On 18.3.2024 4.46, Stefan Paetow via radiator wrote:
Just FYI – I noticed that as part of some code to identify broken EAP
packets, the RADIATOR $Radius::EAP::eap_type_to_everyname{} lookup
returns nothing when it comes to EAP method 55 (TEAP). I call it like
this:
my $eap_type =
Meraki VSAs 2, 3 and 4: Meraki-Network-Name, Meraki-Ap-Name and
Meraki-Ap-Tags.
Add PaloAlto VSAs 6 - 10: PaloAlto-Client-Source-IP, PaloAlto-Client-OS,
PaloAlto-Client-Hostname and PaloAlto-GlobalProtect-Client-Version.
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com
the move will be posted on this list when the
move is about to happen.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
radiator@lists.open.com.au
https
.
Thanks,
Heikk
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
radiator@lists.open.com.au
https://lists.open.com.au/mailman/listinfo/radiator
username,convert_from(decrypt(password::bytea, 'foo',
'aes'), 'SQL_ASCII') as password from subscribers_encrypted;
username | password
--+--
mikem| fred
jdoe | somepw
jdoe2| somepw
(3 rows)
Please let us know if you find the above useful.
Thanks,
Heikki
--
Heikki
the select
might be worth experimenting with.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
radiator@lists.open.com.au
https://lists.open.com.au/mailman
and it does not set the NTLM version. For
more, see here:
https://www.samba.org/samba/docs/current/man-html/ntlm_auth.1.html
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator
On 24.8.2023 11.27, Patrik Forsberg via radiator wrote:
Nm, bullseye package worked
The downloads now have a Bookworm-specific UtilXS deb too. You may want
to switch to it because Bullseye uses OpenSSL 1.1.1 series and Bookworm
uses 3.0 series.
Thanks for the reminder!
Heikki
--
Heikki
to be.
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
radiator@lists.open.com.au
https://lists.open.com.au/mailman/listinfo/radiator
adiator mailing list
radiator@lists.open.com.au
https://lists.open.com.au/mailman/listinfo/radiator
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
radiator@lists.op
as an AD computer.
In other words, neither sssd nor Kerberos support NThash based MSCHAP or
its variants.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
e a separate log file just for
the timed out requests.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
radiator@lists.open.com.au
https://lists.open.com.au/mailman/listinfo/radiator
On 25.5.2023 17.57, Karl Gaissmaier via radiator wrote:
Am 25.05.23 um 16:48 schrieb Heikki Vatiainen via radiator:
...
The above should work. Maybe your configuration file sets AcctPort
sometime later?
you are right!
Sorry for that,
Charly
No worries! I prefer these kinds of bugs
port
1812
Thu May 25 17:40:06 2023: NOTICE: Server started: Radiator 4.27 on imac
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
radiator
booleans map to special boolean Perl objects. The sample I did maps the
simple zero or one for 'false' and 'true' respectively.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
__
On 23.5.2023 0.19, Heikki Vatiainen via radiator wrote:
On 22.5.2023 9.37, Greg Haverkamp via radiator wrote:
I get a JSON response that looks something like this:
{
"version": "LinOTP 2.11.2",
"jsonrpc": "2.0802",
"result": {
"status
On 22.5.2023 9.37, Greg Haverkamp via radiator wrote:
I'm attempting to call a fairly simple (but non-modifiable) restful
API by means of AuthBy REST, and I cannot seem to make sense of how I
should act upon the response it gives.
I get a JSON response that looks something like this:
{
would use this approach. It lets you better control and understand
what is the current state of then authentication request-resposne exchange.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
A
Vendor id 40808 seems to have started directly with name "Wi-Fi
Alliance" about late 2012. These attributes currently have prefix WFA-
in Radiator's dictionary.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit rad
On 30.4.2023 15.12, Heikki Vatiainen via radiator wrote:
On 16.3.2023 10.43, Stefan Paetow (OpenSource) via radiator wrote:
Now that people are messing about with OpenRoaming, I've discovered an
attribute that is currently not covered by dictionaries. I suggest
you update the entries
, but it
can be some other 32 bit integer value too. T-C-Filtering appears to be
four octets. The above may need some updates and clarifications but the
definitions should already be helpful.
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server softwar
;<15>W<0>_c}<185>
Attributes:
Reply-Message = "Request Denied"
Reply-Message = "4operator:country"
Rejected: Request Denied
Note that only PreClientHook runs before log level 4 packet dump.
Therefore the updated Operator-Name is not vi
why I called this method "arrangement".
Happy password hunting. Please let us know if the above solves the problem.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Di
oad
balancer and separate Radiator instances listening to different TACACS+
ports. HAProxy could work, but I'd first see about FarmSize on frontend
with backend set so that it can do authorize only requests.
