backend you are proxying to
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
M
firewall with huge mtu on the inside interface that was
sending jumbograms that got dropped on the radius.
Greetings
Christian
>
> Best regards, Alex
>
> On 2016-01-18 12:30, Christian Kratzer wrote:
>> Hi Sami,
>>
>> On Mon, 18 Jan 2016, Sami Keski-Kasari wrote:
>>
o starting recipes for this stuff
>> (so you can see how handlers/inner work)
>>
>> alan
>
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997
thBy FILE or AuthBy SQL for an AuthBy INTERNAL.
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288,
because of certificate
issues on the client.
Would you all agree with this ?
I cannot think of any other reason but client misconfiguration when TLS
authentication would stop after sending of the server certificate.
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email
Hi Heikki,
sorry about the delay in answering this.
On Wed, 4 Nov 2015, Heikki Vatiainen wrote:
> On 13.10.2015 15.45, Christian Kratzer wrote:
>
>> 3. Also note the rather high number fo MaxFailedRequests in HASHBALANCE. I
>> saw the backends get marked bad instant
directory.
Greetings and have fun
Christian Kratzer
CK Software GmbH
How to use in the fronend:
--
FailureBackoffTime 60
Secret mysecret
MaxFailedRequests 10
Retries 0
AuthPort 10001
already.
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
Mobile: +49 171 1947 843 Gescha
way.
>
> Once somebody owns a box, all bets are off.
>
> Regards,
>
> Nick
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>
--
Christian Kratzer CK Softwar
Christian
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
Mobile: +49 171 1947 843 Geschaeftsfuehrer
Hi,
On Wed, 24 Jun 2015, Tuure Vartiainen wrote:
Hi,
On 24 Jun 2015, at 10:00, Christian Kratzer ck-li...@cksoft.de wrote:
I have a couple of windows users that send a DOMAIN\ prefix to their
username.
What would be the best way to strip these things when using PEAP with AuthBy
SQL
searching. We will try next to see if we can
sucessfully authenticate TTLS/PAP in order to rule out any challenge issues.
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126
Hi,
On Tue, 9 Jun 2015, Heikki Vatiainen wrote:
On 9.6.2015 15.05, Christian Kratzer wrote:
On Tue, 9 Jun 2015, Heikki Vatiainen wrote:
snipp/
It should now return accept or reject, not a challenge. If it accepts,
it will tunnel MS-CHAP2-Success back to the client with the accept
the password, that's the v2 part. Also,
the username must be the same the client uses when it calculates its
expected value. You should not rewrite it for plain MSCHAPv2.
Thanks,
Heikki
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg
Hi,
On Tue, 9 Jun 2015, Heikki Vatiainen wrote:
On 9.6.2015 15.18, Christian Kratzer wrote:
yes that would help separate the cases but I would still need to solve
the non eap case, i.E how to ignore SQLauthorize while SQLauthenticate
is challenging the client. Would something like this work
Hi,
before we whip up something does anybody know of a rcrypt implemantation in
java.
It's under 10 lines of perl in Radius/Rcrypt.pm to port for encryption but if
anoybody already has something I would rather not dive into java. ;)
Greetings
Christian
--
Christian Kratzer
how to accomplish authorization after failed
chap authentication.
Terveisin
Christian
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB
the inner AuthBy INTERNAL will change reject to accept
and mark it with vendor specific attribute that you can use in later
INTERNAL to determine if authentication was successful or not.
Best Regards,
Sami
On 02/24/2015 01:12 PM, Christian Kratzer wrote:
Hi Sami,
We made progress with our
Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer
Web
. The
autorisation clauses use NoEAP in order to not interfere with the
EAP challenge authentication. So the usual variables seem to have the
outer identity.
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
Phone
.
***
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
--
Christian Kratzer
AuthINTERNAL.pm
find / -name radiusd
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht
a current bug or if it's my fault.
OS: SunOS foobar 5.11 11.1 sun4v sparc SUNW,Sun-Fire-T200
perl -v:perl 5, version 12, subversion 4 (v5.12.4) built for sun4-solaris
radiusd -v: This is Radiator 4.11 on foobar
Best Regards
Charly
--
Christian Kratzer
wrote:
Hi Christian, RADIATOR team and listeners,
Am 05.07.2013 18:57, schrieb Christian Kratzer:
...
just saw that you start with:
Realm DEFAULT
and close with:
/Handler
uups, sorry but in my original cfg there isn't such a typo
and if I correct this stupid error it's
. This is most likely a problem in one of the
modules you are using. Plain radiator generally does not crash oder leak
memory.
