Re: EAP-TLS Authentication
--Please suggest any document which can help in better understanding on TLS Authentication. Arvind, I also faced the same issue at beginning , but I would suggest to read Freeradius own documentation. That is probably the best. On Mon, Sep 23, 2013 at 7:45 PM, arvind132 . arvind...@gmail.com wrote: Hi, I am facing some issues with 802.1x EAP-TLS Authentication. Please suggest any document which can help in better understanding on TLS Authentication. Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: coa
thanks tiffany I have followed your instruction, but same issue,, here is the log [root@aaaisb1 terminus]# cat dic.txt | radclient -x 2.2.2.2:3799 disconnect 'huaweiaaa' Sending Disconnect-Request of id 179 to 2.2.2.2 port 3799 Acct-Session-Id = 1B1E97C3 User-Name = 002682615F4E@test_cpe.com NAS-IP-Address = 2.2.2.2 rad_recv: Disconnect-NAK packet from host 2.2.2.2 port 3799, id=179, length=26 Error-Cause = Missing-Attribute tell me one thing,,,i need some configuration for enabling COA in freeradius??? thanks On Tue, Jul 23, 2013 at 10:39 AM, Tiffany Pasisir tiffany.pasi...@countrytell.com.au wrote: Hi Muhammad ** ** Try put in a file ** ** Acct-Session-Id=1B1E97C3 User-Name=002682615F4E@test_cpe.com NAS-IP-Address=2.2.2.2 ** ** cat file | radclient -x 2.2.2.2:3799 disconnect 'huaweiaaa' ** ** See how it goes ** ** Send all the output here so we can help ** ** Tiffany ** ** *From:* freeradius-users-bounces+tiffany.pasisir= countrytell.com...@lists.freeradius.org [mailto: freeradius-users-bounces+tiffany.pasisir= countrytell.com...@lists.freeradius.org] *On Behalf Of *Muhammad Nadeem *Sent:* Tuesday, 23 July 2013 2:50 PM *To:* FreeRadius users mailing list *Subject:* coa ** ** hi everybody,, I wanna implement COA (Change Of Authorization) in freeradius. I have a live session of a device, I wanna disconnect this device forcefully. ** ** I isssued following command ** ** echo Acct-Session-Id=1B1E97C3,User-Name=002682615F4E@test_cpe.com,NAS-IP-Address=2.2.2.2 | radclient -x 2.2.2.2:3799 disconnect 'huaweiaaa' ** ** but it give the error of missing attribute. Can anybody tell me what is the issue. Thanks ** ** -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
coa
hi everybody,, I wanna implement COA (Change Of Authorization) in freeradius. I have a live session of a device, I wanna disconnect this device forcefully. I isssued following command echo Acct-Session-Id=1B1E97C3,User-Name=002682615F4E@test_cpe.com,NAS-IP-Address=2.2.2.2 | radclient -x 2.2.2.2:3799 disconnect 'huaweiaaa' but it give the error of missing attribute. Can anybody tell me what is the issue. Thanks -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: certificate expiration proble
thanx for you reply, but as i said certificates are ok. Please see this log [tls] -- User-Name = 0026826172C4@test_cpe.com [tls] -- BUF-Name = wi-tribe Pakistan Certification Authority [tls] -- subject = /C=PK/ST=Fedral Capital/L=Islamabad/O=wi-tribe Pakistan limited/OU=Network Operations/CN=wi-tribe Pakistan Certification Authority/emailAddress=pkwi...@pk.wi-tribe.com [tls] -- issuer = /C=PK/ST=Fedral Capital/L=Islamabad/O=wi-tribe Pakistan limited/OU=Network Operations/CN=wi-tribe Pakistan Certification Authority/emailAddress=pkwi...@pk.wi-tribe.com *[tls] -- verify return:1* *-- verify error:num=10:certificate has expired * *[tls] TLS 1.0 Alert [length 0002], fatal certificate_expired * *TLS Alert write:fatal:certificate expired* *TLS_accept: error in SSLv3 read client certificate B* *rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned* * * *thanks* On Fri, Jul 19, 2013 at 2:58 PM, a.l.m.bu...@lboro.ac.uk wrote: Hi, I am trying to configure eap with some customized certificates, I have configured eap.config correctly. But I am getting the error of certificate expired. Although i have the latest certificates. certificate has expired. FreeRADIUS has no reason to lie. check the startup output of 'radiusd -X' - look for when it loads the certs. then use openssl to read those certs to see what the values are - server cert, CA certor client cert. whatever you're using eg openssl x509 -in server.pem -noout -text alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dictionary type problem
hi everybody I am adding some new attributes to dictionary.motorola. but when i run freeradius , it gives the follwoing error. including dictionary file /usr/local/etc/raddb/dictionary Errors reading dictionary: dict_init: /usr/local/share/freeradius/dictionary.motorola[78]: invalid type hexdecimal it clearly indicates that it doesnot support hexadecimal type. Could anyone please tell me , whts the alternative of this. Thanks in advance -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dictionary type problem
