>AcctColumnDef NASIDENTIFIER,NAS-Identifier
>AcctColumnDef NASPORT,NAS-Port,integer
>
>
>
>
> thanks
> Adrian
>
>
>
> _______
> radiator mailing list
and radiusd load?
>>>
>>>
>>> br,
>>> Arthur
>>>
>>> ___
>>> radiator mailing list
>>> radiator@open.com.au
>>> http://www.open.com.au/mailman/listinfo/radiator
&g
PostAuthHook *called
>
> *18. *Statistics updated
>
> *19.PostProcessingHook *called (if there is a reply to be sent)
>
> *Integration*
>
>
>
>
>
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
M so a RPM in new format would be useful for them too.
--
Heikki Vatiainen, Arch Red Oy
+358 44 087 6547
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
On 08/24/2010 11:07 AM, Heikki Vatiainen wrote:
> % rpm -i --test Radiator-4.7-1.noarch.rpm
> error: Failed dependencies:
> rpmlib(PayloadIsLzma) <= 4.4.2-1 is needed by Radiator-4.7-1.noarch
Is there any news about non-LZMA RPM packages? The above problem keeps
some of RHEL5 u
oment of decoding and translation of packet contents.
So if the messages are for example, from a PreClientHook the following
note from the manual may apply.
5.4.27 PreClientHook
...
Caution: At the time this hook is run, integer attributes have not yet
been unpacked and decoded, and encrypted attributes have
ad-multi
[ Downgrade back to working version ]
# yum --nogpgcheck downgrade Radiator-4.6-1.noarch.rpm
--
Heikki Vatiainen, Arch Red Oy
+358 44 087 6547
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
Radiator. Results from the real server will be available later, if needed.
If I remember correctly, there have been changes with RPM packaging, so
could the e.g., the cpio errors result from leftovers with earlier versions?
--
Heikki Vatiainen, Arch Red Oy
+358 44 087 6547
__
>
>
> Wed Sep 22 12:05:59 2010: DEBUG: EAP result: 3, EAP PEAP inner authentication
> redispatched to a Handler
> Wed Sep 22 12:05:59 2010: DEBUG: AuthBy NTLM result: CHALLENGE, EAP PEAP
> inner authentication redispatched to a Handler
> Wed Sep 22 12:05:59 2010: DEBUG: Access challenged for CAMC\tssmith: EAP PEAP
> inner authentication redispatched to a Handler
> Wed Sep 22 12:05:59 2010: DEBUG: Packet dump:
> *** Sending to 10.2.96.19 port
> Code: Access-Challenge
> Identifier: 45
> Authentic: <155><216><173><221>2<245><196><238><211>w\<24><174>m<245>3
> Attributes:
> EAP-Message =
> <1><9><0>T<25><0><23><3><1><0>I<10><160><227><173><198>N<190>HO<14><186><171><197><251>Z<154><195>g<232><147><254>#<238><129>7x^6'S\<134>A`qL<203><253><14><28>p<190><232>%M<224>w<148><215><176><170>UW<22><193><168>6<147><25><249><255><7><3><137><22><192><193><190>M<202><236><153>[
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> ^C
--
Heikki Vatiainen, Arch Red Oy
+358 44 087 6547
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
ing, renaming, moving to holding
directories and doing other log specific house keeping.
--
Heikki Vatiainen, Arch Red Oy
+358 44 087 6547
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
Pekka Panula, Sofor Oy - Jatkuvat palvelut
>>
>>
>>
>>
>> ___
>> radiator mailing list
>> radiator@open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>
>
>
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
--
Heikki Vatiainen, Arch Red Oy
+358 44 087 6547
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
r the configuration directory, log directory and
check the configuration file for other locations and files such as
certificates. Also make sure that local modifications, if any, get
backed up.
I strongly recommend setting up a test server for testing the backup and
backed up configuration.
&g
ion. This is the directory that
is created when you uncompress the distribution package.
> I had the radiator version 2.1.9 (yeah, really old..)
