ubscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
PG
Hi,
is the firmware on that iPad particularly old? Or maybe your OpenSSL on
the server side?
Things like mismatching cipher requirements or "force secure
renegotiation" might cause some of these issues.
Greetings,
Stefan Winter
Am 19.09.13 06:27, schrieb val john:
> hi guys
>
ple scripts could be put into source/raddb/mods-config, and
installed from raddb's own part of "make install".
That way, if I move raddb out of the way, nothing bad will happen; both
the current content of raddb and all the script examples will be ignored.
Greetings,
Stefan Wint
s not nice if one module makes assumptions about a part of the
directory structure it doesn't control. Nothing stops me from deploying
a raddb with the configs lying in
"raddb/modules-configuration-information/ and it would be very undue if
the stock build process bails out on failur
reason it knows about /usr/local/freeradius/config/raddb
at all)
I believe that way to make "make install" ignore raddb used to work with
rc0 and numerous GIT snapshots.
Greetings,
Stefan Winter
>
> Behaviour changes since release_3_0_0_rc0:
> * Fixed many more compiler war
Hi,
>> The fix still needs config changes with a bit of a hackish workaround -
>> read the thread til the end to get all the goodness.
> I tested some of the hashes that were giving me trouble and they all
> worked with the current branch version. I also read all the thread,
Glad to hear that :-)
Hi,
> http://lists.freeradius.org/pipermail/freeradius-devel/2013-May/008046.html
> http://lists.freeradius.org/pipermail/freeradius-users/2013-May/066440.html
>
> I also did everything that Stefan Winter did - gdb live server,
> valgrind, look at the source, compare with 3.0 - a
INSTALL rlm_soh.la
make: *** No rule to make target
`/usr/local/freeradius/config/raddb/mods-config', needed by
`/usr/local/freeradius/config/raddb/mods-config/perl'. Stop.
Do I need to mkdir and touch all subdirs as well?
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondatio
parses neither as
an IPv4, nor a hostname, but as an IPv6 address. Both are unambiguous
and could be auto-detected.
That would add a little user-friendliness for users who didn't have
enough sleep :-)
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l&#
-localhost is in my /etc/hosts. I'd expect both of these to work...
no brackets also doesn't work, but that was just my last straw and
doesn't have to work anyway.
Does radtest not support IPv6? I could have sworn it did IPv6 earlier,
but not totally sure.
Greetings,
Stefan Win
;
> Stefan
>
> On 16.07.2013 15:15, Alan DeKok wrote:
>> Stefan Winter wrote:
>>> (0) ERROR: %{#User-Password}
>>> (0) ERROR: ^ Unknown attribute
>>> (0) ERROR: Evaluation of condition failed for some reason.
>>> (0)else else {
>>> (0
Hi,
I'd love to try.
looking at GITHUB's master branch, I see that the latest commit was 5
months ago, and the last tag is 3_0_0_beta1 ?
There's also no other branch name that suggests recent versions.
Anything wrong with github?
Stefan
On 16.07.2013 15:15, Alan DeKok wrote:
coming
request's User-Password attribute, and see if it's exactly 96 Bytes.
I don't know why the # triggers an "unknown attribute"? Looks like a bug
to me...
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformati
structure, but it works!
I'll now start issuing actual requests for all my vservers.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembo
oesn't have file names.
The only filename I see in the sql config is sqltracefile. Maybe that's
it, but with that parameter description, the semantics would be a rather
horrible mismatch.
NB: README.rst doesn't mention the death of sql_log nor that sql (null)
is its replacement.
Hi,
On 15.07.2013 10:24, Alan DeKok wrote:
> # mv raddb raddb-noinst
> # mkdir raddb
> # touch raddb/all.mk
> # make install
that's easy enough, thanks!
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education National
Replace with null makes it look like the config parameter doesn't exist
any more; while it simply moved into security { }.
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhov
irs is
lower; due to the server not creating new modules in modules/ any more;
these days, it can mess with mods-available as it likes.
But still, the hygiene I could apply to my config previously was nice.
Any chance to get this back?
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de R
which is free and tailored to
eduroam.
It will install private CAs just as fine and automated as it does
commercial CAs.
Greetings,
Stefan Winter
>
> Arran Cudbard-Bell
> FreeRADIUS Development Team
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/l
esses. There's not much use
case for this.
