Ramon Escriba wrote:
>
> Has any one a clue of what I did wrong?
>
Actually, forget it...
http://wiki.freeradius.org/index.php/FAQ#It_still_doesn.27t_work.21
Regards
--
Alexander Clouter
.sigmonster says: Conscience is what hurts when everything else feels so good.
-
27;, effectively doing:
ldapsearch -h server -x -b ou=Departments,dc=corp,dc=development,dc=com
'(&(cn=WANN)(|(&(objectClass=GroupOfNames)(member=CN...'
I'm guessing that's not where 'cn=WANN' lives? What does the following
give you?
ldapsearch
is just what our Cisco 3750's knock out, and I guess
other vendors might vary.
Cheers
--
Alexander Clouter
.sigmonster says: "He don't know me vewy well, DO he?" -- Bugs Bunny
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
;ou' is more akin to a 'directory' in a filesystem rather than something
that records any useful information.
What do ldapsearch's give you for 'cn=wann' and
'member=CN=RobertTest1,ou=WANN,ou=Departments,dc=corp,dc=development,dc=com'?
Cheers
--
Alexander Clouter
.sigmonster says: You have a truly strong individuality.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
o proxy through instead it is possible. You would need
to script up something with rlm_perl/rlm_python to build up a cache, and
the virtual failover system would then have to query that cache.
Cheers
--
Alexander Clouter
.sigmonster says: I *like* the chicken
-
List info/subscribe/unsubs
rself
http://wiki.freeradius.org/index.php/FAQ#It_still_doesn.27t_work.21
Cheers
--
Alexander Clouter
.sigmonster says: Check your local listings.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Arran Cudbard-Bell wrote:
>
> On Apr 11, 2011, at 1:40 PM, Alexander Clouter wrote:
>
>> GreenUA wrote:
>>>
>>> I reviewed RFC and FAQ, but i can't fined sane info about
>>> configuration of freeRADIUS server (on Windows) to send
in your Apache access logs.
Depending on what you are trying to make free, it might be effectively
cheaper for your organisation to just give people a credit quota each
month (say able to download 4GB before charging begins).
Cheers
--
Alexander Clouter
.sigmonster says: Thrashing is just virt
, but that causes errors. Does anyone
> have a working copy of the init.d script I could look at?
>
That's a Bad Idea(tm). Learn to use 'screen'[1], 'tee' and call
freeradius with 'radiusd -X | tee /tmp/debug' manually.
Cheers
[1] http://www.kuro5hin.org/st
dius. The
> radius Framed-IP-Address attribute is not useful.
>
*ahem*
s/VLAN/IP/
"IP assignment on"
> You need to run a DHCP server.
>
Indeed, do not mention though FreeRADIUS can do DHCP though ;)
Cheers
--
Alexander Clouter
.sigmonster says: If you
p-server.example.com -x -LLL ''
Where is what you see FreeRADIUS make in the output of 'radiusd
-X'.
Cheers
--
Alexander Clouter
.sigmonster says: "Out of register space (ugh)"
-- vi
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
face/gateway) then it should work. If you have miconfigured the
server so that it does not how to route to src-ip-of-request via the
interface it saw the packet come in on, then you will have a problem
(although I would have expected no reply at all).
Cheers
--
Alexander Clouter
.sigmonste
ut -text
You probably will find if you change those tls 'demands' to 'never'
things work, but then it kinda is self defeating :)
Cheers
--
Alexander Clouter
.sigmonster says: You can't break eggs without making an omelet.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
s there any way?
>
Indeed.
Regards
--
Alexander Clouter
.sigmonster says: Talk is cheap because supply always exceeds demand.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ponse, if any)
Please, throw is a freeking bone here...try starting with the
documentation, Google and the FreeRADIUS mailing list archives.
Regards
--
Alexander Clouter
.sigmonster says: What this country needs is a good five cent microcomputer.
-
List info/subscribe/unsubscribe? See http://w
- NAS-Port-Id
For a list of valid types either grep the dictionaries or look at:
http://www.iana.org/assignments/radius-types/radius-types.txt
Cheers
--
Alexander Clouter
.sigmonster says: You auto buy now.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
. You have to see it from our point of view, so far it
seems to us, the problem is not important enough to you to detail here
its specifics or for you to actually read the documentation, so
obviously is not important enough for us all to burn our *free* and
*volunteered* time on?
