Re: mac authentication, log rejected device in radius.log

2013-10-18 Thread John Douglass
On 10/18/2013 11:00 AM, Alan DeKok wrote: Bertalan Voros wrote: I have one question, I would like to log a message in radius.log when a device is rejected based on its mac address. I would like to put a message saying that the device was unauthorised and the Calling-Station-Id into the

Re: Case statement error

2013-10-14 Thread A . L . M . Buxey
Hi, Ah... a fix wasn't pulled over from v3.0.x to master. I've just done that now. server now starts with such switch/case config present. cheers! alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Case statement error

2013-10-14 Thread Franks Andy (RLZ) IT Systems Engineer
...@lboro.ac.uk Sent: 14 October 2013 07:27 To: FreeRadius users mailing list Subject: Re: Case statement error Hi, Ah... a fix wasn't pulled over from v3.0.x to master. I've just done that now. server now starts with such switch/case config present. cheers! alan - List info/subscribe/unsubscribe

Re: Dynamic VLAN assignment depending on LDAP user group and MAC address

2013-10-14 Thread Matthew Newton
On Fri, Oct 11, 2013 at 05:41:07PM +0100, Fabrizio Vecchi wrote: As you can see, the device wasn't listed in the file, the authentication went fine, saying that the tunnel that I should get has ID 40, but that wasn't overwritten by the authorized_macs check... Add DEFAULT Auth-Type := Reject

Re: Dynamic VLAN assignment depending on LDAP user group and MAC address

2013-10-14 Thread Matthew Newton
On Mon, Oct 14, 2013 at 10:40:19AM +0100, Matthew Newton wrote: On Fri, Oct 11, 2013 at 05:41:07PM +0100, Fabrizio Vecchi wrote: As you can see, the device wasn't listed in the file, the authentication went fine, saying that the tunnel that I should get has ID 40, but that wasn't

Re: Username format

2013-10-14 Thread A . L . M . Buxey
Hi, Does FreeRADIUS give a fig about what the username is? If it were all numeric, say 123456789 I guess it is happy with that? It's just a string to FreeRADIUS? FreeRADIUS is just a RADIUS serverand hence any decisions made by it are all down to defined policies. so if you have

Re: Case statement error

2013-10-14 Thread Alan DeKok
Franks Andy (RLZ) IT Systems Engineer wrote: Hi again, Sorry to bang on about this, but I'm struggling still. Brand new machine, Ubuntu 13.04 server, never had freeradius installed on it. Pulled from git, - (FreeRADIUS Version 3.1.0 (git #209982d), I didn't see the 3.1.0... At this

Re: Generating timing stats for ntlm_auth

2013-10-14 Thread Jonathan Gazeley
On 10/10/13 15:03, a.l.m.bu...@lboro.ac.uk wrote: Samba 4 is lurvely... apparently 100% compatible with existing AD installations, although, as always, it's a bit finicky and info is a bit thin on the ground (and I've not written up a guide when I set my test environment up that uses an S4

Re: Terminate dsl ppp sessions daily

2013-10-14 Thread Arran Cudbard-Bell
On 14 Oct 2013, at 15:52, Volker Lieder v.lie...@uvensys.de wrote: Hi list, we use freeradius for our dsl user authentication. We want to disconnect some users via radius at fixed times, e.g. 04:00 am. Which attribute and value should / can i use? Session-Timeout doesnt do the job.

Re: Generating timing stats for ntlm_auth

2013-10-14 Thread Phil Mayers
On 14/10/13 16:01, Jonathan Gazeley wrote: On 10/10/13 15:03, a.l.m.bu...@lboro.ac.uk wrote: Samba 4 is lurvely... apparently 100% compatible with existing AD installations, although, as always, it's a bit finicky and info is a bit thin on the ground (and I've not written up a guide when I set

Re: Terminate dsl ppp sessions daily

2013-10-14 Thread Volker Lieder
Hi, we tried to calculate it via expr. How would you calculate it? Regards, Volker Am 14.10.2013 um 17:03 schrieb Arran Cudbard-Bell: On 14 Oct 2013, at 15:52, Volker Lieder v.lie...@uvensys.de wrote: Hi list, we use freeradius for our dsl user authentication. We want to

Re: Terminate dsl ppp sessions daily

2013-10-14 Thread Arran Cudbard-Bell
On 14 Oct 2013, at 16:27, Volker Lieder v.lie...@uvensys.de wrote: Hi, we tried to calculate it via expr. How would you calculate it? Pretty sure the expiration module does exactly this. Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List

Re: 3.0.0 return code priority / change?

2013-10-14 Thread Phil Mayers
On 14/10/13 16:18, Phil Mayers wrote: i.e. the noop from the files module is ignored. This is a change from 2.x where the most recent module return code can be checked. Have I missed the change, or is this not intentional? Looks like this happened in the modcall.c rewrite (d0aa96709cea)

Re: 3.0.0 return code priority / change?