Greetings,
Stefan Winter
Am 23.05.13 16:11, schrieb Michael Sherman:
what does this do...
client fe80::215:17ff:fed0:d278 {
secret = test
shortname = test-net
nastype = other
}
... ?
alan
-
List in
> at threads.c:537
> fun = 0x408910
> self = 0x12740a90
> #14 0x003c6d00683d in start_thread () from /lib64/libpthread.so.0 No
> symbol table info available.
> #15 0x003c6c0d500d in clone () from /lib64/libc.so.6 No symbol table info
> availabl
Hi,
> RADSEC
These days, the more proper answer is: RFC6614
http://tools.ietf.org/html/rfc6614
:-)
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembo
, which seems to be a "no".
Of course I'm fixing my config by making the yes explicit - but maybe adapting
the defaults in realms.c might be a little more consistent behaviour.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Télé
, two-line patch which prevents this (admittedly not totally
clean), please see my message to -devel on 12 Oct 2012, titled "SIGTERM
-> SIGSEGV".
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale
y it would be easier to automate the creation of the realms list.
Sure. Just do exactly that.
Stefan
>
> Is there a better way of doing this?
>
> Thank you,
> Bertalan
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
ase
> tell me how could i send request to server using EAP-TLS
> authentication method.
Either by using a real EAP supplicant (Windows machine, Mac OS, ...) or
for a command-line test use eapol_test, which is part of wpa_supplicant.
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fon
ute, and strongly encrypted between
the source (user device) and the home RADIUS server at cru.fr. As an
intermediate party, this is all you will get.
Why are you interested in other users' passwords?
Greetings,
Stefan Winter
>
> Thanks
>
>
>
>
> -
> List info
nformation of that kind as a by-product of a
configuration assistant tool which identity providers may use to make
their lives easier, and then maybe we could generate numbers from that.
Don't hold your breath though.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation
:" ?
>
> In general, my question is:
> Can anyone of modules process any content of packets *without replacing
> and updating original attribute value* by regex, unlang before output of
> logging? just for logging purpose. Or it's necessary to use Perl?
See modules/
t;> Alan DeKok.
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Stefan WINTER
Ingenieur de Recherche
Fonda
nSSL include files. The way to test this is to
> rename / move them, do the build, and then the install.
>
> If it now works, it was picking up OpenSSL X, and linking against
> OpenSSL Y.
Hm, okay... will do.
Stefan
>
> Alan DeKok.
> -
> List info/subscribe/unsubscr
epetition of that attribute is NOT an error; it's there to inflate
the packet beyond 1500 bytes to trigger UDP fragmentation (this is our
Nagios testing).
In 2.2.0 against the old openSSL version, everything works fine -
Access-Accept. Any hints?
Greetings,
Stefan winter
--
Stefan WINTER
In
ary some time last week,
where it gets plenty of non-EAP requests and accounting stuff, too.
Works like a charm.
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-13
Hi,
>> Anyway, adding an example would still be nice :-)
>
> Submit a patch, or edit the wiki? :D
Here goes a unified diff - took the statement from sql/mysql/dialup.conf.
Greetings,
Stefan Winter
--- sql_log.orig2012-08-10 11:05:49.690247808 +0200
+++ sql_log 2012
t. Sorry for the noise.
Anyway, adding an example would still be nice :-)
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +
lues of Acct-Status-Type?
That would be cute; but it's hard to find - one has to go into the code.
So if I'm right with that, could the documentation in modules/sql_log be
updated for 2.2.0? At least adding it as an example like the others
would be nice.
Greetings,
Stefan Winter
--
Stefa
I wonder how to send stuff to sql_log when an On/Off arrives... guessing
that I'm simply overlooking something.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coude
rimary,
and did something that never worked, also not with 2.1.12.
Now working fine with 2.2.0-pre.
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Te
e nor the server; primary and backup run the
same configuration - synced via SVN.
I can revert back to 2.1.12 on the backup to verify that that fixes it to be
sure...
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
Access-Accepts.
It's running only since a few minutes, so hard to make a long-term
prediction, but at least there's no immediate problem in sight.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nation
> Telecom, tome seus cuidados para garantir a ausência de vírus neste
> e-mail, a empresa não se responsabiliza
>
> por quaisquer perdas ou danos decorrentes do uso da mensagem e seus
> anexos. A segurança e ausência de
>
> erros na transmissão do e-mail não podem ser garantidas,
EAP-SHA1, it does not make sense to add a sha1 { }
section in eap.conf.
