Re: [RADIATOR] 100% load 1 cpu core

backend you are proxying to Greetings Christian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart M

Re: [RADIATOR] EAP-TLS not getting client cert

firewall with huge mtu on the inside interface that was sending jumbograms that got dropped on the radius. Greetings Christian > > Best regards, Alex > > On 2016-01-18 12:30, Christian Kratzer wrote: >> Hi Sami, >> >> On Mon, 18 Jan 2016, Sami Keski-Kasari wrote: >>

Re: [RADIATOR] radiator never gets to the 2nd authentication phase in PEAP - MSCHAPv2

o starting recipes for this stuff >> (so you can see how handlers/inner work) >> >> alan > -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997

Re: [RADIATOR] radiator never gets to the 2nd authentication phase in PEAP - MSCHAPv2

thBy FILE or AuthBy SQL for an AuthBy INTERNAL. Greetings Christian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288,

[RADIATOR] EAP-TLS not getting client cert

because of certificate issues on the client. Would you all agree with this ? I cannot think of any other reason but client misconfiguration when TLS authentication would stop after sending of the server certificate. Greetings Christian -- Christian Kratzer CK Software GmbH Email

Re: [RADIATOR] FarmChildHook to rotate AuthPort, AcctPort and DBSource

Hi Heikki, sorry about the delay in answering this. On Wed, 4 Nov 2015, Heikki Vatiainen wrote: > On 13.10.2015 15.45, Christian Kratzer wrote: > >> 3. Also note the rather high number fo MaxFailedRequests in HASHBALANCE. I >> saw the backends get marked bad instant

[RADIATOR] FarmChildHook to rotate AuthPort, AcctPort and DBSource

directory. Greetings and have fun Christian Kratzer CK Software GmbH How to use in the fronend: -- FailureBackoffTime 60 Secret mysecret MaxFailedRequests 10 Retries 0 AuthPort 10001

Re: [RADIATOR] Password/certificate security seems next to none on Radiator server

already. Greetings Christian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Mobile: +49 171 1947 843 Gescha

Re: [RADIATOR] Password/certificate security seems next to none on Radiator server

way. > > Once somebody owns a box, all bets are off. > > Regards, > > Nick > ___ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator > -- Christian Kratzer CK Softwar

[RADIATOR] Best way to strip leading DOMAIN\ with PEAP

Christian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Mobile: +49 171 1947 843 Geschaeftsfuehrer

Re: [RADIATOR] Best way to strip leading DOMAIN\ with PEAP

Hi, On Wed, 24 Jun 2015, Tuure Vartiainen wrote: Hi, On 24 Jun 2015, at 10:00, Christian Kratzer ck-li...@cksoft.de wrote: I have a couple of windows users that send a DOMAIN\ prefix to their username. What would be the best way to strip these things when using PEAP with AuthBy SQL

[RADIATOR] TTLS with inner MSCHAPv2 vs. inner EAP-MSCHAPv2

searching. We will try next to see if we can sucessfully authenticate TTLS/PAP in order to rule out any challenge issues. Greetings Christian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126

Re: [RADIATOR] TTLS with inner MSCHAPv2 vs. inner EAP-MSCHAPv2

Hi, On Tue, 9 Jun 2015, Heikki Vatiainen wrote: On 9.6.2015 15.05, Christian Kratzer wrote: On Tue, 9 Jun 2015, Heikki Vatiainen wrote: snipp/ It should now return accept or reject, not a challenge. If it accepts, it will tunnel MS-CHAP2-Success back to the client with the accept

Re: [RADIATOR] TTLS with inner MSCHAPv2 vs. inner EAP-MSCHAPv2

the password, that's the v2 part. Also, the username must be the same the client uses when it calculates its expected value. You should not rewrite it for plain MSCHAPv2. Thanks, Heikki -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg

Re: [RADIATOR] TTLS with inner MSCHAPv2 vs. inner EAP-MSCHAPv2

Hi, On Tue, 9 Jun 2015, Heikki Vatiainen wrote: On 9.6.2015 15.18, Christian Kratzer wrote: yes that would help separate the cases but I would still need to solve the non eap case, i.E how to ignore SQLauthorize while SQLauthenticate is challenging the client. Would something like this work

[RADIATOR] rcrypt implemantation in java ?