2013-10-14 Thread Phil Mayers
On 14/10/13 17:15, Phil Mayers wrote: On 14/10/13 16:18, Phil Mayers wrote: i.e. the noop from the files module is ignored. This is a change from 2.x where the most recent module return code can be checked. Have I missed the change, or is this not intentional? Looks like this happened in

Re: configure freeradius to use UPN instead of samaccountname

2013-10-14 Thread Alan DeKok
Angelica Delgado wrote: We have our freeradius setup to authenticate with Active Directory for EAP. Currently, it uses the samaccountname but we want to use UPN instead. We get NT_STATUS_NO_SUCH_USER when testing with ntlm through command line. ntlm_auth --request-nt-key

RE: configure freeradius to use UPN instead of samaccountname

2013-10-14 Thread stefan.paetow
You might want to do an LDAP lookup first on your UPN to find the samAccountName, then use that with ntlm_auth. Stefan From: freeradius-users-bounces+stefan.paetow=diamond.ac...@lists.freeradius.org [mailto:freeradius-users-bounces+stefan.paetow=diamond.ac...@lists.freeradius.org] On Behalf

RE: Case statement error

2013-10-13 Thread Franks Andy (RLZ) IT Systems Engineer
users mailing list Subject: Re: Case statement error Franks Andy (RLZ) IT Systems Engineer wrote: I still get # Loading authorize {...} /usr/local/etc/raddb/sites-enabled/default[222]: case statements may only appear within a switch section You need to upgrade your binary. You're not using

Re: Case statement error

2013-10-13 Thread A . L . M . Buxey
Hi, this error is also present with 3.1.0 when using the provided orginate-coa virtual-server - so its reproducable with a minimally adjusted configuration (just drop originate-coa from sites-available to sites-enabled) alan - List info/subscribe/unsubscribe? See

Re: Case statement error

2013-10-13 Thread Alan DeKok
a.l.m.bu...@lboro.ac.uk wrote: this error is also present with 3.1.0 when using the provided orginate-coa virtual-server - so its reproducable with a minimally adjusted configuration (just drop originate-coa from sites-available to sites-enabled) Ah... a fix wasn't pulled over from v3.0.x

Re: Dynamic VLAN assignment depending on LDAP user group and MAC address

2013-10-12 Thread Alan DeKok
Fabrizio Vecchi wrote: First of all, sorry if my email is very long, I am just trying not to leave any important details out. :) That's good. So far, I managed to do the dynamic VLAN assignment, but cannot seem to get it to work together with the MAC checking. They key thing to remember

Re: Problems with compiling freeradius on Ubuntu Linux

2013-10-12 Thread Arran Cudbard-Bell
On 12 Oct 2013, at 17:40, Andrei Petru Mura mapand...@gmail.com wrote: Hello, I imported FreeRADIUS from git on Eclipse, and tried to build it, but this error occurs while building the project: threads.h:47:2: error: #error WITH_THREADS defined, but pthreads not available Can anybody

Re: Dynamic VLAN assignment depending on LDAP user group and MAC address

2013-10-12 Thread Fabrizio Vecchi
Hi Alan and thanks for the reply. On 12 October 2013 13:42, Alan DeKok al...@deployingradius.com wrote: So far, I managed to do the dynamic VLAN assignment, but cannot seem to get it to work together with the MAC checking. Get them working independently. Then, put the pieces together.

Re: Dynamic VLAN assignment depending on LDAP user group and MAC address

2013-10-12 Thread Alan DeKok
Fabrizio Vecchi wrote: I guess at the end of the day my question boils down to the following: where should I put the MAC check, so that the user gets assigned to the right VLAN? In post-auth. If I put it in the authorize part of sites-enabled/default, the VLAN update request will get

Re: clone break freeradius

2013-10-11 Thread A . L . M . Buxey
hi, you must ensure you 'sign out' of the AD before you clone as otherwise both objects are the same...and, as you have found, doing something with the cloen breaks the first server. or just dont bind to the AD before cloning. to fix, you need to ensure that both machines have their own

RE: clone break freeradius

2013-10-11 Thread stefan.paetow
Did you also change the MAC address for the network adapter in the VMWare settings? Otherwise VMWare believes (and possibly your network too) the two machines are the same. After changing the MAC address, reconfigure your network settings on the clone and reboot. Delete the trust (computer)

RE: Case statement error

2013-10-11 Thread Franks Andy (RLZ) IT Systems Engineer
October 2013 15:26 To: FreeRadius users mailing list Subject: Re: Case statement error Franks Andy (RLZ) IT Systems Engineer wrote: Trying version #d166290 results in Which is old. The bug has already been fixed. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org