Please let us know if the above helps.
Thanks,
Heikki
--
Heikki Vatiainen
R
guration parameter is removed or commented out from
the configuration. This gives an additional visible hint that password
logging is currently enabled.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TA
AcctResult ACCEPT
RejectReason All LDAP servers are down
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
radiator@lists.open.com.au
https
te1 10
Policer1_Size 1
TimeWindow1 10
# Policer2
SourceKey2 %{Client:Identifier}
MaxRate2 10
Policer2_Size 1
TimeWindow2 10
# Result to use when MaxRate1 or MaxRate2 is exceeded
MaxRateResult REJECT
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: th
to change, for example,
daily, but authentications happening at the same time likely use the
same MAC address.
Hopefully I'm not stating the obvious, but could it be that the user has
multiple devices that auto-join at the same moment?
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most
.
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
radiator@lists.open.com.au
https://lists.open.com.au/mailman/listinfo/radiator
eaders that can be
optionally formatted, or possibly a hook for more flexible header handling.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
radiator@li
e=0"
]
};
Could it be that there's something in your local configuration that adds
TACACSPLUSKey in the attributes? I don't see it in my testing and I also
don't expect it to be present in the request's attribute list.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
radiator@lists.open.com.au
https://lists.open.com.au/mailman/listinfo/radiator
ONFIG_CTRL_IFACE_DBUS_NEW=y
+#CONFIG_CTRL_IFACE_DBUS_NEW=y
# Add introspection support for new DBus control interface
CONFIG_CTRL_IFACE_DBUS_INTRO=y
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
__
stinfo/radiator
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
radiator@lists.open.com.au
https://lists.open.com.au/mailman/listinfo/radiator
with a note telling when the
changes are done.
[1] Domain-based Message Authentication, Reporting and Conformance
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
in the debug level log.
Note that a Status-Server is sent only when there's been no reply from
the next hop server in the last 5 seconds. In other words, Status-Server
is only sent after the receive side has been idle for KeepaliveTimeout
seconds.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers
/RedespatchIfNoTarget_AuthByDNSROAM.html
Please let us know if this is useful.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
radiator@lists.open.com.au
https://lists.open.com.au
On 7.4.2022 19.53, Heikki Vatiainen wrote:
On 7.4.2022 13.57, Wolfgang Breyha wrote:
So I filed:
https://bugzilla.redhat.com/show_bug.cgi?id=2072962
Great, thanks for doing this! Lets see what the reaction is.
An update on this: the above bugzilla issue has a pointer to another
entry
to using LocalAddress to direct IPv4 vs
IPv6, to add hinting to AuthBy REST (and HTTP client class in general).
This could tell to choose IPv4, IPv6 or let getaddrinfo() +
/etc/gai.conf to decide the preference.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit
hed it to use the same routine as radpwts.
(go to the directory /opt/radiator/radiator and appy with “ patch <
builddbm.patch “)
Applied, builddbm is now idential to radpwtst. It you check the diffs,
there are also some unrelated changes that address reports from perlcritc.
Thanks,
Heikki
--
.
(same log shows up without the “AutoClass uuid” enabled)
Thanks for reporting this. It was happening with any configuration when
USR1 and USR2 were used. It's fixed now in the latest patches.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA
know how it goes.
I wasn't aware that rsyslogd has this functionality. It seems like a
good candidate for a suggested configuration when remote syslog is needed.
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
typos are almost impossible to note. I'll review the
rest of the topic too. It can be simplifed to talk about PAP instead of
PPP dialup. There's nothing PPP specific in this AuthBy and it's simpler
to just say PAP, since it doesn't matter which system originates the PAP
request.
Heikki
--
Heikki
lease let us know how it goes.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
radiator@lists.open.com.au
https://lists.open.com.au/mailman/listinfo/radiator
instances of Radiator, see here:
https://blog.radiatorsoftware.com/2019/06/grouping-and-controlling-multiple.html
Please let us know how it goes.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
be clearly separate
within /etc/radiator or the respective folder on Windows.
However, DictionaryFile can be set to any that's locally seen the best
option.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
that just shuffles messages back and forth network
interfaces with minimal wait for external I/O.
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
radiator
what I have seen there are typically some number of errors
seen with busy TLS-based EAP servers.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
radiator
done!
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
radiator@lists.open.com.au
https://lists.open.com.au/mailman/listinfo/radiator
Hmm, multiple different places. Thanks for the quick start guide. I'll
see if I can get something useful too.
Thanks,
heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
radiator@lists.open.com.au
https://lists.open.com.au/mailman/listinfo/radiator
o tried to build a new Net::SSLeay-1.92. Same results.