The replacements for MD5 in EAP are things like TTLS, PEAP, TLS, and
others. They are mentioned in eap.conf. If you want to get rid of
EAP-MD5, configure one of those.
Greetings,
Stefan Winter
On 11.07.2012 21:17, Si St
der" with an Accounting-Stop, the
temporary entry in $cui_table gets deleted, and the new session gets the
new one. If not, since the key of CSI and Client-IP is identical, the
new session overwrites the CUI value of the previous one.
This should also explain your subsequent queries below.
G
ld us *what* the problem is. Looking at what you
write, you have a working FreeRADIUS, working openLDAP backend, and have
configured it to do IEEE 802.1X on a WiFi access point.
That is 99% of what eduroam needs. So, what's missing?
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieu
tensions remained, but will be changed to .php in the future. There is
NO php3-only code in these files.
Greetings,
Stefan Winter
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
assword or NT hash, or access
>> to an mschap "oracle" like ntlm_auth running on Samba as a member of the
>> domain.
>>
>> If you don't have those, you can't do PEAP/MSCHAP, and your options are very
>> limited.
>>
>> EAP-TLS, perhaps?
>>
>&
Hi,
both methods worked: moving into authorize (but after calling the suffix
module, which sets Stripped-User-Name), and also the "ok" hack in
authenticate.
We chose to move to authorize, as it's more easily understandable.
Thanks for the help!
Greetings,
Stefan Winter
On 0
answer for later.
Thanks,
Stefan
On 09.05.2012 09:56, Alan DeKok wrote:
> Stefan Winter wrote:
>> noone with a hint?
>
> Hmm... the default return code for things in the "authenticate"
> section is "reject". And the "update" sections just pass
Hello,
noone with a hint?
Stefan
On 07.05.2012 11:13, Stefan Winter wrote:
> Hi,
>
> at a client's site, I have to some chopping off parts of User-Name,
> pretty straightforward, but for some reason it doesn't work (2.1.12):
>
> In inner-tunnel, aut
ands
nicely... and then, the "update request" group returns reject?!?
I tried to use update control instead, which fails too, and used a non-internal
attribute for that name as well. It just won't work.
Is that maybe one of the known quirks in 2.1.12? Would using the current
ike it though,
SHA seems to be synonymous for SHA-1.
Can I get a quick confirmation that the SHA-2 family is not supported
for password hashes? Anything coming up in that regard in 3.0?
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de
ned CA or not; merely the actual import of the
certificate file can be omitted if the CA is shipped.
I.e. you don't gain a lot, and spend more money when using a "trusted"
CA, so in the vast majority of cases, it is the wiser way to use a
self-signed CA.
Greetings,
Stefan Winter
the username for that is
"Manager" and the LDAP server is "radius.example.com".
I believe these are the default (shipped) values that come with
FreeRADIUS. Replace them with the *real* login details of your LDAP
admin account.
In general: *read* the debug output and *
Please don't write private mail to me with FreeRADIUS questions.
Forwarding to freeradius-users.
Original Message
Subject:ldap-radius integration
Date: Fri, 30 Mar 2012 12:35:53 -0700
From: exu...@gmail.com
To: stefan.win...@restena.lu
could you give me some re
unlang. Is there some {%rand} or
anything like that?
Currently I do it embedded in the INSERT:
INSERT ... SHA1(RAND())... INTO someplace
but our MySQL admins don't like me doing that. So I'd prefer to do this
on FreeRADIUS and send a simple string to the DB.
Greetings,
Stefan Winter
-
My guess is that main/tls.c "thinks" it operates within a EAP context
and tries to warn of too big data chunks, while there is actually
nothing to warn about.
Greetings,
Stefan Winter
So we applied the below as a test and it works, but I was wondering as to the
wisdom of it
ftp://ftp.freeradius.org/pub/freeradius/old/
On 11.02.12 03:32, Charles H. Fisher wrote:
> I have heavily patched version of freeradius-server-2.0.4 That I
> would like to migrate forward to the current version. This requires
> that I know what changes were made to the standard 2.0.4. I have not
to
validate the cert at all with a self-signed CA.
For Android <4.0 for example, pushing a new CA into the trust store is
hard. Doing it in a non-interactive autoconfig way is to my knowledge
impossible.