Cheers
--
get on a production box... :)
Cheers
[1] http://stuff.digriz.org.uk/freeradius-acct-segfault.pcap
--
Alexander Clouter
.sigmonster says: Preserve the old, but know the new.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
r and giggles.
> what are you doing with this accounting packet when it arrives? 'detail'
> module? SQL ?
>
Journalled accounting, it's picked up by decoupled account virtual
server.
Cheers
--
Alexander Clouter
.sigmonster says: Generic Fortune.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
vendor why you are not
seeing accounting on-off packets (your NAS will send a 'reset'
accounting packet to your RADIUS server that you can use to trigger an
early session stop for all the users).
Cheers
--
Alexander Clouter
.sigmonster says: Accordion, n.:
ng everyone at a latter date to move to a different
SSID is a real pain.
> Thanks for your reply, and sorry for my english, I'm French ;)
>
We forgive you... ;)
Cheers
--
Alexander Clouter
.sigmonster says: A modem is a baudy house.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
te-Group-Id := "staff"
}
}
elsif (request:User-Name =~ /^.{8}$/) {
update reply {
Tunnel-Private-Group-Id := "student"
}
}
if (reply:Tunnel-Private-Group-Id != "unauthorised") {
update reply {
# Cisco only support a max of 65535
Session-Timeout := 648
ers), I have a reponse
> like that : Tunnel-Private-Group-Id:0 = "staff". This is not correct
>
> And I have place this code in this file /site-enabled/default in the section
> post-auth. Is that correct ?
>
Without the output from 'radiusd -X', I cannot help you.
Regards
--
Alexander Clouter
.sigmonster says: Am I accompanied by a PARENT or GUARDIAN?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
without having to buy an expensive and/or complicated load-balancer:
http://www.digriz.org.uk/ha-ospf-anycast
Cheers
--
Alexander Clouter
.sigmonster says: If you knew what to say next, would you say it?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
= Yes
[your existing config here]
Alternatively, you can bolt the following to the end:
DEFAULT Auth-Type := Reject
I prefer to 'deny, allow' (in Apache speak), but you might prefer
'allow, deny'.
Cheers
--
Alexander Clouter
.sigmonster says: Have a taco.
. Be sensible and use PostgreSQL.
Cheers
--
Alexander Clouter
.sigmonster says: BOFH excuse #350:
paradigm shift...without a clutch
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[1] there is actually a 'bug' in FreeRADIUS I keep meaning to submit a
patch for to avoid this (add ' connect_timeout=3' to the end of
your PgSQL password to see the effect[2] on an unpatched system)
[2] http://www.postgresql.org/docs/7.3/static/libpq-con
Alan Buxey wrote:
>
> go on, join eduroam.
>
I got a @illinois.edu lurker this week here at soas.ac.uk :)
Cheers
--
Alexander Clouter
.sigmonster says: Wagner's music is better than it sounds.
-- Mark Twain
-
List info/subscribe/unsubsc
version which might already have a fix:
http://git.freeradius.org/
Cheers
--
Alexander Clouter
.sigmonster says: He's just like Capistrano, always ready for a few swallows.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
virtual
server.
The solution is in the NAS, not FreeRADIUS :)
Cheers
--
Alexander Clouter
.sigmonster says: Them as has, gets.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
* what is actually happening
Cheers
--
Alexander Clouter
.sigmonster says: You enjoy the company of other people.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to include a '/^....$/'?
Cheers
--
Alexander Clouter
.sigmonster says: Old programmers never die, they just become managers.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
me == "ssid_student") {
if (($1) && $1 == "students.") {
update reply {
Tunnel-Private-Group-Id := "std"
Aruba-User-Role := "std"
}
}
else {
d not even exist.
Just throwing another option out there...although I would recommend the
users file with a bunch of fall throughs personally.
Cheers
--
Alexander Clouter
.sigmonster says: All phone calls are obscene.
-- Karen Elizabeth Gordon
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
be a lot less trouble (ie,
no need to recompile things as an example).