thnaks ,, it is fixed On Thu, Jul 11, 2013 at 11:59 AM, Alan DeKok al...@deployingradius.comwrote: Muhammad Nadeem wrote: it clearly indicates that it doesnot support hexadecimal type. Could anyone please tell me , whts the alternative of this. Maybe you can try reading the documentation to learn about the dictionary file format. See man dictionary. Or even read the raddb/dictionary file. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using freeradius as proxy for EAP-SIM/EAP-AKA
--I am wondering if it is possible to proxy EAP-SIM/EAP-AKA authentication using FreeRadius ? yes it is possible , but you have to make sure that all requests of an EAP session are being entertain by the same server, ( as proxy can have multipile freeradius servers), Read proxy.config, it have some methods for proxy, some of these are for chap and one or two or of EAP. similarly you can use some other methods like (Linux Virtual Server LVS) to accomplish this task. On Mon, Jul 1, 2013 at 10:48 AM, Ming-Ching Tiew mct...@yahoo.com wrote: Hi I am wondering if it is possible to proxy EAP-SIM/EAP-AKA authentication using FreeRadius ? Assuming brand X radius server has support for EAP-SIM/EAP-AKA, but it's located at the final end of the food chain, and in-between the brand X radius server and the Access point, there are 2 (or more) radius servers which are doing proxying ( and some other non-EAP SIM/EAP AKA work ). Will it work ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Testing failure during setup
file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = user1, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] EAP packet type response id 211 length 22 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry user1 at line 173 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/md5 [eap] processing type md5 [eap] Freeing handler ++[eap] returns ok # Executing section post-auth from file /etc/freeradius/sites-enabled/default +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 126 to 192.168.0.92 port 40535 EAP-Message = 0x03d30004 Message-Authenticator = 0x User-Name = user1 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.92 port 40535, id=126, length=87 Sending duplicate reply to client server12 port 40535 - ID: 126 Sending Access-Accept of id 126 to 192.168.0.92 port 40535 Waking up in 4.9 seconds. Cleaning up request 0 ID 125 with timestamp +16 Cleaning up request 1 ID 126 with timestamp +16 Ready to process requests. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Vote on the new FreeRADIUS logo
voted On Thu, Mar 21, 2013 at 3:50 PM, Stephan Kirsten stephan.kirs...@fbn-dd.dewrote: #1 and #45 are nice and the favicon would be distinct from others as well Am 20.03.2013 22:04, schrieb Arran Cudbard-Bell: Currently in the final round of selecting a new logo, please vote on the poll here to select your favourite, you don't need to register. http://99designs.ca/logo-**design/vote-5wpx8thttp://99designs.ca/logo-design/vote-5wpx8t -Arran Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team Please contribute documentation: http://wiki.freeradius.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/**list/users.htmlhttp://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/** list/users.html http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cannot disconnect radius user using radclient
*echo User-Name=alice | radclient -x 192.168.2.3:3779 disconnect testing123* *Sending Disconnect-Request of id 78 to 192.168.2.3 port 3779* * * * default port of freeradius is 1812 and 1813,, use these ports* On Sun, Mar 10, 2013 at 6:24 PM, Iftakhul Anwar an...@meruvian.org wrote: Hi All, I've successfully install coovachili anda freeradius using mysql database. Now I've just try to disconnect coovachilli user online with radclient command: I try with command bellow to disconect user=alice * echo User-Name=alice | radclient -x localhost:3779 disconnect testing123* *Sending Disconnect-Request of id 126 to 127.0.0.1 port 3779* * User-Name = alice* *rad_recv: Disconnect-ACK packet from host 127.0.0.1 port 3779, id=126, length=20* And then, user alice be disconnect from coova. Then i try to give disconnect command using remote acces using command bellow : *echo User-Name=alice | radclient -x 192.168.2.3:3779 disconnect testing123* *Sending Disconnect-Request of id 78 to 192.168.2.3 port 3779* * User-Name = alice* *radclient: no response from server for ID 78 socket 3* * * Note: 192.168.2.3 is ip of radius server But no response from radius server. I've add on client.conf ip address which i use to radius client.But still have same problem. I try that command on my local machine using comand : *echo User-Name=alice | radclient -x 192.168.2.3:3779 disconnect testing123* * * Radius still no response. How i can execute this command both of on local and on remote machine ? Thanks -- *M.Iftakhul Anwar* Meruvian Integrator High Performance Computing / Cloud Computing (HPC/CC) Office Phone : 021-93586577 Mobile Phone : 085215331477 Blog : http://blog.mervpolis.com/roller/anwar FB : http://www.facebook.com/troya.adromeda Website : www.meruvian.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cannot access radius server from remote host
