Re: Wiki editing

2010-02-26 Thread Arran Cudbard-Bell
On Feb 26, 2010, at 8:33 AM, Alan DeKok wrote: sphaero wrote: Am I overlooking something? How do you edit the wiki. I can't find a way to register an account to edit wiki pages. You can't. Too many spammers. I was about to add some comments about the rlm_sql_iodb driver since

Re: Radius COA

2010-03-09 Thread Arran Cudbard-Bell
.. Thanks.   chetde...@yahoo.com -- Arran Cudbard-Bell (a.cudbard-b...@sussex.ac.uk), - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Radius COA

2010-03-09 Thread Arran Cudbard-Bell
...@yahoo.com 609-937-7578 Cell  From: Arran Cudbard-Bell a.cudbard-b...@sussex.ac.uk To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Tue, March 9, 2010 12:06:22 PM Subject: Re: Radius COA Unless someone has backported

Re: supplicant winxp+freeradius+ldap

2010-05-03 Thread Arran Cudbard-Bell
On May 3, 2010, at 6:14 AM, Daniel Soto wrote: as I have read, http://deployingradius.com/documents/protocols/compatibility.html, isn´t possible authenticate users with peap (mschapv2) in ldap. when we use EAP to authenticate in ldap, only EAP-TTLS (PAP) works. Its possible, but you

Re: foreach attribute array

2010-05-07 Thread Arran Cudbard-Bell
Is there a way to do a each, while, for, or foreach on an attribute array? Not in unlang no, there are no looping structures of any kind. -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: foreach attribute array

2010-05-07 Thread Arran Cudbard-Bell
, Arran Cudbard-Bell wrote: Is there a way to do a each, while, for, or foreach on an attribute array? Not in unlang no, there are no looping structures of any kind. -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe

Re: freeradius-server-2.1.8

2010-05-11 Thread Arran Cudbard-Bell
On May 11, 2010, at 1:25 PM, John Dennis wrote: On 05/11/2010 04:17 PM, dorra aa wrote: this is not my idea.it's the idea of my professor. i have no idea about the radius and he wants me to work in it just in 2 weeks. You want us to do your course assignments for you? Kids these days, tsk

Re: Looking for an editor for FreeRADIUS documentation

2010-05-18 Thread Arran Cudbard-Bell
The problem with volunteer 're-factoring' work, is that although people mean well when they offer their assistance, it doesn't usually work out... They'll often spend a couple of weeks working on the task, get bored, figure they'll take a break and come back to it later, and it never gets

Re: ISG DHCP relay

2010-05-20 Thread Arran Cudbard-Bell
On May 18, 2010, at 6:34 AM, Alan Buxey wrote: Hi, not quite in the same category :-P perhaps more people need to read 'how to ask questions...' ? http://catb.org/~esr/faqs/smart-questions.html very good resource! Often, the person telling you to do a search has the manual or

Re: Re : What is the Class attribute for?

2010-05-24 Thread Arran Cudbard-Bell
On May 24, 2010, at 1:36 PM, Alexandre Chapellon wrote: I personnally use it for QoS definition. It works as expected but i can't garantee this is the regular use for this attribute. What's special with the class attribute is that if you send It in Access-Accept, It should be added in

Re: Username manipulation

2010-06-07 Thread Arran Cudbard-Bell
On Jun 7, 2010, at 11:35 AM, Greg Malewski wrote: Hi, I have been unable to find any examples - if the facility exists - of being able to process a username prior to forwarding it. For example, I may wish to take a username such as joe_bloggs and convert it into joe.bloggs prior to

Re: Looking for an editor for FreeRADIUS documentation

2010-06-10 Thread Arran Cudbard-Bell
On Jun 10, 2010, at 11:38 AM, Josip Rodin wrote: On Thu, Jun 10, 2010 at 09:07:32PM +0300, Peter Nixon wrote: We already have a Wiki. Few people edit it. We already have a publicly available doc directory. Few people submit changes. Yes. I'll second Alan on this. It was my idea to