>
> Thanks guys, appreciate any help you can provide.
Please let us know if this helps.
--
Heikki Vatiainen
Radiator: the most portable, fl
t;> ___
>> radiator mailing list
>> radiator@open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>>
> ___
> radiator mailing list
> radiator@open.com.au
>
other words: the hook is only run if the results were received
without an error. MaxRecords controls how many results are examined, if
there are multiple results, and the hook runs for each result.
Does this sound like what you were expecting?
Thanks!
--
Heikki Vatiainen
Radiator: the mos
g to follow Net::LDAP's method of resolution.
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP,
>
>> Kind regards,
>> Patrick Renkens
>> Centre for Information Services (UCI)
>> Radboud University Nijmegen, Netherlands
>>
>>
>> ___
>> radiator mailing list
>> radiator@open.com.au
>
s probably not useful for testing, but when
you run Radiator with trace 4, you can see what the attributes contained
in the raw file are and verify that your raw file is good.
Each seq(uence) contains all of Code, Identifier, Length, Authenticator
and Attributes. It is a complete RADIUS packe
reat !!
Please take a look Radiator technical information at
http://www.open.com.au/radiator/technical.html
I will check what analysis type of information we may also have.
> Thanx
>
> Aman Arneja
Thanks!
Heikki Vatiainen
--
Heikki Vatiainen
Radiator: the most portable, flexible
ot;nmjoo"
> password="secret"
> phase2="autheap=MSCHAPv2"
phase2="auth=MSCHAPV2"
> #
> # Uncomment the following to perform server certificate validation.
> # ca_cert = /etc/raddb/certs/ca.der
--
Heikki
failed to test the iPhone EAP-SIM client
> against the EAP-SIM simulator. Any idea what can be done ?
I have not tried iPhone myself, but unless you have already downloaded
iPhone configuration utility from Apple you may want to do that. The
utility gives you control over many things, including WLA
over TTLS tunnel. But I guess it is quite infrequent. TTLS
RFC states that CHAP, MSCHAP and MSCHAPv2 must include User-Name but
there is no such requirement for EAP.
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+,
ect error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> SSL: 7 bytes pending from ssl_out
> SSL: Failed - tls_out available to report error
> SSL: 7 bytes left to be sent out (of total 7 bytes)
> EAP: method process -> ignore=FALSE methodState=MAY_CO
to new releases and patches for additional years with
the initial licensing.
> The wording is a little deceptive.
I hope I was able to clarify this. Lets also see what i...@open.com.au
has to add.
Best regards,
Heikki Vatiainen
--
Heikki Vatiainen
Radiator: the most portable, flexible and
own, possibly hostile,
servers. It's a bit of work, but it need to be done only once per client.
> Regards,
> Rianto
Best regards,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password,
lt;18><6><3>U<4><10><19><11>AddTrust
> AB1&0$<6><3>U<4><11><19><29>AddTrust External TTP Network1"0
> <6><3>U<4><3><19><25>AddTrust External CA Root<130><1>
>
nt Error code 2: Insufficient
> Challenges
Two is not enough for the client.
> Log from the map:
The MAP log also shows two triplets being used.
> Any idea on the cause ? ofcourse I used the iphone utility to set the EAPSIM
> authentication.
Please let us know if this gets iP
both logs when you
tried with three triplets? I'd like to see what the configuration
currently looks and what gets logged. The logs should have all messages
starting from the initial Access-Request.
Thanks!
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIU
does make testing a bit
problematic on a production server, but gives better results if you have
a dedicated server for testing.
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypu
NAS-Port = 23
> Framed-MTU = 1400
> NAS-Port-Type = Wireless-IEEE-802-11
> EAP-Message = <2><0><0><9><1>fred
> Message-Authenticator =
> <174>%<152><208>=<195>(<201><139>[<29&
Accept with the walled garden attributes?