For this you have to define the IP address and shared secret on the Radius server in client.config following is an entry that define that you can send request from an computer having 192.168.0.102 IP address. client 192.168.0.102 { ipaddr = 192.168.0.102 secret = testing123 } Please read client.config for further details On Sat, Mar 9, 2013 at 3:35 PM, Iftakhul Anwar an...@meruvian.org wrote: Hi All, I just try connect radius server remotely. i've try to radtest with command : radtest user1 meruvian localhost 1812 testing123 Sending Access-Request of id 133 to 127.0.0.1 port 1812 User-Name = user1 User-Password = meruvian NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 Message-Authenticator = 0x rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=133, length=20 ## i get accept response from radius server. But when i try with command bellow i got error message like a no respon from radius server: radtest user1 meruvian 192.168.2.3 1812 testing123 Sending Access-Request of id 12 to 192.168.2.3 port 1812 User-Name = user1 User-Password = meruvian NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 Message-Authenticator = 0x Sending Access-Request of id 12 to 192.168.2.3 port 1812 User-Name = user1 User-Password = meruvian NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 Message-Authenticator = 0x Sending Access-Request of id 12 to 192.168.2.3 port 1812 User-Name = user1 User-Password = meruvian NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 Message-Authenticator = 0x radclient: no response from server for ID 12 socket 3 Note:192.168.2.3 is ip of radius server. How i can try to connect radius server from another host ? i've try to disable my firewall. but still get no respon from server. Help me to solve this. Thanks -- *M.Iftakhul Anwar* Meruvian Integrator High Performance Computing / Cloud Computing (HPC/CC) Office Phone : 021-93586577 Mobile Phone : 085215331477 Blog : http://blog.mervpolis.com/roller/anwar FB : http://www.facebook.com/troya.adromeda Website : www.meruvian.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cannot access radius server from remote host
My Pleasure Bro:) On Sat, Mar 9, 2013 at 4:04 PM, Iftakhul Anwar an...@meruvian.org wrote: Hi Muhammad, Thanks for your reply,it's solve my problem :) Thanks very much On Sat, Mar 9, 2013 at 5:43 PM, Muhammad Nadeem mnadeem8...@gmail.comwrote: For this you have to define the IP address and shared secret on the Radius server in client.config following is an entry that define that you can send request from an computer having 192.168.0.102 IP address. client 192.168.0.102 { ipaddr = 192.168.0.102 secret = testing123 } Please read client.config for further details On Sat, Mar 9, 2013 at 3:35 PM, Iftakhul Anwar an...@meruvian.orgwrote: Hi All, I just try connect radius server remotely. i've try to radtest with command : radtest user1 meruvian localhost 1812 testing123 Sending Access-Request of id 133 to 127.0.0.1 port 1812 User-Name = user1 User-Password = meruvian NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 Message-Authenticator = 0x rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=133, length=20 ## i get accept response from radius server. But when i try with command bellow i got error message like a no respon from radius server: radtest user1 meruvian 192.168.2.3 1812 testing123 Sending Access-Request of id 12 to 192.168.2.3 port 1812 User-Name = user1 User-Password = meruvian NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 Message-Authenticator = 0x Sending Access-Request of id 12 to 192.168.2.3 port 1812 User-Name = user1 User-Password = meruvian NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 Message-Authenticator = 0x Sending Access-Request of id 12 to 192.168.2.3 port 1812 User-Name = user1 User-Password = meruvian NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 Message-Authenticator = 0x radclient: no response from server for ID 12 socket 3 Note:192.168.2.3 is ip of radius server. How i can try to connect radius server from another host ? i've try to disable my firewall. but still get no respon from server. Help me to solve this. Thanks -- *M.Iftakhul Anwar* Meruvian Integrator High Performance Computing / Cloud Computing (HPC/CC) Office Phone : 021-93586577 Mobile Phone : 085215331477 Blog : http://blog.mervpolis.com/roller/anwar FB : http://www.facebook.com/troya.adromeda Website : www.meruvian.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- *M.Iftakhul Anwar* Meruvian Integrator High Performance Computing / Cloud Computing (HPC/CC) Office Phone : 021-93586577 Mobile Phone : 085215331477 Blog : http://blog.mervpolis.com/roller/anwar FB : http://www.facebook.com/troya.adromeda Website : www.meruvian.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius with either LDAP or Mysql Error lib not found