Re: Looking for an editor for FreeRADIUS documentation

2010-06-10 Thread Arran Cudbard-Bell
On Jun 10, 2010, at 12:11 PM, Josip Rodin wrote: On Thu, Jun 10, 2010 at 11:59:57AM -0700, Arran Cudbard-Bell wrote: That's why I mentioned that ConfirmAccount mediawiki extension - it will reduce the amount of bother for the admins, while still allowing the users to use minimal necessary

Re: Looking for an editor for FreeRADIUS documentation

2010-06-10 Thread Arran Cudbard-Bell
On Jun 10, 2010, at 2:48 PM, Josip Rodin wrote: On Thu, Jun 10, 2010 at 10:44:27PM +0200, Alan DeKok wrote: We're also not in the business of account management. Someone like github.com is. If they had a Wiki that was RST *and* backed by git, it would be a clear winner. But people have

Re: Ubuntu OpenSSL

2010-06-15 Thread Arran Cudbard-Bell
On Jun 15, 2010, at 11:29 AM, David Peterson wrote: === configuring in ./types/rlm_eap_ttls (/usr/src/freeradius-server/src/modules/rlm_eap/./types/rlm_eap_ttls) configure: running /bin/bash ./configure '--prefix=/usr/local' '--enable-ltdl-install=no' --cache-file=/dev/null --srcdir=.

Re: 802.1x -Radius -Ldap

2010-06-18 Thread Arran Cudbard-Bell
That has to go in the wiki somewhere. That's possibly the best explanation of how FreeRADIUS processes requests I've ever heard... :) -Arran On Jun 18, 2010, at 1:50 PM, John Dennis wrote: On 06/18/2010 04:03 PM, Kyle Plimack wrote: So how do I get pap to do it? If you're asking how to you

Re: Retain info between auth and acct

2010-06-22 Thread Arran Cudbard-Bell
On Jun 22, 2010, at 7:35 AM, James Devine wrote: Does anyone know if there is a built in mechanism of retaining some sort of state information between auth and acct packets without using external means? No. If your NAS supports it, it will send the Acct-Session-ID attribute in Access and

Re: speed of detail reader server

2010-06-23 Thread Arran Cudbard-Bell
On Jun 22, 2010, at 4:25 PM, Michael Fowler wrote: On Mon, Jun 21, 2010 at 07:48:19PM +0300, Alexandru Oprisan wrote: I'm using freeradius 2.1.6 on gentoo to do decoupled accounting. I have everything set up, the only problem seems to be the speed of the 'detail reader server'. I do

Re: How to return Acct-Response to any Acct-Request?

2010-06-28 Thread Arran Cudbard-Bell
accounting { ok } -Arran On Jun 28, 2010, at 5:03 AM, WWF wrote: Hello, all! I use Fr 2.19 for WiMAX system. Since the system is a private network, no accouting is needed. However, the vendor of AGW told us that However, even though AAA ignores all kinds of accounting messages

Re: DHCP support in freeradius

2010-07-14 Thread Arran Cudbard-Bell
It's pretty usable. But give your setup a thorough testing before introducing it to a production environment. -Arran On Jul 14, 2010, at 2:23 PM, Kanwar Ranbir Sandhu wrote: Hi All, I've read the dhcp config examples in the freeradius package. That means I've also seen the warnings

Re: Mac-auth checking in sites-enabled/default

2010-07-23 Thread Arran Cudbard-Bell
On Jul 23, 2010, at 1:31 AM, Phil Mayers wrote: On 07/22/2010 11:50 PM, Tom Leach wrote: I'm currently using Freeradius v2.1.9 and I'm trying to write a condition in the authorize section to use a different module depending on whether Mac-auth or someother auth is being called. In reading