Re: Eaps TTLS and Plain Text

2013-10-11 Thread Alan DeKok
Gilbert T. Gutierrez, Jr. wrote: I have a Free Radius Server (2.1.10-5 packaged with CentOS 6) that is configured to handle radius authentication eaps ttls in a tunnel (Motorola/Cambium Canopy Product). I want to be able to authenticate plain text requests from other devices that do not

Re: MSCHAPv2 use_tunneling_reply problem

2013-10-11 Thread Alan Buxey
So what you're saying is that even though the users are using anonymous outerid and want anonymity you want to release their id to the site they are at? -- Sent from my Android device with K-9 Mail. Please excuse my brevity.- List info/subscribe/unsubscribe? See

Re: freeradius 2.2.0 on Fedora and oracle module

2013-10-10 Thread A . L . M . Buxey
Hi, I'e installed oracle instant client from rpm packages (basic + devel) okay. if you've done this rather than manually installing from Oracle then its most likely that the paths are different...you will need to check where your Oracle files have been installed and use those paths instead

Re: freeradius 2.2.0 on Fedora and oracle module

2013-10-10 Thread Fajar A. Nugraha
On Thu, Oct 10, 2013 at 2:22 PM, Puzzel puzzel1...@gmail.com wrote: --with-oracle-include-dir=/usr/lib/oracle/11.2/client64 ** ** configure: WARNING: oracle headers not found. Use --with-oracle-include-dir=path.configure: WARNING: silently not building rlm_sql_oracle.

RE: freeradius 2.2.0 on Fedora and oracle module

2013-10-10 Thread Puzzel
-bounces+puzzel1982=gmail@lists.freeradius.org] On Behalf Of a.l.m.bu...@lboro.ac.uk Sent: Thursday, October 10, 2013 9:41 AM To: FreeRadius users mailing list Subject: Re: freeradius 2.2.0 on Fedora and oracle module Hi, I'e installed oracle instant client from rpm packages (basic + devel

Re: freeradius 2.2.0 on Fedora and oracle module

2013-10-10 Thread Arran Cudbard-Bell
On 10 Oct 2013, at 09:22, Puzzel puzzel1...@gmail.com wrote: Yes, you are right, the oracle inlcude path was in the different location (/usr/include/oracle/11.2/client64 not /usr/lib...). Now i've got another problem. ./configure --with-oracle-lib-dir=/usr/lib/oracle/11.2/client64/lib

RE: freeradius 2.2.0 on Fedora and oracle module

2013-10-10 Thread Puzzel
@lists.freeradius.org] On Behalf Of Arran Cudbard-Bell Sent: Thursday, October 10, 2013 11:04 AM To: FreeRadius users mailing list Subject: Re: freeradius 2.2.0 on Fedora and oracle module On 10 Oct 2013, at 09:22, Puzzel puzzel1...@gmail.com wrote: Yes, you are right, the oracle inlcude

Re: well almost got FR 3.0 to compile on OS X :-)

2013-10-10 Thread Alex Sharaz
o.k deinstalled the package and package manager I was using, installed homebrew, installed latest openssl and talloc and ….. just compiled and installed. Simples! Thanks for that A On 9 Oct 2013, at 11:54, Arran Cudbard-Bell a.cudba...@freeradius.org wrote: On 9 Oct 2013, at 11:21, Alex

Re: freeradius 2.2.0 on Fedora and oracle module

2013-10-10 Thread Arran Cudbard-Bell
On 10 Oct 2013, at 10:31, Puzzel puzzel1...@gmail.com wrote: Tnx Arran, ./configure went fine and then created all.mk file. What to do next? make don't work. I'm sorry i'm not very much experienced in linux. You need to do make in the top level directory not in the module directory.

Re: well almost got FR 3.0 to compile on OS X :-)

2013-10-10 Thread Arran Cudbard-Bell
On 10 Oct 2013, at 10:44, Alex Sharaz alex.sha...@york.ac.uk wrote: o.k deinstalled the package and package manager I was using, installed homebrew, installed latest openssl and talloc and ….. just compiled and installed. Simples! Hmm wonder what rudix was doing to mess up talloc

Re: well almost got FR 3.0 to compile on OS X :-)

2013-10-10 Thread Alex Sharaz
On 10 Oct 2013, at 12:02, Arran Cudbard-Bell a.cudba...@freeradius.org wrote: On 10 Oct 2013, at 10:44, Alex Sharaz alex.sha...@york.ac.uk wrote: o.k deinstalled the package and package manager I was using, installed homebrew, installed latest openssl and talloc and ….. just compiled and