Fri Mar 8 13:44:46 2013 : Error: Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory It seems that your mysql drivers have not been installed successfully, thanks to freeradius, it has the option to install mysql server along free radius . (use this command sudo apt-get install mysql-server (somthing like that if not work,, google it). Hopefully problem will be solve On Fri, Mar 8, 2013 at 12:51 PM, Iftakhul Anwar an...@meruvian.org wrote: Hi All I just try to config freeradius using either Mysql or LDAP. But i get same error like bellow : [errror Mysq] Fri Mar 8 13:44:46 2013 : Error: Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory Fri Mar 8 13:44:46 2013 : Error: Make sure it (and all its dependent libraries!) are in the search path of your system's ld. Fri Mar 8 13:44:46 2013 : Error: /usr/local/etc/raddb/sql.conf[22]: Instantiation failed for module sql Fri Mar 8 13:44:46 2013 : Error: /usr/local/etc/raddb/sites-enabled/default[177]: Failed to find sql in the modules section. Fri Mar 8 13:44:46 2013 : Error: /usr/local/etc/raddb/sites-enabled/default[69]: Errors parsing authorize section. i've read in some article that it's solved by installed mysql-devel package. In this case i've installed libmysqlclient-dev on my ubuntu 12.04 But still get same error. It's also happen on my freeradius ldap? [error LDAP] /usr/local/etc/raddb/modules/ldap[29]: Failed to link to module 'rlm_ldap': rlm_ldap.so: cannot open shared object file: No such file or directory /usr/local/etc/raddb/sites-enabled/default[305]: Failed to find ldap in the modules section. /usr/local/etc/raddb/sites-enabled/default[305]: Failed to parse ldap How i can solve this issue ? Thanks -- *M.Iftakhul Anwar* Meruvian Integrator High Performance Computing / Cloud Computing (HPC/CC) Office Phone : 021-93586577 Mobile Phone : 085215331477 Blog : http://blog.mervpolis.com/roller/anwar FB : http://www.facebook.com/troya.adromeda Website : www.meruvian.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius with either LDAP or Mysql Error lib not found
Ok man.. set LD_LIBRARY_PATH to your mysql drivers,, like for oracle it will be SET PATH=LD_LIBRARY_PATH=$ORACLE_HOME/lib On Fri, Mar 8, 2013 at 1:02 PM, Iftakhul Anwar an...@meruvian.org wrote: I've installed mysql-server on my system even before i installed freeradius server. Any another tips to solve this ? On Fri, Mar 8, 2013 at 2:59 PM, Muhammad Nadeem mnadeem8...@gmail.comwrote: Fri Mar 8 13:44:46 2013 : Error: Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory It seems that your mysql drivers have not been installed successfully, thanks to freeradius, it has the option to install mysql server along free radius . (use this command sudo apt-get install mysql-server (somthing like that if not work,, google it). Hopefully problem will be solve On Fri, Mar 8, 2013 at 12:51 PM, Iftakhul Anwar an...@meruvian.orgwrote: Hi All I just try to config freeradius using either Mysql or LDAP. But i get same error like bellow : [errror Mysq] Fri Mar 8 13:44:46 2013 : Error: Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory Fri Mar 8 13:44:46 2013 : Error: Make sure it (and all its dependent libraries!) are in the search path of your system's ld. Fri Mar 8 13:44:46 2013 : Error: /usr/local/etc/raddb/sql.conf[22]: Instantiation failed for module sql Fri Mar 8 13:44:46 2013 : Error: /usr/local/etc/raddb/sites-enabled/default[177]: Failed to find sql in the modules section. Fri Mar 8 13:44:46 2013 : Error: /usr/local/etc/raddb/sites-enabled/default[69]: Errors parsing authorize section. i've read in some article that it's solved by installed mysql-devel package. In this case i've installed libmysqlclient-dev on my ubuntu 12.04 But still get same error. It's also happen on my freeradius ldap? [error LDAP] /usr/local/etc/raddb/modules/ldap[29]: Failed to link to module 'rlm_ldap': rlm_ldap.so: cannot open shared object file: No such file or directory /usr/local/etc/raddb/sites-enabled/default[305]: Failed to find ldap in the modules section. /usr/local/etc/raddb/sites-enabled/default[305]: Failed to parse ldap How i can solve this issue ? Thanks -- *M.Iftakhul Anwar* Meruvian Integrator High Performance Computing / Cloud Computing (HPC/CC) Office Phone : 021-93586577 Mobile Phone : 085215331477 Blog : http://blog.mervpolis.com/roller/anwar FB : http://www.facebook.com/troya.adromeda Website : www.meruvian.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- *M.Iftakhul Anwar* Meruvian Integrator High Performance Computing / Cloud Computing (HPC/CC) Office Phone : 021-93586577 Mobile Phone : 085215331477 Blog : http://blog.mervpolis.com/roller/anwar FB : http://www.facebook.com/troya.adromeda Website : www.meruvian.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: proxy the radius server