Cheers
--
Alexander Clouter
.sigmonster says: Don't feed the bats tonight.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
meet their needs
One word of warning, do *not* use system()/exec() or whatever python
uses. Use a native LDAP module. Same with the OTP/SMS approach if
possible. Calling OS commands like that, especially when there are
native libraries, is generally a Bad Idea(tm) and the coding gods *will*
smi
in in your hash is
remembered across FreeRADIUS restarts.
Cheers
[1] http://search.cpan.org/dist/BerkeleyDB/BerkeleyDB.pod
--
Alexander Clouter
.sigmonster says: BOFH excuse #192:
runaway cat on system.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
alled only when rlm_perl fires up, afterwards your
methods are called whenever required, pre-emptively.
Cheers
--
Alexander Clouter
.sigmonster says: You mean you don't want to watch WRESTLING from ATLANTA?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
perately processed
in authenticate.
So, for example:
authorize {
...
# User-Password is 'foo bar'
python-otp
# User-Password is 'foo'
# User-OTP is 'bar'
ldap
...
}
authenticate {
...
Auth-Type python-otp {
otp
ldap
}
...
}
C
ach[2] ('man 5 unlang')
* make your pants explode[3]
Cheers
[1] http://git.freeradius.org/
[2]
http://freeradius.1045715.n5.nabble.com/regex-matching-can-be-convinced-to-be-TRUE-if-you-re-insistive-enough-td4422200.html
[3] http://www.youtube.com/watch?v=Ysw4Xv6JI_w (0:00 -> 0:30 second
now do not need to install an experimental armel valgrind :)
Cheers
--
Alexander Clouter
.sigmonster says: Expect the worst, it's the least you can do.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
e
time next week. Cannot have Imperial stealing the whole show :)
Cheers
--
Alexander Clouter
.sigmonster says: You will have many recoverable tape errors.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP-Group to be
redundant today.
Cheers
[1] for use, we have typically use the following type of thing (or it's
inverse with a follow through clause):
Huntgroup == foo, Ldap-Group == cheesy, Auth-Type := Accept
Huntgroup == foo, Ldap-Group == chips, Auth-Typ
IdenticalClients X.X.X.X Y.Y.Y.Y Z.Z.Z.Z
>
> FR allows you to specify something like this on clients.conf
>
> X.X.X.0/24 using ipaddr and netmask
>
I suspect you can use 'templates {}' too, we use it in proxy.conf, I
cannot see why it could not be used in clients.conf t
ave added a pam option
> "always prompt" in the attached code. This will force a "WiKID
> passcode:" prompt regardless of any previous password entry. This can
> be changed, of course.
>
Better to lead with the OTP as then you fend off brute force and
dictionary atta
}
otp-exec-thingy
...
}
Cheers
--
Alexander Clouter
.sigmonster says: Good day for overcoming obstacles. Try a steeplechase.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
quot;External" in XTradius)?
>
http://lmgtfy.com/?q=freeradius+exec
Cheers
--
Alexander Clouter
.sigmonster says: Have no friends not equal to yourself.
-- Confucius
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
* rihad [2011-07-07 15:09:22+0500]:
>
> On 07/07/2011 12:28 PM, Alexander Clouter wrote:
> >rihad wrote:
> >>Hi, all. We have some legacy software that ran under XTradius
> >>(xtradius.sourceforge.net). The important thing was to execute an
> >>exter
et
themselves connected:
https://su1x.swan.ac.uk/
Believe me, collecting and managing MAC addresses is not something I
would wish on anyone.
Cheers
--
Alexander Clouter
.sigmonster says: "Ninety percent of baseball is half mental."
-- Yogi Berra
-
List in
in LDAP and it works well for us. If the MAC address is not
'registered' then the client has to use an 802.1X authentication.
Cheers
--
Alexander Clouter
.sigmonster says: When you don't know what to do, walk fast and look worried.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
which is *good*,
doing things this way means you still get the inner name for
resumed sessions
As a bonus, the Auth-Type is extractable..if you use TLS cached
sessions, then this will be EAP.
Cheers
--
Alexander Clouter
.sigmonster says: It was Penguin lust... at
d_reply = yes ,in eap.conf. Even after
> that I can't see the User-Name attribute has modified in
> Access-Accept.
>
Well, when you do get it working, remember to trim it for eduroam
replies bound for JANET's JRS's; the username should only go to your
*own* NAS's a
authorize {
...
if (Airespace-Wlan-Id == "student_ssid") {
EAP_student
}
else {
EAP_staff
}
...