RE: freeradius 2.2.0 on Fedora and oracle module

2013-10-10 Thread Puzzel
@lists.freeradius.org] On Behalf Of Arran Cudbard-Bell Sent: Thursday, October 10, 2013 12:50 PM To: FreeRadius users mailing list Subject: Re: freeradius 2.2.0 on Fedora and oracle module On 10 Oct 2013, at 10:31, Puzzel puzzel1...@gmail.com wrote: Tnx Arran, ./configure went fine

Re: freeradius 2.2.0 on Fedora and oracle module

2013-10-10 Thread Arran Cudbard-Bell
: Thursday, October 10, 2013 12:50 PM To: FreeRadius users mailing list Subject: Re: freeradius 2.2.0 on Fedora and oracle module On 10 Oct 2013, at 10:31, Puzzel puzzel1...@gmail.com wrote: Tnx Arran, ./configure went fine and then created all.mk file. What to do next? make don't work

Re: Generating timing stats for ntlm_auth

2013-10-10 Thread A . L . M . Buxey
Hi, Thu Oct 10 11:52:16 2013 : Info: WARNING: Module rlm_eap became unblocked for request 47516341 ...since the return of our students this year. I am 99% sure this is ntlm_auth being slow, and I have a strong suspicion this is related to some changes in our AD infrastructure over the

RE: freeradius 2.2.0 on Fedora and oracle module

2013-10-10 Thread Puzzel
+puzzel1982=gmail@lists.freeradius.org [mailto:freeradius-users-bounces+puzzel1982=gmail@lists.freeradius.org] On Behalf Of Arran Cudbard-Bell Sent: Thursday, October 10, 2013 1:51 PM To: FreeRadius users mailing list Subject: Re: freeradius 2.2.0 on Fedora and oracle module On 10 Oct 2013, at 12:34

Re: Generating timing stats for ntlm_auth

2013-10-10 Thread Alan DeKok
Phil Mayers wrote: In order to prove this to the AD team, I need to gather some timing stats for ntlm_auth; can anyone think of an easy way to do this within FreeRADIUS? I had patches for this a while ago. But they won't apply to the current code. The idea was to update the modsingle

Re: Generating timing stats for ntlm_auth

2013-10-10 Thread Phil Mayers
On 10/10/13 12:56, a.l.m.bu...@lboro.ac.uk wrote: Hi, Thu Oct 10 11:52:16 2013 : Info: WARNING: Module rlm_eap became unblocked for request 47516341 ...since the return of our students this year. I am 99% sure this is ntlm_auth being slow, and I have a strong suspicion this is related to

Re: freeradius 2.2.0 on Fedora and oracle module

2013-10-10 Thread Arran Cudbard-Bell
On 10 Oct 2013, at 13:39, Puzzel puzzel1...@gmail.com wrote: I've made configure at top level ./configure --with-oracle-lib-dir=/usr/lib/oracle/11.2/client64/lib --with-oracle-include-dir=/usr/include/oracle/11.2/client64 Then i made make, but i still can't find rlm_sql_oracle.so file. :/

Re: freeradius 2.2.0 on Fedora and oracle module

2013-10-10 Thread Alan DeKok
Puzzel wrote: I've made configure at top level ./configure --with-oracle-lib-dir=/usr/lib/oracle/11.2/client64/lib --with-oracle-include-dir=/usr/include/oracle/11.2/client64 If the build is having issues, you should READ the output of configure. It tells you what it's building, and what

Re: freeradius 2.2.0 on Fedora and oracle module

2013-10-10 Thread John Dennis
On 10/10/2013 08:39 AM, Puzzel wrote: I've made configure at top level ./configure --with-oracle-lib-dir=/usr/lib/oracle/11.2/client64/lib --with-oracle-include-dir=/usr/include/oracle/11.2/client64 Then i made make, but i still can't find rlm_sql_oracle.so file. :/ Try reading the output

RE: Generating timing stats for ntlm_auth

2013-10-10 Thread stefan.paetow
authentications (as microsoft call it) - but I'm also looking at samba4 - as it has a new option that will balance ntlm_auth against all known boxes rather than the first box it latches onto - to spread the load. Samba 4 is lurvely... apparently 100% compatible with existing AD

Re: Generating timing stats for ntlm_auth

2013-10-10 Thread A . L . M . Buxey
Hi, Any chance you can point me in the direction of these? heres one: http://support.microsoft.com/kb/2688798 Semi-related, but to my annoyance we're seeing rather less SSL resumption than I would expect, given that iOS and Android both do it by default. Cisco wireless problem? theres

Re: Generating timing stats for ntlm_auth

2013-10-10 Thread A . L . M . Buxey
Hi, Samba 4 is lurvely... apparently 100% compatible with existing AD installations, although, as always, it's a bit finicky and info is a bit thin on the ground (and I've not written up a guide when I set my test environment up that uses an S4 server for EAP-MSCHAPv2). But at least it