as Alan already asked, that you should read some thing about Proxy. There is an excellent documentation in proxy.conf file. If you carefully read that document, you will easily configure proxy. On Fri, Feb 22, 2013 at 4:57 PM, Lakshmi Narayana Baliah lb0074...@techmahindra.com wrote: Hi all, ** ** I want to configure the proxy from my free radius to another free radius server How do i do that ??? please help ** ** Thanks Lakshmi Disclaimer: This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review the policy at http://www.techmahindra.com/Disclaimer.html externally and http://tim.techmahindra.com/tim/disclaimer.html internally within Tech Mahindra. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: eap testing
On 2/20/13, a.l.m.bu...@lboro.ac.uk a.l.m.bu...@lboro.ac.uk wrote: Hi, requests to two backend servers. in 'proxy.conf' i have configured 'type=client-balance' so that it can work with EAP. client-port-balance Now i wanna do load testing of this configuration with EAP-TLS. So with configuration i need to have a lot of NAS, with different IP's. But I only have 2. the NAS should be sending their requests using different ports and this other balance method will be fine Could any one please help me in this situation. Could please suggest me a tool or a guideline to achieve my goal. up until now, we are not sure what your goal really is - you seem to be doing a lot of testing but with no real requirements or case. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University thanc A.L.M for your answer,, My primary goal is to configure a fast system to authenticate EAP-TLS requests. For this purpose i used proxy (to distribute requests to different freeradius servers). Now i just wanna confirm NumberOfRequests/second , handled by my system. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: eap testing
On 2/20/13, a.l.m.bu...@lboro.ac.uk a.l.m.bu...@lboro.ac.uk wrote: Hi, requests to two backend servers. in 'proxy.conf' i have configured 'type=client-balance' so that it can work with EAP. client-port-balance Now i wanna do load testing of this configuration with EAP-TLS. So with configuration i need to have a lot of NAS, with different IP's. But I only have 2. the NAS should be sending their requests using different ports and this other balance method will be fine Could any one please help me in this situation. Could please suggest me a tool or a guideline to achieve my goal. up until now, we are not sure what your goal really is - you seem to be doing a lot of testing but with no real requirements or case. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html And A.L.M, i have used type=client-port-balance But it didnot make any difference from previous (type=client-balance). What could be the issue.\???/ -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: eap testing
On 2/20/13, a.l.m.bu...@lboro.ac.uk a.l.m.bu...@lboro.ac.uk wrote: Hi, My primary goal is to configure a fast system to authenticate EAP-TLS requests. For this purpose i used proxy (to distribute requests to different freeradius servers). Now i just wanna confirm NumberOfRequests/second , handled by my system. what is fast? (I can make a RADIUS server faster by chucking more CPU power at it.. 8 core Xeon instead of a core duo II etc.) - what are your actual requirements? ie what number of concurrent client connections/authentications are you looking for, what EAP methods (each method has its own quirks/requirements/number of packets) have you looked at crypto offloading technology to take CPU load down as part of this requirement? what AAA policy are you going to have for EAP-TLS - CRL? dynamic checking? (each has their own load/impact) do you need this proxy? Can your kit be configured to just talk directly to a few back end RADIUS servers? what is the purpose of this proxy? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ie what number of concurrent client connections/authentications are you looking about 250/sec for, what EAP methods (each method has its own quirks/requirements/number of packets) EAP-TLS what is the purpose of this proxy? Basic purpose is 'load-balancing' on a cluster of Freeradius servers. I am donot using any 3rd party Load balancing Tool (like Virtual Linux server etc etc). -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: eap testing
On 2/20/13, a.l.m.bu...@lboro.ac.uk a.l.m.bu...@lboro.ac.uk wrote: Hi, Basic purpose is 'load-balancing' on a cluster of Freeradius servers. why? do you need to load-balance in this manner? can your clients not do any load balancing? the FR balance code worksas you say, if you only have 2 NAS then you only get 50/50 - with more it will spread. apart from some academic research/course assignment I am still wondering why you are putting this into place. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Thanx alan why? do you need to load-balance in this manner? Is there any other way to do this??? suppose i have hundreds of NAS, how their requests can be sent in parallel, to different FR??? Is FR support such a mechanism without using REALM and PROXY??? If yes., what is it??? -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: eap testing