>
> Are both of these 2 solutions valid? If so what are your thoughts on
> the them - is one much better than the other? I have not implemented
> any hooks so far (or any Perl programming for that matter) so any advice
> and point
authby dbfile... but I am not sure how to unencrypt
> the pw to check vs the db file.
If the DBType check will not help, then the problems with password check
should be visible in the log.
Thanks!
Heikki Vatiainen
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable R
nytestgordonlab]
> Fri Jan 14 12:44:57 2011: DEBUG: Radius::AuthDBFILE REJECT: Bad
> Password: tonytestgordonlab [tonytestgordonlab]
> Fri Jan 14 12:44:57 2011: DEBUG: AuthBy DBFILE result: REJECT, Bad Password
> Fri Jan 14 12:44:57 2011: INFO: Access rejected for tonytestgordonlab:
>
on file (no securets)
- Full log from failed attempt
- Radiator version
- What username the client uses
- What the client software is (Alvarion, something else?)
Thanks!
> On 01/18/2011 05:03 PM, Heikki Vatiainen wrote:
>> On 01/18/2011 11:51 PM, Michael Shoemaker wrote:
>>> Yes, I
ght involve checking AI_V4MAPPED related socket options, as
specified by RFC 3493, but if you could provide more information abouth
e.g., the Tacacs message sender, that would help to tell if the fix is
needed by Radiator or something else.
Socket interfaces have implementation specific diffe
ok like error in offset while decoding.
> Did a Trace 5 dump too.. but that doesn't seem to reveal anything that the
> trace 4 dump doesn't.
Trace 5 dump should show what the message looks when it is just
received. You can check with ascii chart if ::: is in the level 5
hex dump.
this
$s = "PID:$$ $s";
just before the comment "Catch recursion".
After that all log messages will contain the process ID.
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT,
d oracle to put Radiator on hold for a certain time. Those
errors might have happened before Radiator started logging the
connectivity problems shown above.
Thanks for reporting this. Please let us know if you find more
information about what happened or if the problem happens again.
Thanks!
of address usage. The
second could be used as an extra security measure where all users are
forced to use dhcp before they are allowed to use the network. This can
keep users from configuring static addresses to try to hide their
activities.
--
Heikki Vatiainen
Radiator: the most portable
25
> Tue Feb 1 11:26:50 2011: DEBUG: Response type 25
> Tue Feb 1 11:26:50 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
> Tue Feb 1 11:26:50 2011: DEBUG: AuthBy NTLM result: CHALLENGE, EAP PEAP
> Challenge
> Tue Feb 1 11:26:50 2011: DEBUG: Access challenged for
> j...
ulled from a different
> repository they will not be updated automatically.
>
> If an update is required, add the two lines again and do:
> # aptitude update
> # aptitude install samba winbind
>
> When natty hits stable (some time in april?) I'll make a back port
t; 1296816769':
Fri Feb 4 10:52:49 2011: DEBUG: Finished reading configuration file
'addressallocator.cfg'
1296816769 is the unix timestamp for Fri, 04 Feb 2011 10:52:49 GMT
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQ
the network so it can query the
DHCP server. I guess this is what you had first place.
There is one hack that might be possible: configure WPA-Enterprise
authentication as it is normally done. Configure your DHCP server so
that it always asks RADIUS for IP addresses. I think this is technicall
," no?
>
> My goal is ultimately to change SSLCAFile to the self-signed
> certificate (gleaned from an "openssl s_client -connect"). Any
> thoughts on how to go about fixing this?
>
> Thanks!
> ___
> radiator mailin
t
> catching connection failures), is this correct? If so, what would be
> the best way to go about this?
PostSearchHook only runs if the search was successful, so this does not
sound like what you are after.
Do you think Trace 3 is not enough? It should already show many
connection related
ck purposes.