Re: Tag and Untag a port in several VLAN

2010-08-04 Thread Arran Cudbard-Bell
On Aug 4, 2010, at 1:01 AM, Fabien COMBERNOUS wrote: Fabien COMBERNOUS wrote: [...] So i used the other possibility with Egress-VLAN-Name instead of Egress-VLANID. It is easier to understand the meaning of the value and it works with my version of FreeRadius. About the dynamic vlan

Re: Of accounting data and security

2010-08-06 Thread Arran Cudbard-Bell
On Aug 6, 2010, at 12:32 PM, Natr Brazell wrote: Is there a way to secure the communication between the radius server and the NAS especially wrt accounting data? I assume RADSEC will handle Accounting data too, but it's only a draft currently. IPSec? Create tunnels between the NAS and the

Re: Freeradius accounting issues

2010-08-06 Thread Arran Cudbard-Bell
On Aug 6, 2010, at 2:53 PM, Siryx XL wrote: Hi everyone. I got freeradius to AAA the access to a Cisco Routers. If for some reason you disconnect because the router power off, an accounting finish packets is not sent to my radius, so in the DB looks like the user is still logged

Re: Freeradius accounting issues

2010-08-06 Thread Arran Cudbard-Bell
Actually, option 4. If your NAS supports interim updates, you can add an additional field to the accounting database, and update the timestamp in this field every time an interim update packet is received. Then run a cron job to check for timestamps which are older than the interim update

Re: Freeradius accounting issues

2010-08-06 Thread Arran Cudbard-Bell
update query, however it's generally a bad idea to just close out sessions because they've run on too long. Unless of course you don't care about the accuracy of your accounting database. -Arran Arran Cudbard-Bell wrote: Actually, option 4. If your NAS supports interim updates, you can add

Re: Different users file per virtual server

2010-08-06 Thread Arran Cudbard-Bell
On Aug 6, 2010, at 4:14 PM, Cory Johnson wrote: Is there a way to have seperate users files per virtual server? The location of the users file appears to be specified in modules/files. I can only seem to load modules from the global radiusd.conf, so each server uses the same users file.

Re: Different users file per virtual server

2010-08-06 Thread Arran Cudbard-Bell
I get the output: /etc/freeradius/sites-enabled/noc[153]: Failed to find module files. /etc/freeradius/sites-enabled/noc[63]: Errors parsing authorize section. Also tried stating files noc in the authorize section. After doing this I don't even get any debug output. The instance of the

Re: Cisco WLC4402 - 802.1X - Android - Tunnel-Priv-Group-ID Failure

2010-08-10 Thread Arran Cudbard-Bell
When Joining from my Android, it comes accross as: Tue Aug 10 11:26:53 2010 User-Name = 1fT6ESzC4Dbj9oIpiJjjfg== (A few chars changed to prevent the username from being figured out) This somehow is authenticating correctly because I get an IP address (in the incorrect vlan)

Re: deleteing attribute

2010-08-30 Thread Arran Cudbard-Bell
On Aug 30, 2010, at 8:23 PM, Alexandre Chapellon wrote: Le mardi 31 août 2010 à 04:31 +0200, Alan DeKok a écrit : Alexandre Chapellon wrote: Hello, I want to delete an attribute I send to NASes in Access-reply, regardless of its value. Apparently I cannot use '!*' operator which

Re: VLAN Assignment of Wifi-Clients

2010-08-31 Thread Arran Cudbard-Bell
On Aug 31, 2010, at 8:48 AM, Marten Pape wrote: Alan DeKok schrieb: Marten Pape wrote: Now my goal is to tell the NAS to assign every wifi-packet to a certain VLAN. I don't need to have a dynamic assignment of VLAN based on usernames or something else. One VLAN would be sufficient.