On 2/20/13, a.l.m.bu...@lboro.ac.uk a.l.m.bu...@lboro.ac.uk wrote: Hi, Is there any other way to do this??? suppose i have hundreds of NAS, how their requests can be sent in parallel, to different FR??? Is FR support such a mechanism without using REALM and PROXY??? If yes., what is it??? 1) why would you want to send a request from a NAS in parallel to different servers? that is just asking for major problems 2) what NAS kit are yu dealing with? Can this kit not do its own load-balancing? 3) are you simply balancing realm targets? - why just one proxy anyway? that would be single point failure and bottleneck. have multiple proxies alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Thanx alan, now we are aligned :) 1) why would you want to send a request from a NAS in parallel to different servers? that is just asking for major problems I dont want to do this,,, I just want that requests from NAS (Their are thousands of NAS, which send requests for AAA to FR) should be distributed among many backend Free Radius servers. 2) what NAS kit are yu dealing with? Can this kit not do its own load-balancing? No it didnot, 3) are you simply balancing realm targets? - why just one proxy anyway? that would be single point failure and bottleneck. have multiple proxies Yes this was in my mind, so further research cleared me that a NAS have some backup server IP's (may have multiple backup IP's that can be used if a proxy server become down). So i can configure multiple Proxy servers, which are load balancing among same Freeradius servers. hopefully u understand the scenario. Thanks -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: eap testing
On 2/20/13, a.l.m.bu...@lboro.ac.uk a.l.m.bu...@lboro.ac.uk wrote: Hi, be used if a proxy server become down). So i can configure multiple Proxy servers, which are load balancing among same Freeradius servers. hopefully u understand the scenario. Thanks okay. so back to the other questions - how many clients and what sort of auths/sec speed are you looking for? you can run a whole campus infrastructure from one single RADIUS server on 3yr old hardware with over 10k concurrent users - depending on AAA requirements and policy. the same server can choke if the backend uses some single threaded table locking junk like MySQL ;-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html thanx alan how many clients and what sort of auths/sec speed are you looking for? EAP-TLS and about 250 requests/second, and client can be up to 0.5 million to 1.5 million (its just not a campus project, this could be used for commercial purpose , but i am not quite sure, wether it will be or not ;( ) the same server can choke if the backend uses some single threaded table locking dont worry about this ,, I have a clustered, high speed and indexed database as backend database. -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxy Problem
Hi everybody,, I have configured a proxy server with 'type=client-port-balance'. I have configure two backed FR servers(192.168.0.109 and 192.168.0.112). I am sending requests from a PC to 192.168.0.102 ( acting as proxy server). But requests are forwarded to only one FR server (i-e 192.168.0.112). Why proxy server is not sending requests to other one. As each request has same IP but different PORT, So hashing mechanism of Proxy server should also choose other FR server (192.168.0.109) for requests entertaining. could anyone please tell me what's the issue. Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
eap testing
Hi every body,, I have fallen into a serious trouble :( I have configured a proxy server, that is proxying all incoming requests to two backend servers. in 'proxy.conf' i have configured 'type=client-balance' so that it can work with EAP. Now i wanna do load testing of this configuration with EAP-TLS. So with configuration i need to have a lot of NAS, with different IP's. But I only have 2. Could any one please help me in this situation. Could please suggest me a tool or a guideline to achieve my goal. Thanks in advance - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TLS problem