Hi, before we whip up something does anybody know of a rcrypt implemantation in java. It's under 10 lines of perl in Radius/Rcrypt.pm to port for encryption but if anoybody already has something I would rather not dive into java. ;) Greetings Christian -- Christian Kratzer

Re: [RADIATOR] Extracting certificates info for EAP PEAP,TTLS,TLS

how to accomplish authorization after failed chap authentication. Terveisin Christian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB

Re: [RADIATOR] Extracting certificates info for EAP PEAP,TTLS,TLS

the inner AuthBy INTERNAL will change reject to accept and mark it with vendor specific attribute that you can use in later INTERNAL to determine if authentication was successful or not. Best Regards, Sami On 02/24/2015 01:12 PM, Christian Kratzer wrote: Hi Sami, We made progress with our

Re: [RADIATOR] Extracting certificates info for EAP PEAP,TTLS,TLS

Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer Web

[RADIATOR] Extracting certificates info for EAP PEAP,TTLS,TLS

. The autorisation clauses use NoEAP in order to not interfere with the EAP challenge authentication. So the usual variables seem to have the outer identity. Greetings Christian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone

Re: [RADIATOR] AuthAttrDef for multi-value Radius attribute check

. *** ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator -- Christian Kratzer

Re: [RADIATOR] Radiator 4.11: WARNING: Could not find AuthBy clause with Identifier ...

AuthINTERNAL.pm find / -name radiusd Greetings Christian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht

Re: [RADIATOR] Radiator 4.11: WARNING: Could not find AuthBy clause with Identifier ...

a current bug or if it's my fault. OS: SunOS foobar 5.11 11.1 sun4v sparc SUNW,Sun-Fire-T200 perl -v:perl 5, version 12, subversion 4 (v5.12.4) built for sun4-solaris radiusd -v: This is Radiator 4.11 on foobar Best Regards Charly -- Christian Kratzer

Re: [RADIATOR] Radiator 4.11: WARNING: Could not find AuthBy clause with Identifier ...

wrote: Hi Christian, RADIATOR team and listeners, Am 05.07.2013 18:57, schrieb Christian Kratzer: ... just saw that you start with: Realm DEFAULT and close with: /Handler uups, sorry but in my original cfg there isn't such a typo and if I correct this stupid error it's

Re: [RADIATOR] Radiator Debian Wheezy = memory problem?

. This is most likely a problem in one of the modules you are using. Plain radiator generally does not crash oder leak memory. Greetings Christian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0

Re: [RADIATOR] Radiator Debian Wheezy = memory problem?

- VIX Universitaetsstrasse 7, A-1010 Vienna, Austria, Europe Tel: ++43 1 4277 - 14070 (Fax: - 814070) KB1970-RIPE ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator -- Christian Kratzer

Re: [RADIATOR] Radiator Debian Wheezy = memory problem?

@open.com.au http://www.open.com.au/mailman/listinfo/radiator -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288

Re: [RADIATOR] Accounting records are not written to database

(876) 936-4819 Mobile (876) 997-0729 -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Web

Re: [RADIATOR] Some Authentication Not Getting Logged

packets from those devices. Something similar to above scenario seems much more likely than radiator selectively dropping accounting for random users. Greetings Christian Kratzer CK Software GmbH -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de

Re: [RADIATOR] LDAP_OPERATIONS_ERROR

by running a packet capture of traffic between your radius and your ldap servers. Recent versions of AudhBy LDAP2 in Radiator automatically reconnect in these cases so you do not lose an auth request and get now operations error. Greetings Christian Kratzer CK Software GmbH Thanks. Jim

Re: [RADIATOR] Access-accept response too big.

. Should not be too hard as radius is not that many packets. Greetings Christian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB

Re: [RADIATOR] Radiator clustering on linux

://www.open.com.au/mailman/listinfo/radiator ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2

Re: [RADIATOR] Radiator clustering on linux

in a all clients. Failover comes naturally with radius. Greetings Christian Kratzer CK Software GmbH BR Quique. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator -- Christian Kratzer CK

Re: [RADIATOR] AuthBy LDAP2, HoldServerConnection and missing Retry parameter

openldap 2.3. Greetings Christian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Web: http

Re: [RADIATOR] Problem with pam_radius

with pam_radius is using. Greetings Christian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Web

Re: [RADIATOR] Problem with pam_radius

. Any ideas? -Mensaje original- De: Christian Kratzer [mailto:ck-li...@cksoft.de] Enviado el: miércoles, 30 de marzo de 2011 9:23 Para: Francisco Rodrigo Cortinas Maseda CC: radiator@open.com.au Asunto: Re: [RADIATOR] Problem with pam_radius Hi, On Wed, 30 Mar 2011, Francisco Rodrigo