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP,
= "00-19-77-1B-CD-60:eduroam-dev"
> Acct-Terminate-Cause = NAS-Reboot
> Proxy-State = 0
>
> Wed Feb 9 15:21:40 2011: WARNING: Could not find a handler for : request is
> ignored
>
> Thanks for your help,
No problem. Please send your config file (no secrets) if you
regards,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey,
AcctLogFileName %L/account.log
> AuthByPolicy ContinueUntilReject
> RejectHasReason 1
> AuthBy DEV-ADIR-ANY
>
>
>
> AccountingHandled 1
> AcctLogFileName %L/account.log
> AuthByPolicy ContinueUntilReject
> RejectHasReason 1
>
>
>
> AuditT
r comments and suggestions! We'll take a look at the
possible changes for the next release.
Please let us know if we can be of further help.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP,
is to have
better support for setups where Radiator is run from where the tarball
was unpacked.
You can now do this:
radiusd -I /opt/local/whatever/Radiator-4.7 ...
instead of
perl -I /opt/local/whatever/Radiator-4.7 radiusd ...
This can be useful with /etc/init.d/ scripts where the module path can
no
the bind variables while others complain
about missing placeholders.
We have discussed about ways to clarify how GroupMembershipQuery works,
but making changes to code could easily break backwards compatibility
with existing configurations so we want to be careful with that. No
patches have been m
2011: DEBUG: Handling with EAP: code 2, 13, 38, 25
> Wed Feb 16 18:20:17 2011: DEBUG: Response type 25
> Wed Feb 16 18:20:17 2011: DEBUG: EAP result: 1, PEAP Authentication Failure
> Wed Feb 16 18:20:17 2011: DEBUG: AuthBy FILE result: REJECT, PEAP
> Authentication Failure
> Wed Feb 16 18:20
PTLS_PrivateKeyFile. The bundle goes into EAPTLS_CAFile.
This should enable Radiator to send the clients its own cert and all
required CA certificates. The bundle can also contain the root CA, but
the intermediates should be enough.
Best regards,
Heikki
--
Heikki Vatiainen
Radiator: the most p
be interesting to hear about the results.
> Here is my handler setup :
>
> # STUDENTS DOMAIN TTLS
> TunnelledByTTLS=1,Realm=/students.*/i>
> RewriteUsername s/^\@.*//
>
> EAPType MSCHAP-V2
> Domain STUDENTS
> UsernameMatchesWithoutReal
ly missing domain join is the main thing.
Also see this:
http://www.open.com.au/pipermail/radiator/2010-February/016091.html
Please let us know of your results. The settings seem to always differ
more or less between different environments.
--
Heikki Vatiainen
Radiator: the most portable, fl
uot;
This optional parameter specifies the path name and arguments for the
ntlm_auth program. Defaults to
‘/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1’.
This allows you to run what ever you want as NtlmAuthProg.
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable
if ($_ =~ /Authenticated: No/) {
> $auth = 1;
> }
> if ($_ =~ /Authenticated: Yes/ ){
> $auth = 0;
> }
> }
> exit $auth;
> }
>
> }
>
> sub usermap
> {
> my $uname = $_[0];
> if ( $uname =~ /r\.wah
a Calero [raul.tej...@satec.es]
> Enviado el: martes, 22 de febrero de 2011 11:45
> Para: Heikki Vatiainen
> CC: radiator@open.com.au
> Asunto: Re: [RADIATOR] PEAP Unknow Problem
>
> Hello, i´m here again.
>
>> It looks better, but don´t work. Now, the challenge pass-t
lt;248><165><239><128><171>
> Attributes:
> EAP-Message =
> <1><13><0>&<25><0><23><3><1><0><27>w<235><158><132><202><146><217><246><174><196><
ion 5.86 and
goodies/tacacsplusserver.cfg for more information.
Thanks,
Heikki
--
Heikki Vatiainen, Arch Red Oy
+358 44 087 6547
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
If you can replace threads with add_timeout, then we could
at least know if the leak is a side effect from using threads or not. I
really do not know how Perl's memory management works with threads.
Thanks!
