[EMAIL PROTECTED]

2007-11-30 Thread affia 






---
Our email server deny .zip attachement and using graymilter
Please rename .zip to example: .ziper
Please read http://www.acme.com/software/graymilter
---
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_passwd and EAP-MD5

2007-11-30 Thread Alan DeKok 
Phil Mayers wrote:
> HUP does not work reliably, and cannot be made to, for architectural
> reasons. However, Alan has recently added code to the CVS HEAD which
> will reload *certain* portions of the server (just "users" files I
> believe) safely on HUP.

  And a few other modules that read only local files, and don't open
database connections.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: exec ntlm_auth doesn't fail

2007-11-30 Thread Alan DeKok 
Dead6re wrote:
> I hard coded the incorrect password but correct username but the auth failed
> still. Instead I reverted back to the old configuration files, changed the
> Default Auth-Type in the users file to "echo" and changed the "echo" program
> call and it works. Humph!

  You have "wait = no".  This means "fire and forget", i.e. don't bother
waiting for the program to exit... and therefore don't look at it's
return code.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_passwd and EAP-MD5

2007-11-30 Thread Alan DeKok 
Kolbjørn Barmen wrote:
> Hm, does this mean that even now when I use rlm_passwd and tacacs passwd
> file, I need to HUP radiusd whenever someone changes their password?

  The rlm_passwd documentation doesn't say it will re-read the file when
it changes.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_passwd and EAP-MD5

2007-11-30 Thread A . L . M . Buxey 
Hi,

> But is this for real?  I need to restart the server if someone changes
> their password in the file that is configured with rlm_passwd?
> 
> If so, that's not just a minor annoyance :P

there are other modules which provide non-restart functionality
such as SQL password modules - there has also been recent
work in CVS head to make certain modules compatible with a HUP.

however, HUP and server restart - think logically about what is
the difference? When you HUP you tear down and make unavailable
the server anyway. some very nasty things happen in most
daemons that are hup'able. at least the freeradius HUP work
that has been undertaken keeps all the states alive.

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

LDAP Authentication: filter problem

2007-11-30 Thread Carlos Parada 

Hi all,

I'm using an LDAP-based authentication.
I'd have a simple (typical filter) like this

filter = uid=%{User-Name}

Now, in addition, I'd need to authenticate based on a
Service-Info attribute. So I need something like

filter = "(&(uid=%{User-Name})(radiusServiceInfo=%{Service-Info}))

The problem is that when Service-Info doesn't come in the Radius 
packet (because is not mandatory for me), it doesn't work, and I
see on LDAP the following

filter="(&(uid=test1)(?=undefined))"

If Service-Info not present, I would expect something like

filter="(&(uid=test1)(radiusSeviceInfo=))"

Worse, in fact, what I need is a filter slightly different like

filter = "(&(uid=%{User-Name})(!(radiusServiceInfo=%{Service-Info})))

In that case (using the !), the query sent is the following

filter="(&(uid=test1)(?=error))"


I've already search about that on the freeradius mailing-lists
and I didn't saw any report about this problem.

Is that any kind of bug? Or am I doing something wrong?
I appreciate some help.


Best Regards,
Carlos Parada


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_passwd and EAP-MD5

2007-11-30 Thread Phil Mayers 

Kolbjørn Barmen wrote:

On Thu, 29 Nov 2007, [EMAIL PROTECTED] wrote:


Hi,


Hm, does this mean that even now when I use rlm_passwd and tacacs
passwd file, I need to HUP radiusd whenever someone changes their
password?

dont HUP the server, restart the process.


But is this for real?  I need to restart the server if someone changes
their password in the file that is configured with rlm_passwd?


Yes



If so, that's not just a minor annoyance :P



Then use an SQL database.

HUP does not work reliably, and cannot be made to, for architectural 
reasons. However, Alan has recently added code to the CVS HEAD which 
will reload *certain* portions of the server (just "users" files I 
believe) safely on HUP. You could possibly contribute (or pay someone to 
do so) code to do this for rlm_passwd, but to be honest - why bother 
when SQL is available?

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_passwd and EAP-MD5

2007-11-30 Thread Kolbjørn Barmen 
On Thu, 29 Nov 2007, [EMAIL PROTECTED] wrote:

> Hi,
> 
> > Hm, does this mean that even now when I use rlm_passwd and tacacs
> > passwd file, I need to HUP radiusd whenever someone changes their
> > password?
> 
> dont HUP the server, restart the process.

But is this for real?  I need to restart the server if someone changes
their password in the file that is configured with rlm_passwd?

If so, that's not just a minor annoyance :P

-- 
Kolbjørn Barmen
UNINETT Driftsenter
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Packets in Accounting ?

2007-11-30 Thread Edvin Seferovic 
Hello,

 

what happened to the Acct-Input/Output-Packets in Accounting. MySQL schema
doesn't have those fields anymore. Any special reason ?

 

Regards,

E:S

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Expiration module?

2007-11-30 Thread tnt 
How? By instructing you that you should actually read the existing
entries in the configuration - perhaps what you want is already there?
There are plenty of features that have been configured or disabled
(commented out) by default. You just have to read through the
configuration in order to find out.

I am afraid that the common sense module doesn't come with Freeradius.
You have to have that installed already ;-)

Ivan Kalik
Kalik Informatika ISP


Dana 30/11/2007, "Evert" <[EMAIL PROTECTED]> piše:

>[EMAIL PROTECTED] wrote:
>> Expiration is included in the server core, default configuration and
>> enabled by default. There is nothing you need to do in order to
>> "implement" it.
>>
>>> Is the wiki outdated on this point?
>>
>> Point being?
>>
>
>If it is, perhaps it should/could be updated?
>
>
>Regards,
>   Evert
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Newbie: What does this mean (Wrong NAS port ID)?

2007-11-30 Thread Piero Giobbi 

Hi all.

Im using freeradius  1.1.7 with Proxim AP4000 and it works. But i get  
this in my syslog.


Error: rlm_radutmp: Logout entry for NAS ap-serverummet port 9 has  
wrong ID


What does this mean? Can i ignore it? Can't really find anything  
useful on the net..


client-conf:
client 10.0.5.191 {
   secret  = xxx
   shortname   = ap-serverummet
   nastype = other # localhost isn't usually a NAS...
}

thx.

p

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Expiration module?

2007-11-30 Thread Evert 
[EMAIL PROTECTED] wrote:
> Expiration is included in the server core, default configuration and
> enabled by default. There is nothing you need to do in order to
> "implement" it.
> 
>> Is the wiki outdated on this point?
> 
> Point being?
> 

If it is, perhaps it should/could be updated?


Regards,
Evert

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html