If we can't find the cause it seems we need to restart radiator periodically.
Hopefully there's another solution. It might be that the OS (RHEL, Alma,
Rocky) patches, and how they affect Radiator, need to be checked at some
point.
sed to Windows.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
radiator@lists.open.com.au
https://lists.open.com.au/mailman/listinfo/radiator
that's part of the
problem.
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows
ay a plain text TOTP value and a hashed TOTP value do not differ
that much because their usefulness is limited by the validity time
window. Radiator checks for replay when a CHAP method is used, so in
that sense they work similarly too.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, make
to
provision user", $_[2]);\
my $self = $_[0]; my $p = $_[2]; \
$self->log($main::LOG_DEBUG, "PostSearchHook2: perform upsert to
provision user", $p);\
main::log($main::LOG_DEBUG, "PostSearchHook3: perform upsert to
provision user", $p);\
};
LDAP for '$dn'");
return;
}
my @hash = $entry->get('hash');
my @username = $entry->get('sAMAccountName');
system('/etc/radiator/inserttotp.sh',@username,@hash);
return;
}
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit r
;
and IPO-Command would be sent out if it were in the dictionary.
The packet dump that shows the incoming messages is done much earlier
than the hook runs. If you'd want to dump the message from a hook too,
use something like this:
main::log($main::LOG_DEBUG, "$me - modified request:\n"
Thanks,
Heikki
Thanks in advance!
Dave
-Original Message-
From: radiator On Behalf Of Heikki
Vatiainen
Sent: Monday, February 14, 2022 8:55 AM
To: radiator@lists.open.com.au
Subject: Re: [RADIATOR] Radiator / LDAP / matching on multi-valued field
On 12.2.2022 0.39, Dave Kitab
don't see
that. Was it sent to this list?
See the list archive. It seems that sometimes messages via the list get
flagged as spam. I think it relates to our email forwarding service so
we'd need to take a look into that.
https://lists.open.com.au/pipermail/radiator/2022-February/thread.html
r->get_reply->add_attr('Reply-Message', 'You are regular');
}
else
{
# Could also use add_attr to assing a default
# authorization level.
$user->get_check->add_attr('Auth-Type', "Reject:No
authorisation group found in LDAP for '$dn'");
}
retur
lly.
8. Remote host to either IP -> Radiator lets the wind decide which IP it sends
from in forwarded packet?
I'd say the only change for this to happen is that when OS network
interfaces are reconfigured and the effective LocalAddress is 0.0.0.0.
Thanks,
Heikki
--
Heikki Vatiainen
OSC,
dictionary. This avoids
overwriting any real Radius attributes already present in the request.
It also keeps the attibute internal because it can not be proxied
without a dictionary entry. This can be helpful with proxy configurations.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
eAttr sAMAccountName
AuthAttrDef logonHours,MS-Login-Hours,check
ConsumePassword
AuthBy otp-authby
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
__
authby
On Fri, Jan 7, 2022 at 5:52 PM Heikki Vatiainen <mailto:h...@open.com.au>> wrote:
On 6.1.2022 14.31, Sagar Malam wrote:
> Thanks for the help. I tried the approach with authby OTP that you
> suggested but once Authby LDAP2 is processed , Authby OTP is not
,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
radiator@lists.open.com.au
https://lists.open.com.au/mailman/listinfo/radiator
IPv6.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
radiator@lists.open.com.au
https://lists.open.com.au/mailman/listinfo/radiator
-Id} -- Authentication OK
FailureFormat %T : '%U' from %N
mac=%{OuterRequest:Calling-Station-Id} -- Authentication FAILED
DefaultResult REJECT
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server softw
and reject the rest.
To clarify my previous email for future refernce: When handling
tunnelled and converted requests, always have a catch-all Handler that
makes sure that even the unexpected cases are correctly handled.
Thanks!
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit
message: it's an unexpected realm: reject
EAPType EAP-MSCHAP-V2
Filename /dev/null
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
radiator@lists.open
race 4' with rdpwtst to see in detail what it sends and receives.
With multi-round authentication, also add '-interactive' flag to tell
radpwtst that more than a single request is needed.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA
Radius where a RADIUS client sends requests
to Radiator. If you'd need to have an integration to web services, that
can be problematic as Dubravko wrote earlier.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
t's available in case the responses need processing
soon after they are received but before they are processed further.
https://files.radiatorsoftware.com/radiator/ref/MapResponseHook_common_httpclient.html
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
radiator@lists.open.com.au
https://lists.open.com.au/mailman/listinfo/radiator
-Installation.html
The similar setup is used with RPM packages too.