}
Cheers
--
Alexander Clouter
.sigmonster says: Remember to say hello to your bank teller.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Gary Gatten wrote:
>
> "RADIUS - Half the complexity of Diameter"
>
Don't encourage him...
Cheers
--
Alexander Clouter
.sigmonster says: Life is NP-hard, and then you die.
-- Dave Cock
-
List info/subscribe/unsubscribe? See http:/
else {
...
}
}
The huge advantage is that *every* user at your organisation can follow
the same instructions to connect to the wireless (and wired) network.
It is also then trivial to put in 'eduroam'; if you use 'eduroam' from
day one (*strongly* recomme
gt;
$' and $` is a perlism. You want something like (look at policy.conf
rewrite.calling_station_id and rewrite.called_station_id as an example):
if (User-Name =~ /^[^\\]\\?(.*)$/) {
update request {
Stripped-User-Name := "%{1}"
}
}
Untested, but hopefully you get the idea. :)
Cheers
--
Alexander Clouter
.sigmonster says: Sauron is alive in Argentina!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
u=LanWarden,o=soas?cn?one?(&(objectClass=lanwardenNetwork)(member=%{control:Ldap-UserDn}))}"
}
}
}
}
}
It looks horrible as xlat does *not* support failover. :(
Cheers
[1] http://www.digriz.org.uk/lanwarden
--
Alexander Clouter
.sigmonster says: You are so boring that when I see you my feet go to sleep.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
e committing the text to the repository. Would you still
> have an issue with this?
>
That would be pretty schweet. I would not 'pre-process' the text, I
would make sure those /{{{/whatever remains intact so you do not
suffer indentation pain when editing existing content.
Cheer
(and numerous 'eduroam'
examples, it looks like you are aiming for this type of thing).
'suffix' is what you want in your authorize section, you then pass to
the ldap module 'Stripped-User-Name'.
Cheers
--
Alexander Clouter
.sigmonster says: Massachusetts has the best politicians money can buy.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
here, we just wanted to keep equipment that we
maintain and equipment we do not in different subnets. Mainly to keep
the subnet's small :)
Cheers
[1]
http://www.soas.ac.uk/itsupport/personal-equipment/unauthorised-workstation.html
--
Alexander Clouter
.sigmonster says: Where do you think you're going today?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dulterated.
This sounds like maybe the *inner* auth User-Name is realmless and
making it's way out into outer.reply. When you use 'User-Name' in
post-auth{} you will get reply:User-Name rather than request:User-Name
if I remember correctly.
The fix is to *reject* inner-
we see your configuration? Are you using
ldap xlat to set User-Name? If so, don't!
Cheers
--
Alexander Clouter
.sigmonster says: fortune: not found
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ion resumption? Also TTLS/MSCHAPv2 is possibly for you actually
TTLS/EAP-MSCHAPv2 which means you get in effect an inner-inner tunnel if
I remember correctly.
Have a nosey at:
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg71026.html
Cheers
--
Alexander Clouter
.sigmonst
f *any* mailing
list)?
> Is it possible to do this configuration in conjunction with redundant ldap
> configuration??
>
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg71133.html
Cheers
--
Alexander Clouter
.sigmonster says: Is there life before breakfast?
-
...
Just a warning, but I would imagine there would be other grumblings on
the list (or I have missed them and it's already fixed...).
Cheers
--
Alexander Clouter
.sigmonster says: I can't stand squealers; hit that guy.
-- Albert Anastasia
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alexander Clouter wrote:
>
> I am though currently trying to pin down a bug where FreeRADIUS just
> closes it's-self down for no reason at all. I have run tcpdump during
> the clean shutdown, and see it is not malformed traffic causing the
> problem, RAM usage is norma
Fajar A. Nugraha wrote:
> On Thu, Jul 28, 2011 at 4:42 PM, Alexander Clouter wrote:
>> rad_recv: Status-Server packet from host 127.0.0.1 port 50412, id=38,
>> length=38
>> [event.c:3002] Failed to insert event
>>
>>
>> There seem to be a bunch of
Alan DeKok wrote:
> Alexander Clouter wrote:
>
>> rad_recv: Status-Server packet from host 127.0.0.1 port 50412, id=38,
>> length=38
>> [event.c:3002] Failed to insert event
>
> Ouch.