Re: Removing domain name in freeradius

2010-10-12 Thread Arran Cudbard-Bell
On Oct 12, 2010, at 10:29 AM, Alexander Clouter wrote: Mark Holmes mark.hol...@nuffield.ox.ac.uk wrote: At the moment in my test environment, as long as I DONT specify the domain it works - so I'm looking to strip out the domain name if they DO specify it. As a hint for the record, in

Re: freeradius 2.1.10 DHCP not responding

2010-10-13 Thread Arran Cudbard-Bell
IIRC there were problems binding the server to IP addresses. Try just binding to an interface or being promiscuous. On 13/10/2010, Zietz, Marco marco.zi...@pfalzkom-manet.de wrote: Hi, I'm playing with freeradius acting as DHCP-server - which is a magnificent idea! Got a little problem

Re: http://wiki.freeradius.org/Mac-Auth is wrong

2010-11-20 Thread Arran Cudbard-Bell
The return code issue is debatable, probably should be notfound but noop is acceptable. I've fixed the wiki page. Thanks for bringing this to the lists attention. -Arran On 20/11/2010, Tóth István st...@stoty.hu wrote: Hello! I tried to set up MAC authorization for testing purposes

Re: MAC-Authentication from Mysql

2010-11-22 Thread Arran Cudbard-Bell
I don't know how to call the sql module for read the list users from mysql. If I put in that section the sql instruction I don't know how compare the sql results with the Calling-Station-Id that the NAS return in the request. Another thing is that I don't know why the authorization is

Re: wifi ip allocation

2010-11-30 Thread Arran Cudbard-Bell
On Nov 30, 2010, at 11:33 AM, Alexandre Chapellon wrote: Hi every body, While all the documentation on the web seems to answer *NO*, and because I feel like i need to talk to someone today, I was wondering if there is any way to allocate IP address to wifi user using radius Attributes

Re: ERROR! Our request for peap was NAK'd with a request for peap

2010-12-09 Thread Arran Cudbard-Bell
On Dec 9, 2010, at 3:21 PM, Alan Buxey wrote: Hi, There isnt an option to disable eap on the printer.� The protocols I have the option for on the printer are leap, peap and eap-tls.� peap and eap-tls give me the above error.� leap just kinda stops (i should probably disable leap

Re: ERROR! Our request for peap was NAK'd with a request for peap

2010-12-10 Thread Arran Cudbard-Bell
On Dec 10, 2010, at 12:56 AM, Alan DeKok wrote: Rob Yamry wrote: It pretends to implement EAP, but it does not. Disable EAP for the printer. There isnt an option to disable eap on the printer. That's a little hard to believe. Most printers *don't* do EAP (i.e.

Re: ERROR! Our request for peap was NAK'd with a request for peap

2010-12-10 Thread Arran Cudbard-Bell
On Dec 10, 2010, at 10:45 AM, Rob Yamry wrote: That's a little hard to believe. Most printers *don't* do EAP (i.e. 802.1X). Just use it like a printer, without doing 802.1X. Problem is, if the user can't figure how to turn off the 802.1X supplicant, it acts like an 802.1X-2004

Re: [authorized_macs.authorize] returns noop

2011-01-06 Thread Arran Cudbard-Bell
On Jan 6, 2011, at 7:58 AM, Alexander Clouter wrote: Phil Mayers p.may...@imperial.ac.uk wrote: I setup mac_auth as in the freeradius wiki and its not working, am unable to debug further. Hmm. This: http://wiki.freeradius.org/index.php?title=Mac-Auth ...seems like it's a bit...

Re: [authorized_macs.authorize] returns noop

2011-01-06 Thread Arran Cudbard-Bell
*What* RFCness? Apparently, guessing this is Aaran spending too much absorbing the IETF website, RFC2865 says though shalt use 'Call-Check' for mac-auth, I have not read it myself. that seems overkill to you? Cisco switches use PAP instead of CHAP, but other than that whats the

Re: [authorized_macs.authorize] returns noop

2011-01-06 Thread Arran Cudbard-Bell
On Jan 6, 2011, at 6:17 AM, Phil Mayers wrote: On 06/01/11 12:48, Nagaraj Panyam wrote: Dear experts, I setup mac_auth as in the freeradius wiki and its not working, am unable to debug further. Hmm. This: http://wiki.freeradius.org/index.php?title=Mac-Auth ...seems like it's a

RSA SecurID Authentication

2007-12-12 Thread Arran Cudbard-Bell
either of these methods, FR Version and Method (PAM,Proxy) info would be greatly appreciated. Seems like something useful that could go into the wiki. Thanks, Arran -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08

Re: release date 2.0.0?