On 2/18/13, Phil Mayers p.may...@imperial.ac.uk wrote: On 02/18/2013 06:31 AM, Tobias Hachmer wrote: Hello Muhammad, On 18.02.2013 07:17, Muhammad Nadeem wrote: Now I want to practically test EAP-TLS with freeradius on REDHAT 5. I have configured eap.confg to use EAP-TLS. But i don't know , how to send requests to freeradius server, so that he can authenticate the user using TLS (with digital certificate). Can anyone help me, thanks in advance.. You will need a RADIUS Client, e.g. - wireless access point - lan switch which acts as the RADIUS Client (Authenticator in 802.1X terminology). Both have to support 802.1X and RADIUS. Without you won't be able to test EAP-TLS. I am not aware of a simulator client program. Thankfully, this isn't correct. You can use eapol_test which comes with the wpa_supplicant source to test pretty much every EAP type there is, including EAP-TLS. To the OP - download wpa_supplicant sources and build eapol_test. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html thanks phill, eapol_test really working . thanks a lot - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TLS problem
On 2/18/13, a.l.m.bu...@lboro.ac.uk a.l.m.bu...@lboro.ac.uk wrote: Hi, Thankfully, this isn't correct. You can use eapol_test which comes with the wpa_supplicant source to test pretty much every EAP type there is, including EAP-TLS. To the OP - download wpa_supplicant sources and build eapol_test. eapol_test is VERY powerful.and there are even little test scripts provided in the FreeRADIUS source however, if you want clicky GUI then also look at JRadius Simulator: http://www.coova.org/JRadius/Simulator (but this mailing list isnt a support forum for either of those tools!) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html thanx A.L.M,,, but actually I am not aware of what to send in request of EAP-TLS. I have followed the README in /raddb/certs/ and make the CA, CLIENT and SERVER certificate. Now I request to the server with eapol_test, with following parameter netwrok={ eap=TLS eapol_flags=0 key_mgmt=IEEE8021X identity=bob ca_cert=/usr/local/etc/raddb/certs/ca.pem client_cert=/usr/local/etc/raddb/certs/client.pem private_kry=/usr/local/etc/raddb/certs/server.key private_key_passwd=whatever } but this request give me a FAILURE response. I have googled a lot to find my appropriate answer, ( what need to send in client request etc etc). - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP TLS client
On 2/15/13, Stefan Winter stefan.win...@restena.lu wrote: Hi, I have configured freeradius to entertain EAP-TLS requests. And i am using the freeradius certificate (shipped with software). I got stuck at end, now i don't know how to send EAP-TLS request to server. I read man radeapclient, but it only support md5. Could you please tell me how could i send request to server using EAP-TLS authentication method. Either by using a real EAP supplicant (Windows machine, Mac OS, ...) or for a command-line test use eapol_test, which is part of wpa_supplicant. Stefan -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 Thanks Stefan, for your answer. I preferred command line tooleapol_test. I also wpasupplicant from official website. But i have a problem, when I want to make eapol_test it give the follwoing error. /usr/bin/ld: cannot find -lnl collect2: ld returned 1 exit status make: *** [eapol_test] Error 1 Any idea about this error?// -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Load Balancing
thanx john: yes i can run many instances of radclient. But i want on instance of radclient, that can send parallel requests to radius server. On Wed, Feb 13, 2013 at 12:56 PM, Johan Meiring jmeir...@pcservices.co.zawrote: On 2013/02/12 04:45 PM, Alan DeKok wrote: I tried to use Rad Client to send requests in Parallel, but i wasn't succeed. Could you please help me out to send parallel requests to proxy server??? Am I missing something, or can you not simply run more than once instance of radclient on more than one console? -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 Before acting on this email or opening any attachments you should read Cape PC Service's email disclaimer at: http://www.pcservices.co.za/**disclaimer.htmlhttp://www.pcservices.co.za/disclaimer.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/** list/users.html http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Load Balancing
I used -c 1, and omit -p,, result was the same . 1 users were authenticated in 23 seconds :) . So i think no difference of using -p and -c together ?? M I right?? On Wed, Feb 13, 2013 at 1:32 PM, Muhammad Nadeem mnadeem8...@gmail.comwrote: will it send 1 parallel requests to free radius server why not simply use -c 1, instead of -p 100 -c 1. What will be the difference??? Thanks On Wed, Feb 13, 2013 at 1:16 PM, Olivier Beytrison oliv...@heliosnet.orgwrote: On 13.02.2013 09:03, Muhammad Nadeem wrote: thanx john: yes i can run many instances of radclient. But i want on instance of radclient, that can send parallel requests to radius server. simply use echo User-Name=001AAD3F8165, NAS-IP-Address=10.192.100.4|radclient -p 100 -c 1 192.168.0.102 auth testing123 -x man radclient -c count Send each packet count times. Olivier -- Olivier Beytrison Network Security Engineer, HES-SO Fribourg Mobile: +41 (0)78 619 73 53 Mail: oliv...@heliosnet.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Load Balancing