>
Indeed. It did only start to happen once I upgraded to 2.1.11 from
2.
and per
> thread overhead will like the rlm_perl.
>
Without including your FreeRADIUS configuration there is very little
anyone here can do to help you other than ask have you just tried using
both modules?
authorize {
...
eap
perl
...
}
authenticate {
eap
perl
}
--
his could be further interpreted that the service is
stable as well as alive. If the system briefly came back and died then
on attempt two or three you would have likely seen a failure.
Hope I am explaining myself well :)
Cheers
--
Alexander Clouter
.sigmonster says: BOFH excuse #256:
n: Release Id: 0
If you have the stomach, a quick Google search takes you to the PHP
website[1] (e) but there is a posting that you should find useful.
Looks like with Win2k3 you must have referrer following turned off and
you cannot search the *whole* base of your directory, you can only
search a sub-branch. I suspect the fix is nothing more than setting
'basedn' to "ou=lusers,dc=my,dc=domain,dc=name".
Cheers
[1] http://www.php.net/manual/en/function.ldap-search.php#45388
--
Alexander Clouter
.sigmonster says: Without fools there would be no wisdom.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the time and for the whole time
since FreeRADIUS was started was all normal (from my torrus[1] graphs).
Will keep you posted if anything crops up...touch wood it seems okay.
Cheers
[1] http://torrus.org/ is amazing, especially combined with snmpd on
hosts too
--
Alexander Clouter
.si
l+session+clean
Cheers
--
Alexander Clouter
.sigmonster says: Got a dictionary? I want to know the meaning of life.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the SNMP
communitities and you quickly have five minutely graphs for *every* port
on your network; and various server with SNMPd running.
Simples
--
Alexander Clouter
.sigmonster says: "Apathy is not the problem, it's the solution"
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
he windows workstation running
ldp.exe if you get desperate. It might give you some hints.
(although I see you have already figured things out in your next posting)
> OT and perhaps reply off list, but I'm curious why you say "e" to
> PHP, and what you would use instead?
>
Flamebait! I nearly fell for it. :)
You have permission to Google-stalk me if you really want to know
what I use.
Cheers
--
Alexander Clouter
.sigmonster says: What soon grows old? Gratitude.
-- Aristotle
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
tion to use, although it will not
give you what you want; but it would enable you to use unlang to perform
other tasks.
Cheers
--
Alexander Clouter
.sigmonster says: You fill a much-needed gap.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
me, for this purpose?
>
No need in theory, I personally do just to fix up certificate
validation[1] when using ldapsearch and whatnot though.
Cheers
[1] TLS_CACERT /etc/ssl/certs/ca-certificates.crt
[2]
http://lists.cistron.nl/pipermail/freeradius-users/2005-December/msg00228.html
odule has failed. Combine this with what
Alan already has pointed you to, do_not_respond in policy.conf, and you
should be able to get to where you want to be.
Cheers
--
Alexander Clouter
.sigmonster says: If you sow your wild oats, hope for a crop failure.
-
List info/subscribe/unsubs
r as I am aware, this cannot be done; unless you can find a PAM
RADIUS plugin that supports CHAP.
You should use SSH public keys. If you want that centrally managed have
a look at putting your users SSH keys into LDAP:
http://freshmeat.net/projects/lpkfuse
Cheers
--
Alexander Clouter
n to support eduroam at the University
of Sussex".
It's all good stuff though. Pick the approach that makes the most sense
to you and more naturally fits your needs. I like priming FreeRADIUS
with the realm->proxy mapping and leaving it to it's devices, others
prefer to explici
update request {
NAS-Port-Id := "UNKNOWN"
}
}
}
...
}
You should use (I am almost certain you should not be looking at tagged
Apparently it does work, the OP seems to neglected to mention that one
chunk of the debug was for the outer layer, the other the inner auth :-/
Cheers
--
Alexander Clouter
.sigmonster says: Misfortunes arrive on wings and leave on foot.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok wrote:
>
> I've put some pre releases of 2.1.12 on the web site:
>
> http://git.freeradius.org/pre/
>
Priming up my end for a burn in...
