Re: Workload in freeradius? platform

-- Alexander Clouter .sigmonster says: Take your Senator to lunch this week. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Fast session resumption memory leak?

-- Alexander Clouter .sigmonster says: Postage will be paid by addressee. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Mac access mixed ldap access same NAS

documentation... Cheers -- Alexander Clouter .sigmonster says: I'm having fun HITCHHIKING to CINCINNATI or FAR ROCKAWAY!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: avoiding ldap access in authorize

://freeradius.1045715.n5.nabble.com/foreach-attribute-array-td2787874.html Cheers -- Alexander Clouter .sigmonster says: Guillotine, n.: A French chopping center. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS Beginner's Guide

Alexander Clouter a...@digriz.org.uk wrote: The content is generally rather good, and aside from a few typos, the book is let only on some relatively *minor* points: [snipped] * unfortunately short EAP section, ignoring session resumption and why particular EAP methods meet

Re: rlm_perl

useful things: http://wiki.freeradius.org/Rlm_perl ...and even less surprisingly it's the same as whats in src/modules/rlm_perl/example.pl. *sigh* Cheers -- Alexander Clouter .sigmonster says: Mongoose knghtbrd: and the meek shall inherit k-mart - List info/subscribe/unsubscribe? See http

Re: FreeRADIUS Beginner's Guide

rather than a beginners guide...so I probably am being mean :) The price is reasonable, and if you are a complete newbie, it will get you on your feet. The book definitely does what it says on the tin and I would give it a 7 out of 10... Cheers -- Alexander Clouter .amongst says: Dibble's

Re: MySQL and FreeRADIUS environment.

better when we ditched mysql Our experience has been that using MySQL pretty much guarantees you *will* be burnt...especially with the replication. Cheers -- Alexander Clouter .sigmonster says: I'm having a MID-WEEK CRISIS! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list

Re: Need a little regex help

to be crazy to use just basic regex. Cheers -- Alexander Clouter .sigmonster says: Tact, n.: The unsaid part of what you're thinking. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Pre release of 2.1.12

Alexander Clouter a...@digriz.org.uk wrote: I've put some pre releases of 2.1.12 on the web site: http://git.freeradius.org/pre/ Priming up my end for a burn in... 24 hours later, still churning happily. Running 2.1.12 (bfe2c025). Cheers -- Alexander Clouter .sigmonster says

Re: Pre release of 2.1.12

{ Acct-Interim-Interval := 3000 + %{rand:1200} } This would give me Acct-Interim-Interval set to 1hr+-10mins. As it is set now, I just got 1MB of journal recorded to file accounting data landing on my systems :) Cheers -- Alexander Clouter .sigmonster says: The chief cause

Re: Question regarding multivalued attributes in control list.

] http://lists.cistron.nl/pipermail/freeradius-users/2011-June/msg00334.html -- Alexander Clouter .sigmonster says: An algorithm must be seen to be believed. -- D. E. Knuth - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Pre release of 2.1.12

Alan DeKok al...@deployingradius.com wrote: I've put some pre releases of 2.1.12 on the web site: http://git.freeradius.org/pre/ Priming up my end for a burn in... Cheers -- Alexander Clouter .sigmonster says: And on the seventh day, He exited from append mode. - List info/subscribe

Re: Authentication probation for VLAN

to mention that one chunk of the debug was for the outer layer, the other the inner auth :-/ Cheers -- Alexander Clouter .sigmonster says: Misfortunes arrive on wings and leave on foot. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Authentication probation for VLAN

attributes, so drop the ':0' too): notice the if (Tunnel-Private-Group-Id == 5) { [stuff] } Cheers -- Alexander Clouter .sigmonster says: Do not apply to broken skin. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Realm parsing and \r = =0D

if you want some help and think this could be getting off topic; although there are a *lot* of eduroam'ers here on the list. Cheers -- Alexander Clouter .sigmonster says: DIDI ... is that a MARTIAN name, or, are we in ISRAEL? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list

Re: Want to silently discard the request if authentication module as?web?service client connecting to the web service server is down.

this with what Alan already has pointed you to, do_not_respond in policy.conf, and you should be able to get to where you want to be. Cheers -- Alexander Clouter .sigmonster says: If you sow your wild oats, hope for a crop failure. - List info/subscribe/unsubscribe? See http://www.freeradius.org