So, BYOD is a factor to consider.
Greetings,
Stefan Winter
> McNutt, Justin M. wro
minor version number just leads to many people asking
the kind of "can I upgrade" questions we've just gone through.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
-Id := "216"
}
Post-Proxy-Type Fail {
detail
}
}
(syntax is "free-handed", you should try this on a testing server first)
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l&#x
ith KNOWN parameters - eg 2020 , within the 2038
> timeframe and things should work.
>
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Ed
the RADIUS protocol. This mailing list is not the place to
ask random questions about RADIUS. Read up on it on the internet, buy a
book, or visit a course about RADIUS. The mailing list is about
configuring FreeRADIUS.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTE
Hi,
> Question is: When Freeradius receive user certificate how daemon find
> correct CRL list in certs directory?
The CRL needs to be in the same directory as the CAs, and needs to be
hashed with c_rehash just like the CA certs. CRLs automatically get the
hash suffix ".r0" instead of ".0".
You
l and conceptual questions if everyone
were to read this book. If you need to get acquainted with FreeRADIUS,
do yourself a favour and grab a copy.
Greetings,
Stefan Winter
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
d old init scripts any more (I guess I could
with some systemd-to-INIT legacy support, but I like eating fresh dogfood).
Is there already someone working on systemd description files for
FreeRADIUS? If not, I'll (have to :-) ) give it a go myself...
Greetings,
Stefan Winter
--
Stefan WINT
read the headline, I expected more bang for the buck :-)
Greetings,
Stefan Winter
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
f it use a common
schema. You need to configure both sides regarding database hostname,
username, password. Setting it in raddb/* is NOT doing any good.
So, if your dialup admin throws an error - look at the web server's
error log. It will help you much more.
Greetings,
Stefan Winter
Am 1
surprises. I'll keep it
> running under surveillance for the rest of the week. By next Monday,
> I'll speak up again and let you know if my setup (still) works fine.
Keeps on running like Forest Gump.
Stefan
>
> Greetings,
>
> Stefan Winter
>
> Am 29.08.2011 16:13, schr
ning under surveillance for the rest of the week. By next Monday,
I'll speak up again and let you know if my setup (still) works fine.
Greetings,
Stefan Winter
Am 29.08.2011 16:13, schrieb Alan DeKok:
> I've put some pre releases of 2.1.12 on the web site:
>
> http://git.freerad
dpeak:
> Hi Stefan,
>
> Attached is the fully log from FreeRadius start, i tried to identify
> it myself however i'm new comer to FR, can you please advise, thanks a
> lot!
>
> Regards,
> Charles
>
> 2011/8/5 Stefan Winter <mailto:stefan.win...@restena.lu>&g
.}
> [attr_filter.access_reject] expand: %{User-Name} -> 1001
> attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 38 for 1 seconds
>
>
> Regards,
> Charles
>
> 2011/8/5 Stefan Winter <mailto:ste
Hello,
while you marked lots of stuff in yellow, you missed the REALLY helpful
part:
"WARNING: Unprintable characters in the password.Double-check
the shared secret on the server and the NAS!"
How about doing exactly that...?
Stefan Winter
Am 05.08.2011 06:14, schrieb
xed. I would like
to mark it alive immediately. Is that unreasonable?
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Te
e was "a" supplicant
and AP to do that, you couldn't be sure that the end device is actually
using that supplicant.
Greetings,
Stefan Winter
> on a Ubiquiti PicoStation 2 firmware 5.3.2 (I believe it includes some
> form of hostapd, but I'm not sure which version)
> Fre
og logs the
last previous auth OK - and then the process is gone.
Would this behaviour fit to this problem cause?
Worth trying the usec fix in GIT?
Greetings,
Stefan Winter
The server does decoupled accounting, one site has only one module in
accounting, rlm_detail and the other listens on
being logged into a different directory than expected.
Thanks again,
Stefan
Am 21.06.2011 11:53, schrieb Alan DeKok:
> Stefan Winter wrote:
>> a similar issue with the config parser here...
>>
>> The following worked nicely in 2.1.10, but barks with "Unexpected text
>&g
server,
but the test server's config is only slightly more simple than the
production one - it has no "else" in that authorize block.
Stefan Winter
Am 20.06.2011 16:47, schrieb Alan Buxey:
> Hi,
>
>> It's been a long time since 2.1.10. We're happy to release
tity.
