Well this seems to be not true except for the session database ?
For example I have the same "%D" for dictionary and there it seems to be
working in the same way it did for 4.13 ?
O well I'll go for this for now.. just wanted to check if it was a bug or a
feature :)
Regards,
Patri
important is that it has to be working for both tacacs and
radius .. so I can use it as handler trigger..
Regards,
Patrik Forsberg
___
radiator mailing list
radiator@lists.open.com.au
http://lists.open.com.au/mailman/listinfo/radiator
log. Would it be possible to add NAS IP,
Client IP and possibly the Proxy(if one was used) IP to the log message ?
"Access rejected for 88: Blacklisted" is sort of anonymous ..
Regards
Patrik Forsberg
___
radiator mailing list
radiator@li
Hello,
Just throwing out an idea -
You could do a pre handler hook that combines all incoming OSC-Authorize-Group
values into a single value sorted so you know how they will appear to the
handler.
I'm not a fan of hooks but in this case it might be a working workaround :)
Regards,
Patrik
-EXCEEDED 19
VENDORATTR 24757 WIMAX-Qos-Rate-Inbound156 string
VENDORATTR 24757 WIMAX-Qos-Rate-Outbound 157 string
Can't find one for 146 tho..
Something like that - no guarantees..
Regards,
Patrik Forsberg
From: radiator [mailto:radiator-boun
(which would be preferred) ?
---
Regards,
Patrik Forsberg
___
radiator mailing list
radiator@lists.open.com.au
http://lists.open.com.au/mailman/listinfo/radiator
> > I was wondering if the Gossip framework will make any difference for
> > Tacacs Authorization vs. Authentication ? That is if the radiator
> > process is killed for whatever reason will the Gossip framework help
> > it Authorize new requests ? or even help another server to authorize
> > the
Nm.. figured it out.. RTFM ;)
Lexicon..
---
Regards,
Patrik
> -Original Message-
> From: radiator On Behalf Of Patrik
> Forsberg
> Sent: den 17 juli 2018 16:14
> To: radiator@lists.open.com.au
> Subject: [RADIATOR] Change order in how "include" reads file
that optional value ?
a.k.a.
AddToRequest OSC-Device-Identifier="SpecialClient"
And in the user clause say
'' username1 Password=luser1,OSC-Device-Identifier="SpecialClient" ''
?
Or do I have to make a special for this user case ?
---
Rega
Hello,
Resolved this issue myself :)
[0-9]{1,3} doesn't work tho so my final solution is
NAS-IP-Address = /10\.0\.0\..*/
as check item.
Or
"
username1 Password=luser1,NAS-IP-Address = /10\.0\.0\..*/
"
---
Regards,
Patrik Forsberg
> -Original Message-
> From: rad
hit so far does
that innate.
It is also, kind of, logged in the radiator logfile but I'd say it's safer to
get it from accounting.
---
Regards,
Patrik Forsberg
From: radiator On Behalf Of
beheerinfra...@kpn.com
Sent: den 26 augusti 2019 11:04
To: radiator@lists.open.com.au
Cc: beheerinfra
mSize 0 is because I have FarmSize as a variable so I
wouldn't have to change the configuration more then necessary)
---
Best Regards,
Patrik Forsberg
___
radiator mailing list
radiator@lists.open.com.au
https://lists.open.com.au/mailman/listinfo/radiator
esn't seem to help.
---
Best Regards,
Patrik Forsberg
___
radiator mailing list
radiator@lists.open.com.au
https://lists.open.com.au/mailman/listinfo/radiator
Hello,
Made a minor patch for radpwtst and tacacsplustest so they work if you symlink
them from their original directories as well.. (use RealBin instead of Bin from
FindBin package).
Thought I'd share it if someone else has the same issue I did
Regards,
Patrik
radpw.patch
Description:
Hello,
That's more or less what I ended up doing.. but would be a nice feature if
tacacs can't become more like radius/radsec and use gossip for session data :>
//Patrik
> -Original Message-
> From: Hugh Irvine
> Sent: den 10 december 2020 04:40
> To: Patrik Forsberg
Hello,
Try using port 389 for non-ssl or 636 for ssl - even if the server is DC atm.