Re: SSH to use CHAP

be done; unless you can find a PAM RADIUS plugin that supports CHAP. You should use SSH public keys. If you want that centrally managed have a look at putting your users SSH keys into LDAP: http://freshmeat.net/projects/lpkfuse Cheers -- Alexander Clouter .sigmonster says: List at least two

Re: Returning attributes based on group membership using NTLM_AUTH

reply off list, but I'm curious why you say e to PHP, and what you would use instead? Flamebait! I nearly fell for it. :) You have permission to Google-stalk me if you really want to know what I use. Cheers -- Alexander Clouter .sigmonster says: What soon grows old? Gratitude

Re: Want to silently discard the request if authentication module as web?service client connecting to the web service server is down.

the responses other than the RLM_MODULE_OK and RLM_MODULE_REJECTED. http://wiki.freeradius.org/Modules2#Module+Return+Codes RLM_MODULE_FAIL looks like a better option to use, although it will not give you what you want; but it would enable you to use unlang to perform other tasks. Cheers -- Alexander

Re: Returning attributes based on group membership using NTLM_AUTH

though. Cheers [1] TLS_CACERT /etc/ssl/certs/ca-certificates.crt [2] http://lists.cistron.nl/pipermail/freeradius-users/2005-December/msg00228.html and http://bytes.com/topic/php/answers/11274-use-php-authenticate-ad -- Alexander Clouter .sigmonster says: You are magnetic in your bearing

Re: Returning attributes based on group membership using NTLM_AUTH

only search a sub-branch. I suspect the fix is nothing more than setting 'basedn' to ou=lusers,dc=my,dc=domain,dc=name. Cheers [1] http://www.php.net/manual/en/function.ldap-search.php#45388 -- Alexander Clouter .sigmonster says: Without fools there would be no wisdom. - List info/subscribe

Re: Freeradius closes

normal (from my torrus[1] graphs). Will keep you posted if anything crops up...touch wood it seems okay. Cheers [1] http://torrus.org/ is amazing, especially combined with snmpd on hosts too -- Alexander Clouter .sigmonster says: HOST SYSTEM RESPONDING, PROBABLY UP... - List info/subscribe

Re: Cleanup Stale Sessions - needed?

-users%2F+sql+session+clean Cheers -- Alexander Clouter .sigmonster says: Got a dictionary? I want to know the meaning of life. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius closes

with the SNMP communitities and you quickly have five minutely graphs for *every* port on your network; and various server with SNMPd running. Simples -- Alexander Clouter .sigmonster says: Apathy is not the problem, it's the solution - List info/subscribe/unsubscribe? See http://www.freeradius.org/list

Re: Using multiple authentication modules.

overhead will like the rlm_perl. Without including your FreeRADIUS configuration there is very little anyone here can do to help you other than ask have you just tried using both modules? authorize { ... eap perl ... } authenticate { eap perl } Cheers -- Alexander

Re: num_answers_to_alive

. If the system briefly came back and died then on attempt two or three you would have likely seen a failure. Hope I am explaining myself well :) Cheers -- Alexander Clouter .sigmonster says: BOFH excuse #256: You need to install an RTFM interface. - List info/subscribe

Re: Freeradius closes

Alexander Clouter a...@digriz.org.uk wrote: I am though currently trying to pin down a bug where FreeRADIUS just closes it's-self down for no reason at all. I have run tcpdump during the clean shutdown, and see it is not malformed traffic causing the problem, RAM usage is normal, open

Re: Freeradius closes

Fajar A. Nugraha l...@fajar.net wrote: On Thu, Jul 28, 2011 at 4:42 PM, Alexander Clouter a...@digriz.org.uk wrote: rad_recv: Status-Server packet from host 127.0.0.1 port 50412, id=38, length=38 [event.c:3002] Failed to insert event There seem to be a bunch of malloc()'s where

Re: Freeradius closes

Alan DeKok al...@deployingradius.com wrote: Alexander Clouter wrote: rad_recv: Status-Server packet from host 127.0.0.1 port 50412, id=38, length=38 [event.c:3002] Failed to insert event Ouch. Indeed. It did only start to happen once I upgraded to 2.1.11 from 2.1.10. Of course I