Re: [RADIATOR] Client MAC:xx-xx-xx-xx-xx-xx

the same as the mac adresse seen on the ethernet. Greetings Christian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB

Re: [RADIATOR] radpwtest for EAP/TTL, EAP/TTLS and PEAP

to test most EAP methods. Greetings Christian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart

Re: [RADIATOR] RadSec and Local DBM Users

Modules: Digest::HMAC 1.02, Digest::MD5 2.38, Digest::SHA1 2.12, Net::SSLeay 1.36 Thanks, Patrik ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator -- Christian Kratzer CK

Re: [RADIATOR] PEAP Unknow Problem

Kratzer CK Software GmbH -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Web: http://www.cksoft.de

Re: [RADIATOR] AcctInsertQuery for Authby RADIUS

requests and will return ignore. The AuthBy SQL will be called but will only handle accounting as you have configured IgnoreAuthentication. There are many possible variations but I think above is the simplest. Greetings Christian -- Christian Kratzer CK Software GmbH

Re: [RADIATOR] Assigning IP's directly from the Radius server

radwho.cgi could then query. Accounting would get you start, stop and interim records which all included the actual assigned ip. This would also let you have the nas assign the ips which is also much more stable in the long run. Greetings Christian -- Christian Kratzer

Re: [RADIATOR] RV: Can't locate object method response_identity

with the foregrund option to see if it logs more errors from missing modules. Greetings Christian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997

Re: [RADIATOR] RHEL6 install - Can't locate Radius/ServerConfig.pm

. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9

Re: [RADIATOR] RHEL6 install - Can't locate Radius/ServerConfig.pm

will cause other problems further down the line. I would suggest that you remove the rpm and install from the tarball. The Makefile will automatically find the best path to match your setup. Greetings Christian Thanks. Jim. Christian Kratzer wrote: Hi, On Fri, 4 Feb 2011, Jim Tyrrell wrote

Re: [RADIATOR] Accounting process dying

FreeTDS is these days. Last time I saw it 10 years ago it had lots of issues. I also do not know if they have kept up with MS-SQL and it's development. As an alternative you might want to try DBD::proxy together with DBD::OBDC on your Windows Server. Greetings Christian -- Christian Kratzer

Re: [RADIATOR] AuthBy LDAP2 failover with round-robin DNS?

situations when the specific request which runs into an error situaion is dropped but radius resends should handle those cases. Greetings Christian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0

Re: [RADIATOR] AuthBy LDAP2 failover with round-robin DNS?

to list out each individual LDAP server? you should explicitly list all servers as Dns will get resolved once on load of config. Load-balancing isn't required, though I've seen Hugh's advice for how to do that in an email from May 14th, 2008. Greetings Christian -- Christian Kratzer

Re: [RADIATOR] Can't Insert into database - fresh radiator install

is an huge leap. For more detailed help you might want to post your config file stripped of all secrets. Greetings Chrsitian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126

Re: [RADIATOR] Updated Radiator - error Can't locate object method readConfig

..) Thanks guys, appreciate any help you can provide. did you install the radiator perl modules ? The radiusd script needs to match the perl modules. One or the other might be from the really old radiator. Greetings Christian -- Christian Kratzer CK Software GmbH Email

Re: [RADIATOR] Handlers with different identifiers

are a great way to label any parts of the radiator config not only handlers also clients and authbys. You will find the respective identifiers in all kinds of logs and stats. Greetings Christian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de

Re: [RADIATOR] Certificate issues with intermediate certificates.

eapol_test from the wpa_supplicant sources though. A quick google for eapol_test brings up following: http://deployingradius.com/scripts/eapol_test/ Greetings Christian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49

Re: [RADIATOR] Hello guys - losing some calls when I get some peaks (per second)

occurring. Greetings Christian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Web

Re: [RADIATOR] Remove Attribute from Reply

you will probably have to use a hook and operate on the string. Greetings Christian Thanks Ian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032

Re: [RADIATOR] refresh time on clientlistsql

/listinfo/radiator -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Schwarzwaldstr. 31 Phone: +49 7452 889 135 D-71131 Jettingen Fax: +49 7452 889 136 HRB 245288, Amtsgericht Stuttgart Web: http://www.cksoft.de

Re: [RADIATOR] Radiator performance problem with specific hardware

Christian Kratzer CK Software GmbH -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Schwarzwaldstr. 31 Phone: +49 7452 889 135 D-71131 Jettingen Fax: +49 7452 889 136 HRB 245288, Amtsgericht Stuttgart Web: http