Cheers
--
Alexander Clouter
.sigmonster says: And on the seventh day, He exited from append mode.
-
List info/subscribe/u
Alexander Clouter wrote:
>>
>> I've put some pre releases of 2.1.12 on the web site:
>>
>> http://git.freeradius.org/pre/
>>
> Priming up my end for a burn in...
>
24 hours later, still churning happily. Running 2.1.12 (bfe2c025).
Cheers
--
Ale
-
update reply {
Acct-Interim-Interval := 3000 + %{rand:1200}
}
This would give me Acct-Interim-Interval set to 1hr+-10mins.
As it is set now, I just got 1MB of journal recorded to file accounting
data landing on my systems :)
Cheers
--
Alexander Clouter
.sigmonster says: T
.1.x.
Cheers
[1] http://lists.cistron.nl/pipermail/freeradius-users/2011-June/msg00334.html
--
Alexander Clouter
.sigmonster says: An algorithm must be seen to be believed.
-- D. E. Knuth
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
you would have to be crazy to use just basic regex.
Cheers
--
Alexander Clouter
.sigmonster says: Tact, n.:
The unsaid part of what you're thinking.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
better when we ditched mysql
>
Our experience has been that using MySQL pretty much guarantees you
*will* be burnt...especially with the replication.
Cheers
--
Alexander Clouter
.sigmonster says: I'm having a MID-WEEK CRISIS!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
eRADIUS *reference* book rather than a
beginners guide...so I probably am being mean :)
The price is reasonable, and if you are a complete newbie, it will get
you on your feet. The book definitely does what it says on the tin and
I would give it a 7 out of 10...
Cheers
--
Alexander Clouter
Alexander Clouter wrote:
>
> The content is generally rather good, and aside from a few typos, the
> book is let only on some relatively *minor* points:
>
> [snipped]
>
> * unfortunately short EAP section, ignoring session resumption and why
>particular EAP
radlog(1, "...");'... :-/
Searching for 'debug' on the wiki page says many useful things:
http://wiki.freeradius.org/Rlm_perl
...and even less surprisingly it's the same as whats in
src/modules/rlm_perl/example.pl.
*sigh*
Cheers
--
Alexander Clouter
.s
ng, %{radiusGroupName[*]}:
http://freeradius.1045715.n5.nabble.com/foreach-attribute-array-td2787874.html
Cheers
--
Alexander Clouter
.sigmonster says: Guillotine, n.:
A French chopping center.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
tation...
Cheers
--
Alexander Clouter
.sigmonster says: I'm having fun HITCHHIKING to CINCINNATI or FAR ROCKAWAY!!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
not syslog-ng and mmdd.log as
an output?
Cheers
--
Alexander Clouter
.sigmonster says: Postage will be paid by addressee.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
aking the time to subscribe to the
> mailing list which seems to filter out a lot of the time wasters.
>
GMANE is what I use, so do not think about nuking that. If you just
move this to USENET, that probably will fix a huge chunk of the noise
problem and then you also can use killfiles...
Hi,
Elizabeth Steinke <[EMAIL PROTECTED]> wrote:
>
> Since we have other applications that don't and probably never will preform
> redundant
> LDAP lookups I'm thinking I will just an LDAP VIP to the LVS server. I am
> still willing
> to try an solutions in my lab for the sake of having it in
e.
Weird I know, but it seems to work...
Cheers
Alex
--
Alexander Clouter
.sigmonster says: When the revolution comes, count your change.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ed.
Cheers
Alex
[1] I have convinced my self it's safe for a wired network, getting
non-802.1X clients 802.1X'ified, but just not worth the risk for
wireless clients
--
Alexander Clouter
.sigmonster says: Succumb to natural tendencies. Be hateful and boring.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
t...@kalik.net wrote:
>
> You can use perl lc function to make sure attribute is always lower case.
> List perl before checkval.
>
I personally use lower() (pgsql) and do it at the SQL server end.
Cheers
Alex
--
Alexander Clouter
.sigmonster says: We are not a clone.
-
List in
e
Tmp-String-X family of internal variables.
Cheers
Alex
[1] LDAP lookups for example, such as cn=001122334455
--
Alexander Clouter
.sigmonster says: Do not use the blue keys on this terminal.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
1 - 100 of 338 matches
Mail list logo