Re: LDAP Groups and Dynamic VLAN assignment

)? Is it possible to do this configuration in conjunction with redundant ldap configuration?? http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg71133.html Cheers -- Alexander Clouter .sigmonster says: Is there life before breakfast? - List info/subscribe/unsubscribe? See

Re: Freeradius closes

there would be other grumblings on the list (or I have missed them and it's already fixed...). Cheers -- Alexander Clouter .sigmonster says: I can't stand squealers; hit that guy. -- Albert Anastasia - List info/subscribe/unsubscribe? See http://www.freeradius.org/list

Re: TTLS use_tunneled_reply and Mac OSX

resumption? Also TTLS/MSCHAPv2 is possibly for you actually TTLS/EAP-MSCHAPv2 which means you get in effect an inner-inner tunnel if I remember correctly. Have a nosey at: http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg71026.html Cheers -- Alexander Clouter .sigmonster says

Re: General wiki rules

existing content. Cheers -- Alexander Clouter .sigmonster says: I'm having a MID-WEEK CRISIS! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: vlan ldap radiusd

-- Alexander Clouter .sigmonster says: Massachusetts has the best politicians money can buy. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: vlan ldap radiusd

://www.soas.ac.uk/itsupport/personal-equipment/unauthorised-workstation.html -- Alexander Clouter .sigmonster says: Where do you think you're going today? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Stripped-User-Name Problems (Re: Unmatched ( or \(, and, ?more?broadly, setting Stripped-User-Name)

the *inner* auth User-Name is realmless and making it's way out into outer.reply. When you use 'User-Name' in post-auth{} you will get reply:User-Name rather than request:User-Name if I remember correctly. The fix is to *reject* inner-authentications that are realm-less. Cheers -- Alexander Clouter

Re: vlan ldap radiusd

-- Alexander Clouter .sigmonster says: fortune: not found - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Unmatched ( or \(, and, more broadly, setting Stripped-User-Name

. :) Cheers -- Alexander Clouter .sigmonster says: Sauron is alive in Argentina! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: vlan ldap radiusd

. :( Cheers [1] http://www.digriz.org.uk/lanwarden -- Alexander Clouter .sigmonster says: You are so boring that when I see you my feet go to sleep. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Yet another multiple SSID setup question

instructions to connect to the wireless (and wired) network. It is also then trivial to put in 'eduroam'; if you use 'eduroam' from day one (*strongly* recommended to avoid pain down the road). Cheers -- Alexander Clouter .sigmonster says: Youth is the trustee of posterity. - List info/subscribe

Re: Yet another multiple SSID setup question

} ... } Cheers -- Alexander Clouter .sigmonster says: Remember to say hello to your bank teller. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Wiki - Once upon a time there was documentation

Gary Gatten ggat...@waddell.com wrote: RADIUS - Half the complexity of Diameter Don't encourage him... Cheers -- Alexander Clouter .sigmonster says: Life is NP-hard, and then you die. -- Dave Cock - List info/subscribe/unsubscribe? See http

Re: Tunneled-User-Name

the inner name for resumed sessions As a bonus, the Auth-Type is extractable..if you use TLS cached sessions, then this will be EAP. Cheers -- Alexander Clouter .sigmonster says: It was Penguin lust... at its ugliest. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list

Re: Running external programs

://lmgtfy.com/?q=freeradius+exec Cheers -- Alexander Clouter .sigmonster says: Have no friends not equal to yourself. -- Confucius - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Running external programs

* rihad ri...@mail.ru [2011-07-07 15:09:22+0500]: On 07/07/2011 12:28 PM, Alexander Clouter wrote: rihadri...@mail.ru wrote: Hi, all. We have some legacy software that ran under XTradius (xtradius.sourceforge.net). The important thing was to execute an external program for every auth

Re: Mac-Auth

connected: https://su1x.swan.ac.uk/ Believe me, collecting and managing MAC addresses is not something I would wish on anyone. Cheers -- Alexander Clouter .sigmonster says: Ninety percent of baseball is half mental. -- Yogi Berra - List info/subscribe/unsubscribe

Re: Freeradius 2.1.10: authentication (uid and password) or (macaddress)?in LDAP

. If the MAC address is not 'registered' then the client has to use an 802.1X authentication. Cheers -- Alexander Clouter .sigmonster says: When you don't know what to do, walk fast and look worried. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: pre-check OTP token

