server crashes with eap/tls after crl update

2007-04-20 Thread Fiederling, Daniel
Hello, this week I updated to freeradius 1.1.6. We use eap/tls with a crl from a Microsoft CA, which is downloaded and converted by a shell script every hour or has to be updated manually. If it changes, I have to reload the server config, right? Since the update the server crashes with a seg

configuration

2007-04-20 Thread parfait kouassi nda
i want to configure my freeradius server to be a proxy server! can i have the config of the modification of freeradius's files? My proxy's server must turn with IAS of windows server 2003! thanks! _ MSN Messenger : discutez en

Re: rlm_perl: perl 5.6 segmentation fault when reloaded

2007-04-20 Thread Boian Jordanov
On Apr 19, 2007, at 10:52 AM, Milan Holub wrote: This version of perl is without ithreads and does not support multiplicity. Problem was localized to detach section of perl module and here is a dummy patch(do not call custom detach function as I do not need it...) An empty detach

Re: configuration

2007-04-20 Thread A . L . M . Buxey
Hi, i want to configure my freeradius server to be a proxy server! can i have the config of the modification of freeradius's files? My proxy's server must turn with IAS of windows server 2003! thanks! you've already posted them. exactly why its not working is another issue altogether! - is

Re: server crashes with eap/tls after crl update

2007-04-20 Thread inverse
On 4/20/07, Fiederling, Daniel [EMAIL PROTECTED] wrote: Hello, this week I updated to freeradius 1.1.6. We use eap/tls with a crl from a Microsoft CA, which is downloaded and converted by a shell script every hour or has to be updated manually. If it changes, I have to reload the server

AW: server crashes with eap/tls after crl update

2007-04-20 Thread Fiederling, Daniel
Hi, it's possible that the radiusd crashes on the next authentication - i only noticed that it runs for a few seconds up to some minutes and then crashes with a seg fault. But I wondering why I don't see any incoming requests when running radiusd -X before the seg fault. That would imply that

Re: configuration

2007-04-20 Thread tnt
There is nothing you need to modify in radiusd.conf - proxying is enabled by default. All you need to do is enter info about IAS server into proxy.conf. IAS uses both 1812/1813 and 1645/1646 ports for authentication/accounting by default, so take your pick. Instructions in proxy.conf about setting

Re: server crashes with eap/tls after crl update

2007-04-20 Thread Alan DeKok
inverse wrote: EAP-TLS is implemented and works fine, so does the CRL. My problem is as follows: the HUP works but radiusd segfaults at the first authentication after the HUP. The server doesn't handle HUP that well. You're *much* better off just killing it and re-starting it. Now I'm in

Questions regarding authentication systems and protocols to password types compatibility

2007-04-20 Thread Reimer Karlsen-Masur, DFN-CERT
Hi Alan, hi list, I appreciate the tables explaining the compatibility of authentication systems / protocols to password type compatibility from: [table 1] http://deployingradius.com/documents/protocols/compatibility.html and [table 2]

Re: Questions regarding authentication systems and protocols to password types compatibility

2007-04-20 Thread Alan DeKok
Reimer Karlsen-Masur, DFN-CERT wrote: I appreciate the tables explaining the compatibility of authentication systems / protocols to password type compatibility from: But I am still confused about the relationship of these two tables to each other and how to use them. Is the following

re: configuration

2007-04-20 Thread parfait kouassi nda
my last coonfiguration of these files is: radiusd.conf proxy_request = yes proxy.conf realm gie.local { type = radius authhost = LOCAL accthost = LOCAL } realm DEFAULT { type =

Re: configuration

2007-04-20 Thread A . L . M . Buxey
Hi, my last coonfiguration of these files is: radiusd.conf proxy_request = yes proxy.conf realm gie.local { type = radius authhost = LOCAL accthost = LOCAL } realm DEFAULT {