RE: Generating timing stats for ntlm_auth

2013-10-10 Thread stefan.paetow
it can also BE an AD master etc. anyway, you dont know how tempting it was to yum install samba4 on our production system ;-) Indeed. That's exactly what I'm using it for. :-) I'd certainly like to see some samba3.x versus samba4 benchmarks in this sort of context Yes, versus Windows 2008

Re: FR3 Debugging Switches

2013-10-10 Thread Phil Mayers
On 09/10/13 19:09, Alan DeKok wrote: That is *exactly* what the server does for TCP. ...in which case my comment is entirely redundant, please disregard! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Generating timing stats for ntlm_auth

2013-10-10 Thread Brian Julin
Phil wrote: I could wrap ntlm_auth in a script that times it and lots the info, but I'm slightly wary of that - it might perturb the timings. Any obvious/easy thing I'm missing? You might be able to run FR under gdb (or attach/resume a running FR), and set breakpoints with commands that

Re: Generating timing stats for ntlm_auth

2013-10-10 Thread Phil Mayers
On 10/10/13 17:16, Brian Julin wrote: You might be able to run FR under gdb (or attach/resume a running FR), and set breakpoints with commands that resume after running the GDB commands. That's in inventive one, but I'm not *that* desperate yet! - List info/subscribe/unsubscribe? See

Re: Error messages in debug on 3.0

2013-10-10 Thread Phil Mayers
On 10/10/13 18:32, Phil Mayers wrote: I've just ported our config to 3.0 and I'm seeing a few error messages; they don't seem to be critical but are concerning me. Specifically I'm seeing: We're also getting: Info: Invalid operator for item Sql-Group: reverting to '==' ...which is logged to

Re: Error messages in debug on 3.0

2013-10-10 Thread Arran Cudbard-Bell
On 10 Oct 2013, at 18:32, Phil Mayers p.may...@imperial.ac.uk wrote: I've just ported our config to 3.0 and I'm seeing a few error messages; they don't seem to be critical but are concerning me. Specifically I'm seeing: ERROR: Conditional evaluation failed due to internal sanity

Re: Error messages in debug on 3.0

2013-10-10 Thread Phil Mayers
On 10/10/13 18:51, Arran Cudbard-Bell wrote: possibly if (outer.request Hmm, no same thing, and worse it's squashing Module-Failure-Message :o( - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Error messages in debug on 3.0

2013-10-10 Thread Alan DeKok
Phil Mayers wrote: I've just ported our config to 3.0 and I'm seeing a few error messages; they don't seem to be critical but are concerning me. Specifically I'm seeing: ERROR: Conditional evaluation failed due to internal sanity check. That should be fixed. Either it can be deleted,

Re: Generating timing stats for ntlm_auth

2013-10-10 Thread Jonathan Gazeley
On 10/10/13 15:01, a.l.m.bu...@lboro.ac.uk wrote: Hi, Any chance you can point me in the direction of these? heres one: http://support.microsoft.com/kb/2688798 Semi-related, but to my annoyance we're seeing rather less SSL resumption than I would expect, given that iOS and Android both do

Re: Error messages in debug on 3.0

2013-10-10 Thread Arran Cudbard-Bell
On 10 Oct 2013, at 22:23, Alan DeKok al...@deployingradius.com wrote: Phil Mayers wrote: I've just ported our config to 3.0 and I'm seeing a few error messages; they don't seem to be critical but are concerning me. Specifically I'm seeing: ERROR: Conditional evaluation failed due to

Re: unlang - delete attribute - !*

2013-10-09 Thread Arran Cudbard-Bell
On 9 Oct 2013, at 07:05, Hachmer, Tobias tobias.hach...@stadt-frankfurt.de wrote: Hello list, I want to delete one reply attribute from the reply list if the access-request is originating not from a special NAS-IP-Address. Currently I have solved this by adding this unlang code in

Re: Managing Data Volume Control More Than 4GB FR CoovaChilli

2013-10-09 Thread Russell Mike
Dear Aran C. Bell Thanks for everything, Here is update. 1.) All-In-MB counter works. Please note, when a user has downloaded his quota, counter do not force log off . Saying other way, if the user is online, he would remain online until he log off him self or stop browsing. But point to be

Re: load balancing radius with F5 devices

2013-10-09 Thread Fajar A. Nugraha
On Wed, Oct 9, 2013 at 3:41 PM, Alex Sharaz alex.sha...@york.ac.uk wrote: While we have 900 switches doing mac and 802.1x based auth, we can have 6000+ users on our wireless network all authenticating to RADIUS via 3 RAS clients. Looking at the back end server log files, it does look as if, in