-thingy ... } Cheers -- Alexander Clouter .sigmonster says: Good day for overcoming obstacles. Try a steeplechase. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius and IdenticalClients

Y.Y.Y.Y Z.Z.Z.Z FR allows you to specify something like this on clients.conf X.X.X.0/24 using ipaddr and netmask I suspect you can use 'templates {}' too, we use it in proxy.conf, I cannot see why it could not be used in clients.conf too. Cheers -- Alexander Clouter .sigmonster says: You

Re: patch files for pam_radius - adding an 'Always Prompt' option for?one-time passcodes

have added a pam option always prompt in the attached code.  This will force a WiKID passcode: prompt regardless of any previous password entry. This can be changed, of course. Better to lead with the OTP as then you fend off brute force and dictionary attacks. Cheers -- Alexander Clouter

Re: LDAP redundant with LDAP-Group within users file

:= Reject -- Alexander Clouter .sigmonster says: Don't compare floating point numbers solely for equality. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: LDAP redundant with LDAP-Group within users file

show :) Cheers -- Alexander Clouter .sigmonster says: You will have many recoverable tape errors. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Failed creating handler

not need to install an experimental armel valgrind :) Cheers -- Alexander Clouter .sigmonster says: Expect the worst, it's the least you can do. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Multivalued (LDAP) Attributes and string matching, or regexes

) -- Alexander Clouter .sigmonster says: BOFH excuse #138: BNC (brain not connected) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Migrating to threaded rlm_perl

restarts. Cheers [1] http://search.cpan.org/dist/BerkeleyDB/BerkeleyDB.pod -- Alexander Clouter .sigmonster says: BOFH excuse #192: runaway cat on system. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Migrating to threaded rlm_perl

when rlm_perl fires up, afterwards your methods are called whenever required, pre-emptively. Cheers -- Alexander Clouter .sigmonster says: You mean you don't want to watch WRESTLING from ATLANTA? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: chain two authentication modules together

processed in authenticate. So, for example: authorize { ... # User-Password is 'foo bar' python-otp # User-Password is 'foo' # User-OTP is 'bar' ldap ... } authenticate { ... Auth-Type python-otp { otp ldap } ... } Cheers -- Alexander Clouter

Re: chain two authentication modules together

LDAP module. Same with the OTP/SMS approach if possible. Calling OS commands like that, especially when there are native libraries, is generally a Bad Idea(tm) and the coding gods *will* smite you for your crimes. Cheers -- Alexander Clouter .sigmonster says: Time as he grows old teaches all

Re: chain two authentication modules together

to recompile things as an example). Cheers -- Alexander Clouter .sigmonster says: Don't feed the bats tonight. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Multivalued (LDAP) Attributes and string matching, or regexes

there...although I would recommend the users file with a bunch of fall throughs personally. Cheers -- Alexander Clouter .sigmonster says: All phone calls are obscene. -- Karen Elizabeth Gordon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list

Re: If in post-auth

} } } else { ... } The regex should extract a usable value when present. Cheers -- Alexander Clouter .sigmonster says: wok, n.: Something to thwow at a wabbit. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Proxy based on User-Name with regex

a '/^$/'? Cheers -- Alexander Clouter .sigmonster says: Old programmers never die, they just become managers. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Segmetation fault: [eap] Passing reply from proxy back into the tunnel

which might already have a fix: http://git.freeradius.org/ Cheers -- Alexander Clouter .sigmonster says: He's just like Capistrano, always ready for a few swallows. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: One client, multiple NAS-Port-Types

, not FreeRADIUS :) Cheers -- Alexander Clouter .sigmonster says: Them as has, gets. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Server Sertificate

expecting to happen * what is actually happening Cheers -- Alexander Clouter .sigmonster says: You enjoy the company of other people. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: How to change ++[files] returns noop into ++[files] returns?reject

the following to the end: DEFAULT Auth-Type := Reject I prefer to 'deny, allow' (in Apache speak), but you might prefer 'allow, deny'. Cheers -- Alexander Clouter .sigmonster says: Have a taco. -- P. S. Beagle - List info/subscribe/unsubscribe? See http

Re: freeradius redundancy

-- Alexander Clouter .sigmonster says: BOFH excuse #350: paradigm shift...without a clutch - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Sidenote: WPA Enterprise configuration and troubleshooting guides