Stefan
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1
Hi,
> The github && Facebook logins will work, so it should be *much* easier
> for people to contribute to the Wiki.
>
Ah! Federated login! Any plans to add OpenID? I have this nice OpenID
provider hanging around here...
Stefan
--
Stefan WINTER
Ingenieur de Recherche
addb-noinst, and a subsequent "make install" will then not
touch raddb.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel
, which is quite a blessing for my deployment.
Greetings,
Stefan
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Re
Hi,
>> That's a bit strange...
> Bug #143, fixed in the v2.1.x branch.
Cool! Looking forward to 2.1.11...
Stefan
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
Fon
us tcpdump just doesn't see it, and there's no auth happening.
As soon as I change the proxy pool definition back to the v4 variant,
things start working again.
That's a bit strange...
Greetings,
Stefan Winter
[1] IPv4 proxy definition:
home_server radius-int-1-v4 {
type = auth
ion integer,
but it got a string from me.
I fixed my schema/view and things work just fine now. But: how about a
sanity check for SQL along with a more adequate error message?
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l&#
ries.
The quoted strange-string content contains my username swinter, but the
debug output says it considers this to be part of the "operator" column.
Sorry, but this is beyond character set badnesses. I'll run the same
test case with sql module debug on - maybe that sheds more light
thout issues. This is the first time I'm using a radreply query
though. Version is 2.1.10. mysql client lib is so old I'm too ashamed to
tell here.
So... any known badnesses in MySQL/radreply? Anything I should do
(besides updating mysql client libs, which has right now popped near the
top of
ccess-challenge"
message on "access-request" from a client?
See? You need to be more specific in your question before anyone here can give
you an answer. Or better yet, read up on RADIUS, and/or EAP methods, and *then*
ask a well-informed question.
Greetings,
Stefan Winter
is now apparent that it's not a certificate issue - the EAP
conversation doesn't even get far enough to send certificate data at all.
In any case, I don't think the FreeRADIUS server process is to be blamed
- it sends a well-formed response to a reasonable request. Something's
w
834p4283543.html
> Sent from the FreeRadius - User mailing list archive at Nabble.com.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
us helping you. Or mangle the EAP-Response/Identity to be
consistent with your other edit, at least :-)
Greetings,
Stefan Winter
> Message-Authenticator = 0xe5b0ffbed84243bf27ac1ac9c9fcd0b5
> server eduroam {
> # Executing section authorize from file
> /etc/freeradius/si
If you positively want to rule out that the certificate change was the
problem, you could, if your CA's policy allows, install the old server's
certificate on the new instance. For IEEE 802.1X, there is no
requirement that DNS names and CN/subjectAltNames match.
Greetings,
Stefa
RADIUS Server (CN=... is in the supplicant
conf). If you change the Subject in the cert... the supplicant won't
like it any more.
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kal
st
start. If your client only trusts the old one, it won't talk to the new
one...
Greetings,
Stefan Winter
>
> eap.conf:
>
> eap {
> default_eap_type = peap
> timer_expire = 60
> ignore_unknown_eap_types = no
> cisco
Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
signature.asc
Description: OpenPGP digital signature
-
List
ypted passwords?
It can, in a multitude of ways. None of these ways is about
en-/dycrypting the password within the User-Password attribute though.
That is very odd. My strong guess is a shared secret mismatch instead.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation R
ents, if any, is strictly prohibited. If you have
> received this email in error, please immediately notify the sender by
> return email and delete this email from your system."
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
eck which path the packet will take.
In short, I think there should be two attributes: one to contain the
instance name, one with the string. Using unlang is of course possible,
but clumsy - it worked without before.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondat
* - enabling tracking mobility profiles.
As an Identity Provider you could say: "I'll only release CUI if I can
do it per Service Provider to prevent tracking" - and the "require"
option allows you to make just that happen.
Greetings,
Stefan Winter
My approach is a
me. I.e. you should read 'newcomers' as "people who
compile FreeRADIUS for the first time".
Not all these first-timers have previously attended my course, so
changing my course material doesn't solve the general problem.
Greetings,
Stefan
--
Stefan WINTER
Ingenieur
that the recursiveness of configure goes
away. Much better than running a whacky script, of course!
Greetings,
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359
1 - 100 of 515 matches
Mail list logo
