have 900 switches doing mac and 802.1x based auth, we can have 6000+
users on our wireless network all authenticating to RADIUS via 3 RAS clients
you don't know how hard it was to wait till the official release :-)
A
On 9 Oct 2013, at 10:19, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
Just got a wee bit of trouble linking in the talloc libraries, but I'm sure
its not insurmountable
Alan uses OSX so I'm *SURE* it compiles fine with the
Many thanks for this Olivier, much appreciated
Rgds
A
On 9 Oct 2013, at 11:07, Olivier Beytrison oliv...@heliosnet.org wrote:
On 09.10.2013 11:25, Olivier Beytrison wrote:
On 09.10.2013 10:41, Alex Sharaz wrote:
I was wondering if there's a way off having a bit more granularity in terms
On 9 Oct 2013, at 10:19, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
Just got a wee bit of trouble linking in the talloc libraries, but I'm sure
its not insurmountable
Alan uses OSX so I'm *SURE* it compiles fine with the right support stuff
present - you
should have been compiling it
2013, at 11:21, Alex Sharaz alex.sha...@york.ac.uk wrote:
you don't know how hard it was to wait till the official release :-)
A
brew install talloc
brew link talloc
./configure
make
make install
?
Arran Cudbard-Bell a.cudba...@freeradius.org
FreeRADIUS Development Team
-
List
Hi,
Yesterday caught an email about the release of FR 2.2.2 on Monday to fix a
proxy problem. As I've just migrated 2 of my servers from 2.2.0 to 2.2.1 the
sudden release of 2.2.2 sounds important. What does 2.2.2 fix?
Rgds
Ale
x
-
List info/subscribe/unsubscribe? See
On 4 Oct 2013, at 10:37, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
On 4 Oct 2013, at 10:19, Alex Sharaz alex.sha...@york.ac.uk wrote:
Hi,
Yesterday caught an email about the release of FR 2.2.2 on Monday to fix a
proxy problem. As I've just migrated 2 of my servers from 2.2.0
Hmm
like these then?
Fri Oct 4 11:24:12 2013 : Info: WARNING: Child is hung for request 17630 in com
ponent core module thread.
Fri Oct 4 11:24:13 2013 : Info: WARNING: Child is hung for request 17635 in com
ponent core module thread.
Fri Oct 4 11:24:14 2013 : Info: WARNING: Child is hung for
Woah! that's getting g to be lots of beer.
I'll run it on one of my outward facing servers. Point me at something I can
build and run
A
On 4 Oct 2013, at 14:33, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
If I asked particularly nicely, and promised you a beer at the next
networkshop
we were
Works here just fine. Once you've created the correctly formatted value for the
radius attribute FR displays it as an integer but whatever happens in the
background the HP switch just does its stuff
Rgds
A
Sent from my iPhone
On 6 Aug 2013, at 00:39, Andy a...@brandwatch.com wrote:
Hello,
Hi,
I've written a mysql stored procedure that accepts 2 arguments, the nas-ip
address of one of our (HP) switches and the calling station Id of a network
client ( it's a MAC auth so the User-Name=Calling-Station-Id below). The
procedure then queries various back end database tables to
On 20 May 2013, at 17:16, Phil Mayers wrote:
On 20/05/13 16:55, Alex Sharaz wrote:
In this case I've got
Tmp-String-0 := %{sql:call
get_vlan_id('%{NAS-IP-Address}','%{User-Name}')}
get_vlan_id accepts two varchar arguments.
Which, when I run radiusd -X -d /etc/freeradius
Many thanks Phil, all sorted.
Wrapping the sql: statement with an update control fixed the Unknown Action
error. Haven't checked that I'm returning the correct stuff yet, but I'm past
this particular problem
Rgds
Alex
On 20 May 2013, at 17:16, Phil Mayers wrote:
On 20/05/13 16:55, Alex
Andy,
What version of FreeRadius are you using?
I *think* that unless you are using the git source for 2.2.1, post-auth reject
is broken. There was some stuff I was doing a few months ago that got fixed in
2.2.1 … but I'm getting old and can't remember all the details :-(
On 10 May 2013, at
Be nice to hear true solution to this as the same thing happens to me for the
nas-ip-address attribute
A
On 26 Apr 2013, at 15:41, Wang, Yu ywan...@fsu.edu wrote:
Hi, Alan,
Thanks for the suggestion. I added log_request_attributes; in authorize
function and it already has sub
What 'I'm doing at the moment. For our outward facing radius servers, with any
inbound auth requests from york users elsewhere, I normalise the username in
the Access-Accept packet to have the york.ac.uk realm appended if its not there
A
On 18 Apr 2013, at 16:43, Nick Lowe nick.l...@gmail.com
So which id are you talking about?
if its the outer and the user has configured the machine correctly, all you're
going to see is @realm - not much use other than it's that institution
if its the inner then o.k. you've got a realm from the outer user-name and a
userid from the inner but any
Hi,
There don't seem to be many examples relating to using perl to access remote
databases…. in fact there don't seem to be many perl examples at all.