Re: load balancing radius with F5 devices

2013-10-09 Thread Michael Schwartzkopff
Am Mittwoch, 9. Oktober 2013, 09:41:19 schrieb Alex Sharaz: Hi, Is anyone out there load balancing RADIUS with an F5 load balancer? We're doing it here, but I can't help thinking that the actual load balancing algorithm need some tweaking. As far as I'm aware ( systems section support the

Re: well almost got FR 3.0 to compile on OS X :-)

2013-10-09 Thread A . L . M . Buxey
Hi, Just got a wee bit of trouble linking in the talloc libraries, but I'm sure its not insurmountable Alan uses OSX so I'm *SURE* it compiles fine with the right support stuff present - you should have been compiling it before the official release ;-) alan - List

Re: load balancing radius with F5 devices

2013-10-09 Thread Olivier Beytrison
On 09.10.2013 10:41, Alex Sharaz wrote: Hi, Is anyone out there load balancing RADIUS with an F5 load balancer? We're doing it here, but I can't help thinking that the actual load balancing algorithm need some tweaking. I have f5 loadbalancers but atm I don't use them for our RADIUS

Re: load balancing radius with F5 devices

2013-10-09 Thread Alex Sharaz
On 9 Oct 2013, at 10:16, Fajar A. Nugraha l...@fajar.net wrote: On Wed, Oct 9, 2013 at 3:41 PM, Alex Sharaz alex.sha...@york.ac.uk wrote: While we have 900 switches doing mac and 802.1x based auth, we can have 6000+ users on our wireless network all authenticating to RADIUS via 3 RAS

Re: load balancing radius with F5 devices

2013-10-09 Thread Olivier Beytrison
On 09.10.2013 11:25, Olivier Beytrison wrote: On 09.10.2013 10:41, Alex Sharaz wrote: I was wondering if there's a way off having a bit more granularity in terms of how the f5 load balances incoming RADIUS requests. Another nice thing to do is to do persistence based on radius AVP

RE: load balancing radius with F5 devices

2013-10-09 Thread Vincent, Fabien
...@lists.freeradius.org] De la part de Michael Schwartzkopff Envoyé : mercredi 9 octobre 2013 11:17 À : FreeRadius users mailing list Objet : Re: load balancing radius with F5 devices Am Mittwoch, 9. Oktober 2013, 09:41:19 schrieb Alex Sharaz: Hi, Is anyone out there load balancing RADIUS with an F5 load balancer

Re: well almost got FR 3.0 to compile on OS X :-)

2013-10-09 Thread Alex Sharaz
you don't know how hard it was to wait till the official release :-) A On 9 Oct 2013, at 10:19, a.l.m.bu...@lboro.ac.uk wrote: Hi, Just got a wee bit of trouble linking in the talloc libraries, but I'm sure its not insurmountable Alan uses OSX so I'm *SURE* it compiles fine with the

Re: load balancing radius with F5 devices

2013-10-09 Thread Alex Sharaz
Many thanks for this Olivier, much appreciated Rgds A On 9 Oct 2013, at 11:07, Olivier Beytrison oliv...@heliosnet.org wrote: On 09.10.2013 11:25, Olivier Beytrison wrote: On 09.10.2013 10:41, Alex Sharaz wrote: I was wondering if there's a way off having a bit more granularity in terms of

Re: well almost got FR 3.0 to compile on OS X :-)

2013-10-09 Thread Alex Sharaz
On 9 Oct 2013, at 10:19, a.l.m.bu...@lboro.ac.uk wrote: Hi, Just got a wee bit of trouble linking in the talloc libraries, but I'm sure its not insurmountable Alan uses OSX so I'm *SURE* it compiles fine with the right support stuff present - you should have been compiling it

Re: well almost got FR 3.0 to compile on OS X :-)

2013-10-09 Thread Arran Cudbard-Bell
On 9 Oct 2013, at 11:21, Alex Sharaz alex.sha...@york.ac.uk wrote: you don't know how hard it was to wait till the official release :-) A brew install talloc brew link talloc ./configure make make install ? Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List

Re: Freeradius 3 and DHCP

2013-10-09 Thread Rok Kosir
On 10/08/2013 07:09 PM, Arran Cudbard-Bell wrote: On 8 Oct 2013, at 17:44, Phil Mayers p.may...@imperial.ac.uk wrote: On 08/10/13 17:01, Rok Kosir wrote: authentication to mysql), when i run freeradius -X, i get Segmentation Fault when it reaches dhcp listner. See doc/bugs. and skip to

Re: Usage of Session-Timeout

2013-10-09 Thread Alan DeKok
Volker Lieder wrote: Within the old version, we used a database config for groups with an attribute Session-Timeout and the value `%{expr:06:00}` Which never worked. 06:00 isn't a number. You can't just invent syntax and use i. With new version freeradius send an error while looking in