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0
- VIX
Universitaetsstrasse 7, A-1010 Vienna, Austria, Europe
Tel: ++43 1 4277 - 14070 (Fax: - 814070) KB1970-RIPE
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
--
Christian Kratzer
@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288
(876) 936-4819
Mobile (876) 997-0729
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
Web
packets from those devices.
Something similar to above scenario seems much more likely than radiator
selectively dropping accounting for random users.
Greetings
Christian Kratzer
CK Software GmbH
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de
by running a packet capture of
traffic between your radius and your ldap servers.
Recent versions of AudhBy LDAP2 in Radiator automatically reconnect in these
cases so you do not lose an auth request and get now operations error.
Greetings
Christian Kratzer
CK Software GmbH
Thanks.
Jim
. Should not be too
hard as radius is not that many packets.
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB
://www.open.com.au/mailman/listinfo/radiator
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
in a all clients. Failover comes
naturally with radius.
Greetings
Christian Kratzer
CK Software GmbH
BR
Quique.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
--
Christian Kratzer CK
openldap 2.3.
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
Web: http
with pam_radius is using.
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
Web
.
Any ideas?
-Mensaje original-
De: Christian Kratzer [mailto:ck-li...@cksoft.de]
Enviado el: miƩrcoles, 30 de marzo de 2011 9:23
Para: Francisco Rodrigo Cortinas Maseda
CC: radiator@open.com.au
Asunto: Re: [RADIATOR] Problem with pam_radius
Hi,
On Wed, 30 Mar 2011, Francisco Rodrigo
the same as the mac adresse seen on the ethernet.
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB
to test most EAP methods.
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
Modules: Digest::HMAC 1.02, Digest::MD5 2.38, Digest::SHA1 2.12,
Net::SSLeay 1.36
Thanks,
Patrik
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
--
Christian Kratzer CK
Kratzer
CK Software GmbH
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
Web: http://www.cksoft.de
requests and will return ignore.
The AuthBy SQL will be called but will only handle accounting as you have
configured IgnoreAuthentication.
There are many possible variations but I think above is the simplest.
Greetings
Christian
--
Christian Kratzer CK Software GmbH
radwho.cgi could
then query.
Accounting would get you start, stop and interim records which all included the
actual assigned ip.
This would also let you have the nas assign the ips which is also much more
stable in the long run.
Greetings
Christian
--
Christian Kratzer
with the foregrund option to see if
it logs more errors from missing modules.
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997
.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9
will cause other problems
further down the line.
I would suggest that you remove the rpm and install from the tarball.
The Makefile will automatically find the best path to match your setup.
Greetings
Christian
Thanks.
Jim.
Christian Kratzer wrote:
Hi,
On Fri, 4 Feb 2011, Jim Tyrrell wrote
FreeTDS is these days. Last time I
saw it 10 years ago it had lots of issues. I also do not know if they
have kept up with MS-SQL and it's development.
As an alternative you might want to try DBD::proxy together with DBD::OBDC on
your Windows Server.
Greetings
Christian
--
Christian Kratzer
situations when the specific request which runs into
an error situaion is dropped but radius resends should handle those
cases.
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0
to list out each individual LDAP
server?
you should explicitly list all servers as Dns will get resolved once
on load of config.
Load-balancing isn't required, though I've seen Hugh's advice for how
to do that in an email from May 14th, 2008.
Greetings
Christian
--
Christian Kratzer
is an huge leap.
For more detailed help you might want to post your config file stripped of all
secrets.
Greetings
Chrsitian
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126
..)
Thanks guys, appreciate any help you can provide.
did you install the radiator perl modules ?
The radiusd script needs to match the perl modules. One or the other
might be from the really old radiator.
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email
are a great way to label any parts of the radiator config not only
handlers also clients and authbys. You will find the respective identifiers in
all kinds of logs and stats.
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de
eapol_test from the wpa_supplicant sources though.
A quick google for eapol_test brings up following:
http://deployingradius.com/scripts/eapol_test/
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
Phone: +49
occurring.
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
Web
you will probably have to use a hook and
operate on the string.
Greetings
Christian
Thanks
Ian
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032
/listinfo/radiator
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Schwarzwaldstr. 31
Phone: +49 7452 889 135 D-71131 Jettingen
Fax: +49 7452 889 136 HRB 245288, Amtsgericht Stuttgart
Web: http://www.cksoft.de
Christian Kratzer
CK Software GmbH
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Schwarzwaldstr. 31
Phone: +49 7452 889 135 D-71131 Jettingen
Fax: +49 7452 889 136 HRB 245288, Amtsgericht Stuttgart
Web: http
56 matches
Mail list logo