2007-12-15 Thread Arran Cudbard-Bell
Alan DeKok wrote: Norbert Wegener wrote: Hello Alan, since the release of pre1 half a year has gone. Can you already foresee when the final version will be released? I've been trying to get a Coverity scan before 2.0 is released, because of the number of changes that have been made. It now

Re: release date 2.0.0?

2007-12-15 Thread Arran Cudbard-Bell
Alan DeKok wrote: Arran Cudbard-Bell wrote: ... getaddrinfo.c: In function 'gethostbyname_r': getaddrinfo.c:138: error: 'fr_hostbyname' undeclared (first use in this function) Agh. It's declared at the top of the function, with the same #ifdef's in both places (where it's used, and where

EAP Auth failing with CVS Head

2007-12-18 Thread Arran Cudbard-Bell
request Waking up in 0.8 seconds. -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list

Re: no logging = reject?

2007-12-18 Thread Arran Cudbard-Bell
is if for any reason a table is locked, the SQL request will block until the table is unlocked. In blocking it appears to block the entire FR server ! Everything just stops until the table is unlocked, and the request is satisfied ! -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation

Re: EAP Auth failing with CVS Head

2007-12-18 Thread Arran Cudbard-Bell
Alan DeKok wrote: Arran Cudbard-Bell wrote: EAP Auth appears to be failing for no reason with CVS head. It probably has something to do with rlm_eap: Request found, released from the list rlm_eap: Response appears to match, but EAP type is wrong. rlm_eap: Failed in handler Ok

Re: EAP Auth failing with CVS Head

2007-12-29 Thread Arran Cudbard-Bell
Arran Cudbard-Bell wrote: Alan DeKok wrote: Arran Cudbard-Bell wrote: Well, that's wrong. The State attribute should be a bunch of random hex stuff, not all zeros. This is on a 64-bit machine? Yes, and it only happens for random users, and often only after a few minutes of running. I

EAP Notification

2008-01-03 Thread Arran Cudbard-Bell
of the Access-Accept packet, and encapsulating the Reply-Message attribute in an EAP-Request Notification packet ? Either way it's pretty cool, and the message gets logged in /var/log/system.log (On Mac OS X) which has the potential to be useful for debugging... Thanks, Arran -- Arran Cudbard-Bell

Re: EAP Notification

2008-01-03 Thread Arran Cudbard-Bell
? --- Thanks, Arran josh. -Original Message- From: [EMAIL PROTECTED] org [mailto:[EMAIL PROTECTED] eradius.org] On Behalf Of Arran Cudbard-Bell Sent: 03 January 2008 12:50 To: FreeRadius users mailing list Subject: EAP Notification Hi, Running a packet capture of an EAP TTLS

Re: EAP Notification

2008-01-03 Thread Arran Cudbard-Bell
and enforcement operators are to be used. Greetings, Stefan Regards, Arran -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info

Re: Cisco command authorization

2008-01-04 Thread Arran Cudbard-Bell
of their switches they don't actually work ! -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http

Re: How to enable only EAP-TTLS type and not EAP-TLS?

2008-01-09 Thread Arran Cudbard-Bell
/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900

Re: Version 2.0.0 has been released

2008-01-10 Thread Arran Cudbard-Bell
, and major updates to the web site. Excellent ! Christ it's been a long time coming, but the improvements over 1.1.7 are incredible. Step 1 in ushering in a new age of NAC :) Congrats, Arr -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure

Re: I can't get 'access-accept' from Linux clients

2008-01-11 Thread Arran Cudbard-Bell
/unsubscribe? See http://www.freeradius.org/list/users.html -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http

Re: Verifying framed-ip-address using unlang

2008-01-14 Thread Arran Cudbard-Bell
Alan DeKok wrote: Pshem Kowalczyk wrote: Is it possible to use unlang to verify whether framed-ip-address is in the right range or not? Yes and no. The comparisons are not typed, so everything is a string. We would like to use it on our wholesale proxies. Wholesale customers of ours are

Re: Hello, and a question.