Re: Managing Data Volume Control More Than 4GB FR CoovaChilli

2013-10-09 Thread Alan DeKok
Russell Mike wrote: All-In-MB counter works. Please note, when a user has downloaded his quota, counter do not force log off . The counter modules DOES NOT DO THAT. To see why, ask yourself what does FreeRADIUS see when the user has downloaded his quota? The answer is nothing. The

Re: Freeradius 3 and DHCP

2013-10-09 Thread Arran Cudbard-Bell
On 9 Oct 2013, at 11:56, Rok Kosir rok.ko...@cosylab.com wrote: On 10/08/2013 07:09 PM, Arran Cudbard-Bell wrote: On 8 Oct 2013, at 17:44, Phil Mayers p.may...@imperial.ac.uk wrote: On 08/10/13 17:01, Rok Kosir wrote: authentication to mysql), when i run freeradius -X, i get

Re: Case statement error

2013-10-09 Thread Alan DeKok
Franks Andy (RLZ) IT Systems Engineer wrote: Trying version #d166290 results in Which is old. The bug has already been fixed. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Managing Data Volume Control More Than 4GB FR CoovaChilli

2013-10-09 Thread Russell Mike
Thanks Alan. D So if you want to do something when the users traffic is over the quota, you have to do it in the accounting section. Could you please kindly indicate what should i do there ? i tried to perform the check again when user is online by adding counter entry in * session* section. but

Re: FR3 Debugging Switches

2013-10-09 Thread Alan DeKok
Adam Bishop wrote: It appears the debugging switches don't work quite as I'd expect in FreeRADIUS 3 when RadSec is configured. Yes. Because of OpenSSL limitations, the server MUST have multiple threads when using radsec. # radiusd -fxx -l stdout Works as expected (threaded debugging

Re: FR3 Debugging Switches

2013-10-09 Thread A . L . M . Buxey
Hi, It appears the debugging switches don't work quite as I'd expect in FreeRADIUS 3 when RadSec is configured. # radiusd -fxx -l stdout yep. if you try 'radiusd -X' it will tell you to run it like that. # radiusd -fXx -l stdout # ./sbin/radiusd -Cfxx -l stdout single thread

Re: FR3 Debugging Switches

2013-10-09 Thread Arran Cudbard-Bell
On 9 Oct 2013, at 15:22, Adam Bishop adam.bis...@ja.net wrote: It appears the debugging switches don't work quite as I'd expect in FreeRADIUS 3 when RadSec is configured. # radiusd -fxx -l stdout Works as expected (threaded debugging with no timestamps), however: # radiusd -fXx -l

Re: Managing Data Volume Control More Than 4GB FR CoovaChilli

2013-10-09 Thread Alan DeKok
Russell Mike wrote: So if you want to do something when the users traffic is over the quota, you have to do it in the accounting section. Could you please kindly indicate what should i do there ? i tried to perform the check again when user is online by adding counter entry in *session*

Re: well almost got FR 3.0 to compile on OS X :-)

2013-10-09 Thread Alex Sharaz
o.k. different method of getting talloc onto machine :-) I used curl -s https://raw.github.com/rudix-mac/package-manager/master/rudix.py | sudo python - install rudix then rudix install talloc :-)) On 9 Oct 2013, at 11:54, Arran Cudbard-Bell a.cudba...@freeradius.org wrote: On 9 Oct

Re: FR3 Debugging Switches

2013-10-09 Thread Arran Cudbard-Bell
On 9 Oct 2013, at 15:47, Alan DeKok al...@deployingradius.com wrote: Adam Bishop wrote: It appears the debugging switches don't work quite as I'd expect in FreeRADIUS 3 when RadSec is configured. Yes. Because of OpenSSL limitations, the server MUST have multiple threads when using

Re: Managing Data Volume Control More Than 4GB FR CoovaChilli

2013-10-09 Thread Russell Mike
Thanks Alan D understood. I will use unlang in accounting. Thanks On Wednesday, October 9, 2013, Alan DeKok wrote: Russell Mike wrote: So if you want to do something when the users traffic is over the quota, you have to do it in the accounting section. Could you please kindly indicate

Re: Version 3.0.0 has been released

2013-10-09 Thread John Dennis
On 10/07/2013 04:18 PM, Alan DeKok wrote: After many years of development, the FreeRADIUS team is happy to announce Version 3 of the world's most popular server. The release was delayed from June in order to track down and solve a number of last-minute issues. We'd like to thank all of the

Re: FR3 Debugging Switches

2013-10-09 Thread Phil Mayers
On 09/10/13 16:36, Arran Cudbard-Bell wrote: On 9 Oct 2013, at 15:47, Alan DeKok al...@deployingradius.com wrote: Adam Bishop wrote: It appears the debugging switches don't work quite as I'd expect in FreeRADIUS 3 when RadSec is configured. Yes. Because of OpenSSL limitations, the

Re: Version 3.0.0 has been released

2013-10-09 Thread Alan DeKok
John Dennis wrote: 3.0 is not on the download page http://freeradius.org/download.html nor is there a download link on the above announcement page. The announcement says: Version 3.0.0 (sig) has been released... The 3.0.0 is a link. I've added a link on the download page. Alan DeKok.