Alan Buxey a.l.m.bu...@lboro.ac.uk wrote: go on, join eduroam. I got a @illinois.edu lurker this week here at soas.ac.uk :) Cheers -- Alexander Clouter .sigmonster says: Wagner's music is better than it sounds. -- Mark Twain - List info/subscribe

Re: freeradius redundancy

having to buy an expensive and/or complicated load-balancer: http://www.digriz.org.uk/ha-ospf-anycast Cheers -- Alexander Clouter .sigmonster says: If you knew what to say next, would you say it? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: multuple ldap freeradius ssid

-auth. Is that correct ? Without the output from 'radiusd -X', I cannot help you. Regards -- Alexander Clouter .sigmonster says: Am I accompanied by a PARENT or GUARDIAN? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: multuple ldap freeradius ssid

for your reply, and sorry for my english, I'm French ;) We forgive you... ;) Cheers -- Alexander Clouter .sigmonster says: A modem is a baudy house. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: multuple ldap freeradius ssid

a max of 65535 Session-Timeout := 64800 } } Aruba might expect something different, so you should check with *them* (remember, this is a FreeRADIUS support mailing list, *not* an Aruba one). Cheers -- Alexander Clouter .sigmonster says: A vivid and creative mind characterizes you

Re: Free Radius 2.1.8 + Mikrotik

accounting on-off packets (your NAS will send a 'reset' accounting packet to your RADIUS server that you can use to trigger an early session stop for all the users). Cheers -- Alexander Clouter .sigmonster says: Accordion, n.: A bagpipe with pleats. - List info/subscribe

acct segfault in git v2.1.x

?) If you need the FreeRADIUS -X malarkey, then do ask, it is just tricker to get on a production box... :) Cheers [1] http://stuff.digriz.org.uk/freeradius-acct-segfault.pcap -- Alexander Clouter .sigmonster says: Preserve the old, but know the new. - List info/subscribe/unsubscribe? See http

Re: acct segfault in git v2.1.x

when it arrives? 'detail' module? SQL ? Journalled accounting, it's picked up by decoupled account virtual server. Cheers -- Alexander Clouter .sigmonster says: Generic Fortune. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: NAS-Port ID

://www.iana.org/assignments/radius-types/radius-types.txt Cheers -- Alexander Clouter .sigmonster says: You auto buy now. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Radius Database

of view, so far it seems to us, the problem is not important enough to you to detail here its specifics or for you to actually read the documentation, so obviously is not important enough for us all to burn our *free* and *volunteered* time on? Cheers -- Alexander Clouter .sigmonster says: You

Re: about FreeRadius+radiusmanager+mikrotik

, if any) Please, throw is a freeking bone here...try starting with the documentation, Google and the FreeRADIUS mailing list archives. Regards -- Alexander Clouter .sigmonster says: What this country needs is a good five cent microcomputer. - List info/subscribe/unsubscribe? See http

Re: ldap server connection timeout

in the output of 'radiusd -X'. Cheers -- Alexander Clouter .sigmonster says: Out of register space (ugh) -- vi - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius, bind addresses, and multihoming

. If you have miconfigured the server so that it does not how to route to src-ip-of-request via the interface it saw the packet come in on, then you will have a problem (although I would have expected no reply at all). Cheers -- Alexander Clouter .sigmonster says: Vax Vobiscum - List info

Re: Multiple ldaps (SSL) backends and only the first queried works.?Possible bug?

probably will find if you change those tls 'demands' to 'never' things work, but then it kinda is self defeating :) Cheers -- Alexander Clouter .sigmonster says: You can't break eggs without making an omelet. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius, bind addresses, and multihoming

? is there any way? Indeed. Regards -- Alexander Clouter .sigmonster says: Talk is cheap because supply always exceeds demand. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: IPs will not be assigned

* s/VLAN/IP/ IP assignment on You need to run a DHCP server. Indeed, do not mention though FreeRADIUS can do DHCP though ;) Cheers -- Alexander Clouter .sigmonster says: If you're not careful, you're going to catch something. - List info/subscribe/unsubscribe? See http

Re: Running FreeRadius daemon in debug mode

of the init.d script I could look at? That's a Bad Idea(tm). Learn to use 'screen'[1], 'tee' and call freeradius with 'radiusd -X | tee /tmp/debug' manually. Cheers [1] http://www.kuro5hin.org/story/2004/3/9/16838/14935 -- Alexander Clouter .sigmonster says: An adequate bootstrap