2008-01-14 Thread Arran Cudbard-Bell
support in terms of fine grained access control, but TACACS+ server implementations do not have the flexibility and range of features FreeRADIUS does. Thanks in advance David W Bell - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Arran Cudbard-Bell

Re: Authorize/authenticate with LDAP

2008-01-16 Thread Arran Cudbard-Bell
running ? -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius attributes for cisco ip phone

2008-01-18 Thread Arran Cudbard-Bell
assignment, and just deny/allow access via the RADIUS server. -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See

Re: rlm_perl build on mac osx

2008-01-19 Thread Arran Cudbard-Bell
Info wrote: Alan, Thanks for your quick response! Yes, I'm aware that apple has included FR into Leopard and am curious to see how it works in that version of the OS once I move to it eventually. However, for the Tiger users of which I'll remain for a while, I'd like to provide ease of

Re: filling in missing attributes

2008-01-22 Thread Arran Cudbard-Bell
Alan DeKok wrote: Duane Cox wrote: Hello List I'm looking for a suggested solution to this problem. I'm running freeradius 2.0.0 and have a NAS that doesn't supply the NAS-Identifier or Called-Station-Id. I'm using rlm_sql to log acct information and would like to have this missing info

Re: Authentication Problem with EAP-PEAP

2008-01-23 Thread Arran Cudbard-Bell
. -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Authentication Problem with EAP-PEAP

2008-01-23 Thread Arran Cudbard-Bell
of FreeRadius are you using ? -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Detailed logging on 1.1.7

2008-01-23 Thread Arran Cudbard-Bell
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html radiusd -x The more x's the more verbose And no -X stops the server from forking, and writes output to /dev/stdout -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer

Re: Question about forum

2008-01-25 Thread Arran Cudbard-Bell
/users.html Second that. It's a shame we had so many spammers on the wiki... Else the general user community could still contribute to it. -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex

Re: Monitoring Tool for Freeradius

2008-02-01 Thread Arran Cudbard-Bell
? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation

Re: Monitoring Tool for Freeradius

2008-02-01 Thread Arran Cudbard-Bell
:53 PM, Arran Cudbard-Bell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Devinder Singh wrote: Hi I had use daloradius and you can monitor how many users are online etc It's guessing from the number of 'open' sessions in your accounting database (those

Re: EAP-ttls tunnel inner outer authentication credential management

2008-02-04 Thread Arran Cudbard-Bell
theSnail wrote: Is there a way to manage in a different way the inner and the outer authentication credential in a EAP-ttls + PAP tunnel? for example authenticate the outter credential against a file and the inner against ldap dir. thanks arjuna Yes, with FreeRADIUS version 2, authentication

Re: EAP-ttls tunnel inner outer authentication credential management

2008-02-04 Thread Arran Cudbard-Bell
theSnail wrote: Arran Cudbard-Bell wrote: theSnail wrote: Is there a way to manage in a different way the inner and the outer authentication credential in a EAP-ttls + PAP tunnel? for example authenticate the outter credential against a file and the inner against ldap dir. thanks arjuna

Re: Monitoring Tool for Freeradius

2008-02-04 Thread Arran Cudbard-Bell
Alan DeKok wrote: Julian Stöver wrote: Hi, oh yes, it's my mac ^^ I didn't recognized that.. So I have to change my question to Why is the mac adress saved in the 'radacct' table? Because that's what the NAS sends in an accounting packet. There is very little that is magic in