Got example.pl configured a wee bit and running on test server but could do
with a better db related example.
Unfortunately my perl skills
On 8 Apr 2013, at 13:32, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
There don't seem to be many examples relating to using perl to access
remote databases…. in fact there don't seem to be many perl examples at all.
thats because its a PERL issue not a FreeRADIUS one :-)
:-))
but its perl
upon
whether it's an access-request or an access-reject.
Is there something wrong with that logic?
Rgds
alex
On 8 Apr 2013, at 14:10, Alex Sharaz alex.sha...@york.ac.uk wrote:
On 8 Apr 2013, at 13:32, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
There don't seem to be many examples relating
On 8 Apr 2013, at 14:24, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
In post-auth I want to
extract the nas-ip address and calling station-id of the client device
open a db connection and perform a query that'll let me decide what vlan-id
to send back in the access-accept packet
write radius
ok.
This looks easier
Thx
A
On 8 Apr 2013, at 15:18, Phil Mayers p.may...@imperial.ac.uk wrote:
On 08/04/13 14:47, Alex Sharaz wrote:
On 8 Apr 2013, at 14:24, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
In post-auth I want to
extract the nas-ip address and calling station-id of the client
That's fine then, that's where I'm doing this
A
On 8 Apr 2013, at 15:49, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
Why auth and not post-auth? I'm working on the basis that the stuff I do
doesn't have anything to do with the actual auth process, in post-auth I'm
doing things like setting
Hi,
I'm running FR2.2 on my osX server at home. At the moment I'm just invoking it
from the command line. Given that osx comes with FR 2.1.10 preinstalled (
supplied version disabled), what's the best way of auto starting the git built
2.2 version on os x? Replace /usr/sbin/radiusd with a
Hi.,
I've been running ntlm_auth to authenticate our 802.1x users against AD for a
number of months without problems…… until this morning when our Systems group
tightened up auth requirements to only use NTLMv2. and my ntlm_auth module
started failing
I'm running FR van 2.2 and samba Vsn 3.6.3
Phew!
o.k. many thanks for this phil. I'll probably have a bash at this but, as I've
done it before, just setting up radiator as something that just says yes/no
sounds a lot easier :-))
Rgds
Alex
On 26 Mar 2013, at 15:27, Phil Mayers p.may...@imperial.ac.uk wrote:
On 26/03/2013 15:09, Phil
On 26 Mar 2013, at 15:00, Phil Mayers p.may...@imperial.ac.uk wrote:
On 26/03/2013 14:21, Alex Sharaz wrote:
Hi., I've been running ntlm_auth to authenticate our 802.1x users
against AD for a number of months without problems…… until this
morning when our Systems group tightened up auth
On 26 Mar 2013, at 15:47, Alan DeKok al...@deployingradius.com wrote:
Alex Sharaz wrote:
o.k. many thanks for this phil. I'll probably have a bash at this but, as
I've done it before, just setting up radiator as something that just says
yes/no sounds a lot easier :-))
I doubt
I the past I've tail'd a log file ( this was for squid and not freeradius)
and piped that into a perl script that would then write things into a database
but it's a lot easier using syslog talking to an rsyslog back end database
that writes things into a database for you.
Rgds
alex
On 25 Mar
Hi,
i'm in the process of setting up cui for visitors hear and for york user
visiting other institutions.
In the case of visiting eduroam users to our site, on an internal RADIUS server
I've got
pre-proxy {
if (Packet-Type == Access-Request) {
cui_authorize
#
Sigh!
Should have thought of that. Thanks,
moved cui config to post-auth and it's up and running now
Rgds
Alex
On 19 Mar 2013, at 10:24, Scott Armitage s.p.armit...@lboro.ac.uk wrote:
On 19 Mar 2013, at 10:11, Alex Sharaz alex.sha...@york.ac.uk
wrote:
Hi,
working on the basis
so is that done as in post-auth in the inner-tunnel now works?
Rgds
Alex
On 13 Mar 2013, at 20:14, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
On 13 Mar 2013, at 13:19, Matthew Newton m...@leicester.ac.uk wrote:
On Wed, Mar 13, 2013 at 12:58:15PM -0400, Arran Cudbard-Bell wrote:
Yup works just fine thanks
Rgds
Alex
On 14 Mar 2013, at 14:22, Matthew Newton m...@leicester.ac.uk wrote:
On Thu, Mar 14, 2013 at 10:10:28AM +, Phil Mayers wrote:
On 03/14/2013 09:36 AM, Alex Sharaz wrote:
so is that done as in post-auth in the inner-tunnel now works?