Re: Freeradius proxy caching users

through instead it is possible. You would need to script up something with rlm_perl/rlm_python to build up a cache, and the virtual failover system would then have to query that cache. Cheers -- Alexander Clouter .sigmonster says: Manoj I *like* the chicken - List info/subscribe/unsubscribe

Re: Help me with Access-Challenge configuration

#It_still_doesn.27t_work.21 Cheers -- Alexander Clouter .sigmonster says: Check your local listings. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Help me with Access-Challenge configuration

Arran Cudbard-Bell a.cudba...@gmail.com wrote: On Apr 11, 2011, at 1:40 PM, Alexander Clouter wrote: GreenUA green_...@mail.ru wrote: I reviewed RFC and FAQ, but i can't fined sane info about configuration of freeRADIUS server (on Windows) to send access-challenge message on access

Re: LDAP-group filter search is failing

' and 'member=CN=RobertTest1,ou=WANN,ou=Departments,dc=corp,dc=development,dc=com'? Cheers -- Alexander Clouter .sigmonster says: You have a truly strong individuality. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: LDAP-group filter search is failing

,dc=development,dc=com '((cn=WANN)(|((objectClass=GroupOfNames)(member=CN...' I'm guessing that's not where 'cn=WANN' lives? What does the following give you? ldapsearch -h server -x -b dc=corp,dc=development,dc=com cn=wann dn member Cheers -- Alexander Clouter .sigmonster says

Re: Per Vendor NAS-Port documentation

vendors might vary. Cheers -- Alexander Clouter .sigmonster says: He don't know me vewy well, DO he? -- Bugs Bunny - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Ldap Authentication question

Ramon Escriba escr...@cells.es wrote: Has any one a clue of what I did wrong? attempts to read Ramon's mind attempts to use remote viewing to see output of debugging Actually, forget it... http://wiki.freeradius.org/index.php/FAQ#It_still_doesn.27t_work.21 Regards -- Alexander Clouter

Re: rlm_linelog and syslog over UDP

-- Alexander Clouter .sigmonster says: Better late than never. -- Titus Livius (Livy) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Load Balancing EAP with freeradius...

-Address} %{NAS-IP-Address} %{NAS-Port} %{User-Name} %{Calling-Station-Id} } # break out of 'authorize' early to spare CPU cycles handled } [unlang/policy that is used for all *non-proxied* packets] } Cheers -- Alexander Clouter .sigmonster says: People who push both buttons

Re: Access Accept vs Tunneled reply

David Peterson dav...@wirelessconnections.net wrote: These values are unique per user. Is there an elegant way to copy this to the post-auth section? The following might help? http://lists.freeradius.org/mailman/htdig/freeradius-users/2011-January/msg00353.html Cheers -- Alexander Clouter

Re: Access Accept vs Tunneled reply

the User-Name/whatever-wimax utilises now movable from the inner-layer to the outer you can just do you policy on the outer layer instead. Do authentication on the inner-tunnel, whilst authorisation keep to the outer layer... Cheers -- Alexander Clouter .sigmonster says: Stay the curse

Re: Status of 2.1.11/OSCP Implementation

that QA is no longer done for commercial software either... Sorry, couldn't resist. Cheers -- Alexander Clouter .sigmonster says: BOFH excuse #189: SCSI's too wide. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeRadius/LDAP per NAS access

*abuses* LDAP, you should be adding them to a *group*, not bloating-up and overloading the user object; otherwise you might as well use something horrible like SQL... Cheers -- Alexander Clouter .sigmonster says: A woman can never be too rich or too thin. - List info/subscribe/unsubscribe

decoupled accounting cron check

waiting to be processed and will re-enable notifications once it drops to half the trigger mark (512kB). Cheers -- Alexander Clouter .sigmonster says: T-shirt: Life is *not* a Cabaret, and stop calling me chum! - List info/subscribe/unsubscribe? See http

Re: decoupled accounting cron check

this week, but it imploded twice and I added a few more CASE's and %{%{...}:-0}'s -- Alexander Clouter .sigmonster says: To teach is to learn twice. -- Joseph Joubert - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

  1   2   3   4   >