Re: Monitoring Tool for Freeradius

2008-02-04 Thread Arran Cudbard-Bell
Arran Cudbard-Bell: Julian Stöver wrote: Hi! I worked my radacct problem today. I fixed the most problems, so now I get all informations stored in my 'radacct'-table. But the username is saved encrypted in the database, something like '001e528015c6' for username 'julian'. Hmmm you know

Re: Monitoring Tool for Freeradius

2008-02-04 Thread Arran Cudbard-Bell
? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton

Re: inner/outer Tunnel attributes of TTLS/MS-CHAPv2

2008-02-04 Thread Arran Cudbard-Bell
Vincent Magnin wrote: Hello Alan, You have right, this version is too old and do not support this feature (I've checked src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c). This version is the one supplied with Redhat Enterprise 4. I'll compile 1.1.7 from source. Really I would go with 2.01, it's

Attributes sent to proxy servers ...

2008-02-05 Thread Arran Cudbard-Bell
Proxy-State = 0x313035 Going to the next request Thanks Arran -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See

Re: Attributes sent to proxy servers ...

2008-02-05 Thread Arran Cudbard-Bell
to 194.82.174.185 port 1813 Realm = jrs Proxy-State = 0x323235 Going to the next request Waking up in 0.9 seconds. Waking up in 14.0 seconds. Rejecting request 17 due to lack of any response from home server 194.82.174.185 port 1813 -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication

Re: Attributes sent to proxy servers ...

2008-02-05 Thread Arran Cudbard-Bell
Arran Cudbard-Bell wrote: [EMAIL PROTECTED] wrote: hi, you are still pre-proxy attr filtering? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html No, didn't really see the point.. Internal attributes aren't meant to be proxied, and those are the only

Re: Attributes sent to proxy servers ...

2008-02-05 Thread Arran Cudbard-Bell
-Name = [EMAIL PROTECTED] Realm = jrs Proxy-State = 0x323532 -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe

Re: Attributes sent to proxy servers ...

2008-02-05 Thread Arran Cudbard-Bell
Alan DeKok wrote: Arran Cudbard-Bell wrote: Might be any idea to replace accounting { ... # Filter attributes from the accounting response. if(!%{control:Proxy-To-Realm}){ attr_filter.accounting_response I'll look into it... Still getting internal

Re: FreeRADIUS and RSA RADIUS Server

2008-02-05 Thread Arran Cudbard-Bell
/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe

Re: FreeRADIUS and RSA RADIUS Server

2008-02-05 Thread Arran Cudbard-Bell
DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Jakub - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Arran Cudbard-Bell ([EMAIL

Re: Problems using EAP-TLS with freeradius version 2

2008-02-06 Thread Arran Cudbard-Bell
-- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problems using EAP-TLS with freeradius version 2

2008-02-07 Thread Arran Cudbard-Bell
Stefan Puch wrote: @Arran Cudbard-Bell Write a regular expression to strip off the proceeding \ Heres one I did earlier If I remember correctly it's to escape to one \ in the username ... \\ To escape it in the RegExp string, \\ to make \ literal in the regular expression

Re: FreeRadius deployment

2008-02-07 Thread Arran Cudbard-Bell
[EMAIL PROTECTED] wrote: Hi, I'm planning a FreeRadius deployment where the same machine will be running two FreeRADIUS instances, each one listening in different interfaces with different ip adresses. However, I had been looking in the documentation forthis possibility and found no

Unlang in auth-type sections

2008-02-07 Thread Arran Cudbard-Bell
Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: accounting - no huntgroups

2008-02-13 Thread Arran Cudbard-Bell
. Where is this NAS located, hmm i'll just check the arbitrarily populated location tag. Who was meant to be updating the client list SQL features for 2.0 ? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Arran Cudbard-Bell ([EMAIL

Re: accounting - no huntgroups

2008-02-13 Thread Arran Cudbard-Bell
Alan DeKok wrote: Arran Cudbard-Bell wrote: Woah, get that working with SQL and you have an insanely useful feature. Oooo what VLANS does this NAS support, hmm i'll just check the client VLAN tags. Where is this NAS located, hmm i'll just check the arbitrarily populated location tag