Re: FR3 Debugging Switches

2013-10-09 Thread Alan DeKok
Arran Cudbard-Bell wrote: Isn't it required for doing any RADIUS over TCP? Nope. Only SSL. The reason is that sometimes reading from an SSL socket requires SSL writing data to the other end. So you end up with both ends waiting for something. And that knowledge is buried inside of

Re: FR3 Debugging Switches

2013-10-09 Thread Alan DeKok
Phil Mayers wrote: Perhaps architecturally, but not inherently; you could, at least in theory: 1. Receive 4-byte length 2. Sanity-check the length 3. Allocate buffer 4. Read on TCP socket non-blocking in normal select loop until you've filled the buffer 5. Parse packet from buffer,

Re: 2.2.2 release date

2013-10-08 Thread Alan Buxey
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Why are you so keen for 2.2.2 release? The delay is down to an issue which needs identifying and testing. people who download the HEAD of 2.2.x and test help at this point. alan - -- Sent from my Android device with K-9 Mail. Please excuse my

Re: Managing Data Volume Control More Than 4GB FR CoovaChilli

2013-10-08 Thread Arran Cudbard-Bell
On 8 Oct 2013, at 10:10, Russell Mike radius@gmail.com wrote: Hi List Members i have been reading archives and tying to understand for some days now, but unsuccessful. i am currently working to extend data volume control up to 10GB, which is requirement for the organization. Is

Re: Managing Data Volume Control More Than 4GB FR CoovaChilli

2013-10-08 Thread Arran Cudbard-Bell
It might actually be an idea to add those to the internal dictionary to make it a bit easier. Just to clarify there are two reasons why your current config isn't working: 1. rlm_sql stores the value as a proper 64bit integer, not in the two 32bit chunks represented by Acct-Input-Gigawords

RE: Version 3.0.0 has been released

2013-10-08 Thread Garber, Neal
Congratulations! Thank you again for all of the countless hours you spend on improving the best and most flexible RADIUS server. One question though - is there a typo in the V2 upgrade link below? When I click on it I get a 404 error.. Upgrading instructions are available here:

RE: 2.2.2 release date

2013-10-08 Thread Wang, Yu
like to upgrade to 2.2.2 to see if the memory issue improves. Thanks, Yu Wang -Original Message- From: Alan Buxey [mailto:a.l.m.bu...@lboro.ac.uk] Sent: Monday, October 07, 2013 3:59 AM To: FreeRadius users mailing list; Wang, Yu Subject: Re: 2.2.2 release date -BEGIN PGP SIGNED

Re: Managing Data Volume Control More Than 4GB FR CoovaChilli

2013-10-08 Thread Russell Mike
Dear Arran C. Bell, Thank you very much, i am extremely grateful for your advise and guidelines for troubleshoot also. i am currently experimenting a different rlm_sqlcounter using CoovaChilli dictionary All-In-MB. In result, i can store short number in db. This counter would reset at 2TB with

RE: Version 3.0.0 has been released

2013-10-08 Thread Brian Julin
Neal wrote: When I click on it I get a 404 error.. Upgrading instructions are available here: https://github.com/FreeRADIUS/freeradius- server/blob/release_branch_3.0.0/raddb/README.rst That link would have changed when the release was officially renamed from release_branch_3.0.0 to

RE: Version 3.0.0 has been released

2013-10-08 Thread stefan.paetow
Congratulations! Thank you again for all of the countless hours you spend on improving the best and most flexible RADIUS server. One question though - is there a typo in the V2 upgrade link below? When I click on it I get a 404 error.. Upgrading instructions are available here:

Re: Version 3.0.0 has been released

2013-10-08 Thread Arran Cudbard-Bell
On 8 Oct 2013, at 14:09, Garber, Neal neal.gar...@iberdrolausa.com wrote: Congratulations! Thank you again for all of the countless hours you spend on improving the best and most flexible RADIUS server. One question though - is there a typo in the V2 upgrade link below? When I click on

Re: Managing Data Volume Control More Than 4GB FR CoovaChilli

2013-10-08 Thread Arran Cudbard-Bell
On 8 Oct 2013, at 15:40, Russell Mike radius@gmail.com wrote: Dear Arran C. Bell, Thank you very much, i am extremely grateful for your advise and guidelines for troubleshoot also. i am currently experimenting a different rlm_sqlcounter using CoovaChilli dictionary All-In-MB. In

  1   2   3   4   5   6   7   8   9   10   >