---
Best Regards,
Patrik
From: radiator On Behalf Of Hirayama, Pat
Sent: den 16 januari 2021 00:56
To: radiator@lists.open.com.au
Subject: [RADIATOR] ERR: AuthLDAP2 Could not open LDAP connection to AD domain
Hello,
I’m looking at using AuthorizeGroupAttr and the attribute OSC-Authorize-Group
to add commands a user is (not )allowed to run when using tacacs.. but I can’t
find any documentation on how to add multiple rules to this attribute ?
Adding the same multiple times are, of course, not working
p = "deny service=shell cmd=*",\
OSC-Authorize-Group = "permit .* {priv-lvl=15}"
Thanks for your reply it cleared that up ??
---
Regards,
Patrik Forsberg
-Original Message-
From: radiator On Behalf Of Heikki
Vatiainen
Sent: den 28 april 2021 17:47
To: radiator@list
then “bad password”).. and the passwordlog shows
the correct password being received and the hash is what is expected from the
sql.. so it is apparent that it is Radiator that decides that the password is
wrong for some reason..
---
Best Regards,
Patrik Forsberg
, Patrik Forsberg wrote:
> I’m trying to use something like $2y$ crypto from a sql query but ..
> either I’ve failed in generation of the hash (using php password_hash)
> or something is missing to allow Radiator to verify against this hash ..
> so I’m wondering if there are any package th
handshake key 0xce00080, needed 0xed00080) “.
So.. my question is if you have any plans to release a Debian Bullseye package
for “utilxs” ?
---
Best Regards,
Patrik Forsberg
___
radiator mailing list
radiator@lists.open.com.au
https://lists.open.com.au
> > I recently, today, upgraded one of our radiator machines to Debian
> > Bullseye and everything worked as it should except when I tried to
> > start Radiator.
> >
> > It fails for the radiator-radius-utilxs_2.3-1 package with “
> > lib/Radius/UtilXS.c: loadable library and perl binaries are
Hello,
Don’t know if you got any response to this but I believe Radiator uses the
default Radius MIB
(https://datatracker.ietf.org/doc/draft-ietf-radius-servmib/).
---
Best Regards,
Patrik
From: radiator On Behalf Of
rohan.he...@cwjamaica.com
Sent: den 24 augusti 2021 04:09
To:
Hello,
Thought I’d share a small but nice feature enhancement to systemD’s
radiator.service/radiator@.service.
Might be an idea to add to the standard distribution
Do systemctl edit radiator.service (and later radiator@.service if you use
multi-instance variation)
Add
“
[Service]
> The UtilXS Bullseye package is now available from packages and repos.
Hello,
I must be blind .. I can't see it ?
xenial, buster, stretch, focal and bionic but not bullseye ?
Thanks,
Patrik
___
radiator mailing list
radiator@lists.open.com.au
Hello,
Are there any kill signal or similar to trigger a reload of the clients cache
in radiator without having to restart the whole process or the usual reload of
configuration as that seem a bit heavy just to reload the clients ?
(should be said that I have all clients in a sql database)
---
Hello,
Yes I'm aware of that but there is no way to manually force an update prior to
the RefreshPeriod trigger ?
---
Regards,
Patrik Forsberg
> -Original Message-
> From: Hugh Irvine
> Sent: den 14 oktober 2021 10:51
> To: Patrik Forsberg
> Cc: radiator@lists.open.c
Hello,
Looks very nice, thanks! ??
---
Regards,
Patrik Forsberg
> -Original Message-
> From: radiator On Behalf Of Heikki
> Vatiainen
> Sent: den 20 oktober 2021 11:49
> To: radiator@lists.open.com.au
> Subject: Re: [RADIATOR] Reload Clients cache list ?
>
Hi,
Was looking over the builddm tool as I was trying to build a dbm db.. and found
out that it doesn’t use the same directory detection as radpwtst and so forth.
I simply copy/pasted the BEGIN clause from radpwtst and that seem to have done
the trick
Might be worth putting into the next
gh Irvine
> Sent: den 14 februari 2022 10:38
> To: Patrik Forsberg
> Cc: radiator@lists.open.com.au
> Subject: Re: [RADIATOR] Accounting Hook ?
>
>
> Patrik -
>
> When setting up this sort of system, Include files and GlobalVar’s are your
> friend.
>
> Let me
.