SQL Escape Chars

2008-02-13 Thread Arran Cudbard-Bell
Networking equipment makes me sad=2C angry and staby.' Or is it just sensitive SQL chars that are written in this form ? Is this going to change at some point in the future, or can I safely start replacing these with HTML special when displaying FreeRADIUS'd attributes ... -- Arran Cudbard-Bell

Re: Acct-Authentic changing usernames

2008-02-13 Thread Arran Cudbard-Bell
Phil Mayers wrote: We're bringing a Cisco (formerly Airespace) lightweight wireless system online, and I'm seeing some odd things in the accounting. Specifically, the usernames can change in the accounting packets. This causes the default SQL queries (at least, the ones for Postgres under

Re: Strange proxied accounting errors

2008-02-14 Thread Arran Cudbard-Bell
{ attr_filter.post-proxy } } -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list

Re: Strange proxied accounting errors

2008-02-14 Thread Arran Cudbard-Bell
Alan DeKok wrote: Arran Cudbard-Bell wrote: Can always apply the accounting_response filter in post-proxy if you were worried about it... something like post-proxy { ... if(%{Packet-Type} == 'Accounting-Response'){ attr_filter.accounting_response That won't do what you

Re: Strange proxied accounting errors

2008-02-14 Thread Arran Cudbard-Bell
Arran Cudbard-Bell wrote: Alan DeKok wrote: Arran Cudbard-Bell wrote: Can always apply the accounting_response filter in post-proxy if you were worried about it... something like post-proxy { ... if(%{Packet-Type} == 'Accounting-Response'){ attr_filter.accounting_response

Re: Non capturing parenthesis in regexp causes seg fault.

2008-02-15 Thread Arran Cudbard-Bell
Alan DeKok wrote: Arran Cudbard-Bell wrote: Hi, Got this on my 32bit intel box running Ubuntu Linux 6.10 if(%{User-Name} =~ /(?:.*)/){ I'm not sure that's a valid regular expression... '?' is usually a modifier... It is... It allows you to create backreferences

Re: Non capturing parenthesis in regexp causes seg fault.

2008-02-15 Thread Arran Cudbard-Bell
Arran Cudbard-Bell wrote: Alan DeKok wrote: Arran Cudbard-Bell wrote: Hi, Got this on my 32bit intel box running Ubuntu Linux 6.10 if(%{User-Name} =~ /(?:.*)/){ I'm not sure that's a valid regular expression... '?' is usually a modifier... It is... It allows you to create

Non capturing parenthesis in regexp causes seg fault.

2008-02-15 Thread Arran Cudbard-Bell
-- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Non capturing parenthesis in regexp causes seg fault.

2008-02-15 Thread Arran Cudbard-Bell
Arran Cudbard-Bell wrote: Arran Cudbard-Bell wrote: Alan DeKok wrote: Arran Cudbard-Bell wrote: Hi, Got this on my 32bit intel box running Ubuntu Linux 6.10 if(%{User-Name} =~ /(?:.*)/){ I'm not sure that's a valid regular expression... '?' is usually a modifier

Re: Force user disconnect on NAS

2008-02-27 Thread Arran Cudbard-Bell
it too; currently FR doesn't. Your best bet is to use the standard 802.1x mib and force re-authentication using SNMP. Most NAS implement this MIB just people seem to overlook it... Regards, Arran -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer

Re: Force user disconnect on NAS

2008-02-27 Thread Arran Cudbard-Bell
implement this MIB just people seem to overlook it... Regards, Arran -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info

Re: Force user disconnect on NAS

2008-02-27 Thread Arran Cudbard-Bell
it... Regards, Arran -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http

Class attribute, RFC Specified usage of ...

2008-03-03 Thread Arran Cudbard-Bell
know some people use it to link accounting data to an authentication attempt Thanks, Arran -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900

  1   2   3   4   5   6   7   8   9   10   >