Should be. Please
Any UK eduroam free radius sites out there implementing CUI that I could talk
to/test out my configs with?
Rgds
Alex
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
2013, at 17:01, Alex Sharaz alex.sha...@york.ac.uk wrote:
Any UK eduroam free radius sites out there implementing CUI that I could
talk to/test out my configs with?
I have at Loughborough. What would you like to know?
Regards
Scott
-
List info/subscribe/unsubscribe? See http
Hi,
I've got a number of FR 2.2.0 servers that invoke sql_log in the inner-tunnel
post-auth in order to write user-name some other attributes into a back end
mysql database server and it all works. If I've got non-eap requests coming in
, the default site deals with it. If I've got eap-based
Hi,
I've just downloaded,compiled and installed the latest version of 2.2 (2.2.1?)
from git.freeradius.org.
Installed it on an internal server and things seemed to work o.k. I then
upgraded another server that deals with our external ( eduroam) connectivity
and within a few mins am seeing
Though you might say that. Running FR in debug mode now
A
On 7 Mar 2013, at 11:18, Olivier Beytrison oliv...@heliosnet.org wrote:
On 07.03.2013 11:32, Alex Sharaz wrote:
Hi,
I've just downloaded,compiled and installed the latest version of 2.2
(2.2.1?) from git.freeradius.org.
Installed
On 7 Mar 2013, at 11:36, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
The server is basically proxying off auth requests to remote RADIUS servers.
Is the above just telling me that the other end is taking a while to reply
or is there some underlying issue?
what is your retry time set to on the
On 7 Mar 2013, at 12:15, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
response_window = 5
thats a little low. the default provided with FreeRADIUS is 20 IIRC - and
you need to ensure that theres correlation with the NAS
o.k can't remember where I got that value, suspect it was
Thanks for this one Alan, fixes one of my outstanding issues
Rgds
Alex
Sent from my iPhone
On 8 Feb 2013, at 17:59, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
* there is one problem that FreeRADIUS doesn't return the inner ID into the
outer one when using EAP-TTLS (but does when using EAP-PEAP),
Hi all,
I've inherited a pair of Freeradius servers running Vsn 2.10 and have build a
new server around the 2.2 source code. All of these servers exhibit the same
problem in that after a SIGHUP to reload their configuration files the
sometimes crash.
Firstly the 2.1 servers
We have 2 of them
Hi All,
I'm sure the answer to this is nope, but ...
At a recent Aruba training course in amongst the documentation supplied to us
were a couple of presentation slides showing different types of eap
authentication against recommended RADIUS servers for use with Aruba equipment
(Just to be
-Timeout anomalies (Alan DeKok)
5. Any interoperability issues with Aruba and Freeradius
(Alex Sharaz)
6. Re: MAc-Auth with EAP (Tunde Ogedengbe)
--
Message: 1
Date: Fri, 08 Feb 2013 10:10:05 -0500
From: Alan
Alex Sharaz wrote:
Anyone else seen serve crashes on a reload?
Unfortunately I've seen this before. I haven't seen enough
information to track it down and fix it, though.
|One workaround is to just do a restart instead of a reload. It's
|not likely to make much of a difference
Aruba now say they only support eap-tls and eap-peap when you offload eap onto
their mobility controllers.
Rgds
Alex
On 8 Feb 2013, at 16:46, freeradius-users-requ...@lists.freeradius.org wrote:
Re: Any interoperability issues with Aruba and Freeradius
-
List info/subscribe/unsubscribe? See
(Alan DeKok)
5. Any interoperability issues with Aruba and Freeradius
(Alex Sharaz)
6. Re: MAc-Auth with EAP (Tunde Ogedengbe)
--
Message: 1
Date: Fri, 08 Feb 2013 10:10:05 -0500
From: Alan DeKok al
I have to say that in their defence, the eap offloading is switched off by
default and you do actually have to switch it on.
A
On 8 Feb 2013, at 17:27, Alan DeKok al...@deployingradius.com wrote:
Alex Sharaz wrote:
Aruba now say they only support eap-tls and eap-peap when you offload
eap onto
* there is one problem that FreeRADIUS doesn't return the inner ID into the
outer one when using EAP-TTLS (but does when using EAP-PEAP), but this is
nothing Aruba-specific and probably a configuration error in FreeRADIUS on
our part.
I've got a strange thing here as well. In the
:31, Alan DeKok al...@deployingradius.com wrote:
Alex Sharaz wrote:
And from the control-socket code
In older versions of the software. Version 2.2.0 does *not* have that
text.
The servers are in a production environment. I'd really like to try just
reloading the passwd module to see
54 matches
Mail list logo