Logrotate configuration is available in goodies as goodies/logrotate and
systemd unit files are goodies/radiator*.service
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server
with
client not trusting server's certificate, for example. Because it was
still calling SSL_accept, I don't think it was able to complete TLS
handshake.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
was incorrectly
spelled as Mikortik-DHCP-Option-Param-STR2 in the default dictionary.
Reported by Eddie Stassen.
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX
On 28.10.2021 16.25, Heikki Vatiainen wrote:
I compared Radiator 4.25 and 4.23 AuthLSA.pm and I think the changes
should not trigger this problem. In other words, I'd say the problem is
simply that Win32::NetAdmin is not installed.
Hello Viktu,
I took another look at the changes and I think
4.25 and 4.23 AuthLSA.pm and I think the changes
should not trigger this problem. In other words, I'd say the problem is
simply that Win32::NetAdmin is not installed.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
}
If you run Radiator with debug logging enabled, it will show what
happens with SIGWINCH.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
,
for example, when there's a need to access many different devices to
troubleshoot timeout causes.
As always, feedback is welcome.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
log:
Thu Sep 30 14:44:46 2021:first:OK
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
radiator@lists.open.com.au
https://lists.open.com.au/mailma
manual configuration or
other tools - it's just another way to set up a device.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
radiator@lists.open.com.au
methods and
TCP/SCTP streams.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
radiator@lists.open.com.au
https://lists.open.com.au/mailman/listinfo/radiator
when the NTLM Auth is made.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
radiator@lists.open.com.au
https://lists.open.com.au/mailman/listinfo/radiator
needed update because of differences in Debian/Ubuntu
awk command.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
___
radiator mailing list
radiator@lists.open.com.au
https
).
<https://www.debian.org/News/2021/20210814>
The UtilXS Bullseye package is now available from packages and repos.
https://downloads.radiatorsoftware.com/
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server so
}
I looked at the configuration samples, reference manual and old versions
and it seems this has always been the case. It seems a bit strict,
though. I'll update the manual to be clear about this.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator
with it and then compile the
binary UtilXS for the new Debian release.
The sources are for UtilXS are available with Radiator downloads, so if
you are in hurry, you can compile it. Look for Radius-UtilXS-2.3-1.tgz
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com
nois - Chicago
*From:* radiator on behalf of
Heikki Vatiainen
*Sent:* Wednesday, July 14, 2021 12:05 PM
*To:* radiator@lists.open.com.au
*Subject:* Re: [RADIATOR] we're sending empty realms to eduroam tlrs
servers
On 13.7.2021 22.38, U
not part of the
identity, it's dropped before a match is attempted.
The current EAP-TLS RFC, and the upcoming RFC for EAP-TLS with TLSv1.3
that updates the current RFC, do not require this.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
,
would be needed.
If you have a preferred idea, please let us know.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey
- Realm relationship is discussed in more detail here:
https://files.radiatorsoftware.com/radiator/ref/Handler.html
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory
the probe contents.
This option is available for probing peers that do not respond to
Status-Server messages. This was added to Radiator 4.20 as suggested by
Paul Dekkers. It was needed to get probing to work with some eduroam
organisations, if I remember correctly.
Thanks,
Heikki
--
Heikki
be needed, though.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix
the probing
and uses Redis to keep the other workers informed about the next hop
reachability.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP
if ($s =~ m/^Query to .*AES/s) {
# filter $s
}
return localtime() . ": $priority: $s";
}
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEA
On 11.6.2021 14.42, Heikki Vatiainen wrote:
On 8.6.2021 15.06, alexander.hartma...@t-systems.com wrote:
What is your plan to fix this issue?
One option is to select only TLSv1.2 by default and make it
configurable. If the problem is with Net::HTTPS::NB or HTTP::Async,
allow by default
<https://metacpan.org/release/HTTP-Async/source/lib/HTTP/Async.pm#L551>
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP
Attribute 18 (Reply-Message) length=16
Value: 'Request Denied'
Please note, that "Resending RADIUS message (id=7)" after which reject
come.
Sorry for double post.
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, f
thBy Check2017LDAP
AuthBy Check2017LDAP
AuthLog authlogger
AuthLog FTICKS-FULL
AddToReplyIfNotExist Tunnel-Type=1:VLAN,\
Tunnel-Medium-Type=1:Ether_802
Best regards
--
Heikki Vatiainen
Radiator: the most portable, flex
The above show the errors that are caused by not being able to load CA
file or path.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA
ertificate.
Getting back to Trust-On-First-Use (TOFU), if you have a profile, then
there should be no TOFU triggered prompts because the trust settings are
already defined.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy,
1 - 100 of 236 matches
Mail list logo