Re: re: configuration

2007-04-20 Thread tnt
You are not sending gie.local to your IAS but dealing with them locally. Change realm gie.local back to realm LOCAL and it should start to proxy such requests. Ivan Kalik Kalik Informatika ISP Dana 20/4/2007, parfait kouassi nda [EMAIL PROTECTED] piše: my last coonfiguration of these files

Re: Questions regarding authentication systems and protocols to password types compatibility

2007-04-20 Thread Reimer Karlsen-Masur, DFN-CERT
Thanks Alan! Your answer is raising some more questions though: Alan DeKok wrote: Reimer Karlsen-Masur, DFN-CERT wrote: I appreciate the tables explaining the compatibility of authentication systems / protocols to password type compatibility from: But I am still confused about the

Re: Questions regarding authentication systems and protocols to password types compatibility

2007-04-20 Thread Alan DeKok
Reimer Karlsen-Masur, DFN-CERT wrote: Which freeradius modules can be used for the *simple password store*? files (the users file) unix pam ldap sql (?) Not PAM. Could you please complete this list? Are these entries ending up in the authenticate or authorize or both sections

rlm_sql: %{sql:long query} - length limit

2007-04-20 Thread Milan Holub
Hi Alan and others, using cvs head from yesterday... I have some query in radgroupcheck for some custom attribute defined in dictionary: dictionary: # test_query ATTRIBUTE test_query 3014string select * from radgroupcheck where id=67;

Re: rlm_sql: %{sql:long query} - length limit

2007-04-20 Thread Milan Holub
On Fri, Apr 20, 2007 at 01:25:05PM +0200, Milan Holub wrote: Is there a way how to specify more complex(longer) sql queries in freeradius configuration? == I've increased the value of MAX_STRING_LEN to 1024. Here is a patch: ndex: src/include/libradius.h

RE: Grouping after Kerberos 5 authentication accepted?

2007-04-20 Thread Jason Chan
Hello Alan, It works! After I changed the authorize_check_query the FreeRadius is now able to check for attributes after Kerberos authentications. Thanks! Regards, Jason -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Thursday, April 19, 2007 8:13 PM To: [EMAIL

Re: rlm_sql: %{sql:long query} - length limit

2007-04-20 Thread Alan DeKok
Milan Holub wrote: == I've increased the value of MAX_STRING_LEN to 1024. Here is a patch: It will break almost everything in the server. My query works now but I'm not sure whether this change might not have some unwanted impact somewhere else since the constant is used on many places...

Re: How to use FreeRADIUS proxy to set an attribute value only if not provided by end RADIUS server ?

2007-04-20 Thread Tomas Hoger
On 4/19/07, John Butala [EMAIL PROTECTED] wrote: We would like to use FreeRADIUS (acting as a proxy server) to set the Primary-DNS-Server and Secondary-DNS-server attributes in the auth response to the RADIUS client only if these attributes are not provied by the end RADIUS server (which we

RE: restricting users access to clients?

2007-04-20 Thread Matt Ashfield
HI, I realize this was a thread from over a month ago, but thought I'd ask anyway. I have my original post, followed by your reply, followed by my new question. First off, my original post: We're using FreeRadius to authenticating our wireless users (who's credentials are stored in LDAP). But

Re: suggestions for multiple vlans in hundreds of switches

2007-04-20 Thread Phil Mayers
Matt Ashfield wrote: Hi, We'd like to use FR to assign users on our wired network to one of 30 different vlans on campus, based on an LDAP field. Currently, we are doing this with huntgroups. Namely, we create a huntgroup for the NAS (in our case, a network switch), and then in the users

dictionary question

2007-04-20 Thread Jackson Jerry-NPC637
I'm a freeradius newbie so bear with me. Two questions/issues: 1. I've installed version 1.1.6, but have some dictionary files that are/were setup for Freeradius 1.1.3. I've seen from the README/faq that the dictionary files have changed post 1.1.3 am wondering what I need to