--
Heikki Vatiainen, Arch Red Oy
+358 44 087 6547
___
$referencia={};
>> $referencia->{moment} = &Radius::Select::add_timeout(time + 5,
>>sub {
>> my ($mimateix) = @_;
>>
>> &main::log($main::LOG_DEBUG, "== do important things ==");
>>
>> &Radius::Select::remove_timeout
t; When I started radiusd and attempted to authenticate a Colubris AP, I
>> get this warning message...
>>
>>
>> WARNING: No such attribute Colubris-AVPair
>>
>>
>> Can you let me know how do I add this to the dictionary so that this
>> warning
;128><208>V[<
> 241><185><18><154>x<14><228><139>.<157><165>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><
;ssid=%E&mac=%m&loginurl=%l",\
>
> Colubris-AVPAIR="welcome-url=https://192.168.10.100/welcome.asp?oriurl=%o";
To get a % sign, you should use %%. For example, cip=%%c
Best regards,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexi
; Wed Mar 2 16:05:20 2011: DEBUG: Radius::AuthSQL REJECT: No such user:
> [wimax]
> Wed Mar 2 16:05:20 2011: DEBUG: Query is: 'select reason from blacklist
> where nai='DEFAULT'':
> Wed Mar 2 16:05:20 2011: DEBUG: AuthBy SQL result: ACCEPT, No such user
> Wed
ltiple rows, only the
first row is used. The rest of the rows are not saved or used later.
Thanks!
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+
t;<250>C<196>
> Attributes:
> EAP-Message = <1><229><0><17><13><128><0><0><0><7><21><3><1><0><2><2>(
> Message-Authenticator = <0><0><0><0><0><
_
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password,
et.
Thanks!
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP,
ONFIG_PEERKEY=y
CONFIG_PKCS12=y
CONFIG_SMARTCARD=y
> Would be nice if RADIATOR could test all supported AuthBy Handlers with the
> radpwtest.
That would duplicate lots of existing work from eapol_test. Please let
us know of results if you decide to try to compile it on Solaris.
Thanks!
--
Heikki Vati
ith wimax tables. If
you check goodies/radmin.cfg and wimax.sql you can see there are quite a
lot of differences.
I think directing Accounting messages to Radmin should work in case this
would be useful to you.
Best regards,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and con
4.7" should quickly locate the lines
near the event where the stop happend. This is what Radiator logs when
it has started.
I can then take a look at the log if needed.
Best regards,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anyw
ith Ineternode's SMS gateway.
A search for SMS in goodies/ directory will bring up all examples.
Thanks!
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freesid
format is like what you have
below with hyphens being optional.
PreClientHook, section 5.4.27 in ref.pdf, runs before client lookup, so
if needed you can try fixing C-S-I there.
>
> Secret SeekritKey
>
>
> Filename %L/Seperate
> Trace 4
>
>
--
Heikki Vatiainen
Rad
n case of WLAN controllers the C-S-I may belong to the WLAN
controller. Some controllers also have a setting with which you can
choose to put controller or AP MAC address into Called-Station-Id.
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywher
type, etc).
> this radius support add user (include auth mode).
>
> Thanks for your kindly help
> Augusto
> --------
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS serve
number of clients.
Yours,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yu
On 03/28/2011 02:49 PM, Alan Buxey wrote:
> PS RADIATOR folk, a few typos in your documents
Thanks. Should be fixed when the next release comes out.
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, passw
alling packages.
If the dependencies are correct, then we have to dig openssl change
logs, but before that, check the above.
Thanks!
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
P
hat I should downgrade to?
>
>> openssl-0.9.8d-session-ticket-osc.patch
>>openssl-0.9.8e-session-ticket-osc.patch
>>openssl-0.9.8i-tls-extensions.patch
>>openssl-0.9.9-session-ticket.patch
I'm not completely sure. I can check, but plese try the above
tor configuration should be good. I think this is related to
what happens or does not happens during pac provisioning. I'll try with
a different client, iPod, later to see how it behaves.