(Tried it in PreProcessingHook as well with the same result)
---
Best Regards,
Patrik
> -Original Message-
> From: radiator On Behalf Of Patrik
> Forsberg
> Sent: den 17 februari 2022 14:50
> To: Hugh Irvine
> Cc: radiator@lists.open.com.au
> Subject: Re: [RADI
for the help! ??
---
Best Regards,
Patrik
> -Original Message-
> From: radiator On Behalf Of Patrik
> Forsberg
> Sent: den 18 februari 2022 08:21
> To: radiator@lists.open.com.au
> Subject: Re: [RADIATOR] Accounting Hook ?
>
> Hm weird I tried that and it didn't work ..
> From: radiator On Behalf Of Heikki
> Vatiainen
> Sent: den 17 februari 2022 18:15
> To: radiator@lists.open.com.au
> Subject: Re: [RADIATOR] Accounting Hook ?
>
> On 17.2.2022 17.13, Patrik Forsberg wrote:
>
> > The extra data seem to be injected into the accounti
age-
> From: Hugh Irvine
> Sent: den 11 februari 2022 22:24
> To: Patrik Forsberg
> Cc: radiator@lists.open.com.au
> Subject: Re: [RADIATOR] Accounting Hook ?
>
>
> Hi Patrik -
>
> Good to hear from you as always.
>
> I recommend running separate instances for
Hello,
Is there a hook I can use to rewrite the accounting record ?
Looking at the manual the closest I can find is PreProcessingHook ?
I’m trying to create a more generic accounting setup but the way I use it I
only need specific records from the accounting package and depending on vendor
this
To Radiator team –
Found a minor typo in the 4.26 reference manual
Under section 3.62 – AuthBY
“
AuthBy OPT is suitable for authenticating 802.1X Wired and Wireless access with
custom one-time password and token card authentication systems.
“
Believe it should be
“
AuthBy OTP is suitable for
Hello,
I was so happy when I saw “ServerTACACSPLUS log level for client initiated
connection terminations is now DEBUG. It's normal for the client to close
TACACS+ connection.” In 4.26-10 but quickly realized that it doesn’t block the
message I was out to get rid of .. so I made a patch for
Hello,
During troubleshooting I enabled “LogTraceId” and “AutoClass uuid” in Handler.
After this I get “Use of uninitialized value $trace_id in concatenation (.) or
string at /opt/radiator/radiator/Radius/LogFILE.pm line 93.” when doing kill
USR1/USR2.
(same log shows up without the “AutoClass
Hello,
Are there any pre-made examples of using OpenID or SAML to authenticate users ?
I noticed a SAML2 in goodies but I can’t find the SAML2 AuthBy clause in the
documentation ?
---
Best Regards,
Patrik
___
radiator mailing list
Hello,
Do you have a package of Radiator UtilX for Debian Bookworm ?
---
Best Regards,
Patrik
___
radiator mailing list
radiator@lists.open.com.au
https://lists.open.com.au/mailman/listinfo/radiator
Nm, bullseye package worked
---
Best Regards,
Patrik
From: radiator On Behalf Of Patrik
Forsberg via radiator
Sent: Thursday, August 24, 2023 10:17 AM
To: radiator@lists.open.com.au
Subject: [RADIATOR] Debian Bookworm
Hello,
Do you have a package of Radiator UtilX for Debian Bookworm
Hello,
I’m using the ”blacklist” knob in an authby to reject people I don’t like
I had an issue this weekend where the user “DEFAULT” was added to the list of
users, for some reason, and after that no one could login anymore.
After deleting this user all went back to normal again ..
Question..
for the username DEFAULT
instead that is perfect..
---
Best Regards,
Patrik
From: Hugh Irvine
Sent: Tuesday, August 22, 2023 12:33 PM
To: Patrik Forsberg ;
radiator@lists.open.com.au
Subject: Re: [RADIATOR] Blacklist issue
Hey Patrik -
Very good to hear from old friends!
As it happens
Hi,
This might no longer be correct but a few versions back I tried to do like the
following
Client Radius Host -> RadSec -> Radius Proxy -> RadSec -> Inner Radius Host ->
auth check
The data received by the “Inner Radius Host” were totally corrupted for some
reason and the only way I could
44 matches
Mail list logo