> Radiator is not displaying any errors about modules any more - so I'm
> guessing it
id, thanks for investigating and reporting this. The patch for this
was commited recently and is available in the patch set for 4.7.
Thanks!
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emer
ires a clause, cfr section 5.91 of the Radiator manual
rpt.pl is now also among goodies/ in the latest patch set for 4.7.
Thanks!
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platy
ations to using MAC client identification
> anyway (spoofing etc.) so I don't think changing this behaviour would
> cause any repercussions, as anyone who is using is _should_ understand its
> weaknesses.
Thanks!
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexi
snag trying the process. The trace
> 4 log shows an error of "DEBUG: Radius::AuthSQLDIGIPASS REJECT:
> Digipass Authentication failed: Response Too Long" when I attempt a
> PIN reset based on the documentation.
Please let us and the list know if you get PIN change to work.
Thank
al repercussions for other parts
> of Radiator, and I know I'm not in a good position to test it thoroughly.
We'll take a look at your comments in more detail. If you plan to
implement the changes, please let us know of your results.
Thanks again!
--
Heikki Vatiainen
Radiator
igh, I know, it's a big step from 3.11 to 4.7.
>>
>> The LDAP server didn't change during the RADIATOR upgrade.
>> We are using an openldap-2.3.35 under SunOS 5.10 and openssl-0.9.8-latest.
>
> As a side note and nothing to do with your current problem.
>
> L
any plans for the future
support and I will then get back to you.
Best regards,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Act
ver?
I have myself used Windows Server 2008. I do not see any reason why 2008
R2 should not work too.
The main thing is ActivePerl. If ActivePerl works well, then Radiator
should not be a problem. If there are problems, then there is the option
of going back to 2003.
Best regards,
Heikki
--
Heik
On 04/07/2011 10:13 PM, frank.mes...@osix.nl wrote:
> USER_CATEGORY,{Reply,Class},formatted
Try %{Reply:Class}. You need % sign and : instead of ,
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, passw
kend}
AuthBy sql-add-reply-attributes
Identifier auth-user-ldap
BaseDn %{backend-var-1}
...
Identifier auth-user-sql
DBSource %{backend-var-1}
...
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
ibute ?
You could check Coova documentation to see if they support anything
similar to Class.
If they do not, User-Name attribute should behave similarly to Class.
See for example:
http://tools.ietf.org/html/rfc2865#section-5.1
It's of course usually more useful to keep User-Name intact.
Than
02:41 2011: DEBUG: Handling with Radius::AuthSQL:
> Mon Apr 11 10:02:41 2011: DEBUG: Handling with Radius::AuthSQL:
> Mon Apr 11 10:02:41 2011: DEBUG: Query is: 'EXEC spLDAPGetProperties
> 'rvannoorl...@proxsys.net', 369':
> Mon Apr 11 10:02:41 2011: DEBUG: Radius:
king?
http://www.eduroam.cz/dead-realm/docs/dead-realm.html
It's been very helpful for making sure one unresponsive endsite or proxy
does not kill the perfectly functioning next hop radius server.
Yours,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RA
e the code checks if the socket is still connected.
This should take care of e.g., timeouts caused by firewalls.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platyp
AME}
> DBUsername %{GlobalVar:DB_PMS_USER}
> DBAuth %{GlobalVar:DB_PMS_PASSWORD}
>
> AuthSelect EXEC spPasswdSelect %{CONNECTION_ID},
> %{Quote:%{Acct-Session-ID}}
> AuthColumnDef 0, User
9>_<127><180><130>O<26><21><209>
>
> Attributes:
>
> EAP-Message = <4><7><0><4>
>
> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0&
QL-42000)
> Tue Apr 12 14:53:36 2011: ERR: Execute failed for 'EXEC spPasswdSelect , ''':
> [Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect syntax near ','.
> (SQL-42000)
> [Microsoft][ODBC SQL Server Driver][SQL Server]Statement(s) could not be
&
1 - 100 of 1068 matches
Mail list logo