will it send 1 parallel requests to free radius server why not simply use -c 1, instead of -p 100 -c 1. What will be the difference??? Thanks On Wed, Feb 13, 2013 at 1:16 PM, Olivier Beytrison oliv...@heliosnet.orgwrote: On 13.02.2013 09:03, Muhammad Nadeem wrote: thanx john: yes i can run many instances of radclient. But i want on instance of radclient, that can send parallel requests to radius server. simply use echo User-Name=001AAD3F8165, NAS-IP-Address=10.192.100.4|radclient -p 100 -c 1 192.168.0.102 auth testing123 -x man radclient -c count Send each packet count times. Olivier -- Olivier Beytrison Network Security Engineer, HES-SO Fribourg Mobile: +41 (0)78 619 73 53 Mail: oliv...@heliosnet.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Load Balancing
Athanx Fajar Actually Rad perf is not available on website. And i also used -p with radclient. But it didnot sent requests in parallel. On Wed, Feb 13, 2013 at 1:30 PM, Fajar A. Nugraha l...@fajar.net wrote: On Wed, Feb 13, 2013 at 1:42 AM, Muhammad Nadeem mnadeem8...@gmail.com wrote: Could you please help me out to send parallel requests to proxy server??? Try radclient (see -p): http://linux.die.net/man/1/radclient Alternatively, try radperf: http://networkradius.com/radperf.html -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Load Balancing
ok, I followed your process. i make a file with User-Name and NAS-IP-Address attribute. and issue the following command radclient -c 10 -p 1000 -f radrequest.txt 192.168.0.112 auth testing123 But i only receive 10 access-accept packets. So what does it mean?? If upper command issues 1000 requests 10 times, so their should be 1 access-accept packets?? So please tell me where things are going worse :( On Wed, Feb 13, 2013 at 2:37 PM, Olivier Beytrison oliv...@heliosnet.orgwrote: On 13.02.2013 09:38, Muhammad Nadeem wrote: I used -c 1, and omit -p,, result was the same . 1 users were authenticated in 23 seconds :) . So i think no difference of using -p and -c together ?? M I right?? Well yeah -p works only with a file (-f) so, feed your request multiple time to a file : for d in {1..1} ; do echo -e User-Name=001AAD3F8165\nNAS-IP-Address=10.192.100.4\n rad-requests.txt ; done (there need to be a empty line between request, hence the extra \n at the end) Send the requests, 100 at a time, and repeat 10 times radclient -c 10 -p 100 -f rad-requests.txt server:port auth secret Tested it here and works very well Olivier -- Olivier Beytrison Network Security Engineer, HES-SO Fribourg Mobile: +41 (0)78 619 73 53 Mail: oliv...@heliosnet.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Load Balancing
thanks a lot olivier... This stuff really worked for me.. cheers On Wed, Feb 13, 2013 at 4:05 PM, Olivier Beytrison oliv...@heliosnet.orgwrote: On 13.02.2013 11:45, Muhammad Nadeem wrote: ok, I followed your process. i make a file with User-Name and NAS-IP-Address attribute. and issue the following command radclient -c 10 -p 1000 -f radrequest.txt 192.168.0.112 auth testing123 But i only receive 10 access-accept packets. So what does it mean?? If upper command issues 1000 requests 10 times, so their should be 1 access-accept packets?? So please tell me where things are going worse :( This mean your text file contains only one packet. Check the content of radrequest.txt. there should be 30002 lines ... and each packet should be seperated by an blank line. -- Olivier Beytrison Network Security Engineer, HES-SO Fribourg Mobile: +41 (0)78 619 73 53 Mail: oliv...@heliosnet.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius form
thanks alan.. so you mean that i am not configuring things in a good way. that's why the proxy has become a bottle neck ??? On Wed, Feb 13, 2013 at 9:04 PM, a.l.m.bu...@lboro.ac.uk wrote: Hi, I have used Proxy functionality of freeradius for load balancing and failover. But this decrease the performance a lot. (with direct requests i can authenticate 450 users/sec, but with proxy , only 26 users/sec). you've asked the same question before. the answer is to look at your configuration, read the docs and man pages for the parts and configure it so that it can handle many more when proxying. you have a delay/block somewhere. find it. fix it. this list is for advice/help...not for consultancy which you can pay for and get elsewhere alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Load Balancing Issue
thanks alan Actually I am using load balancing for rapid authentication of users. let suppose i have one prosy server that is proxying incoming requests to these five servers. Theoratically the speed of authentication should be fast. But in case of mine it is too slow. I have changed 'max_requests' in radiusd.config. And also remove unnecessary processing on radius server (that is proxying requests). Now tell me what else can I do?? :( Though i am a new bee in RADIUS, but I think Proxy server is the bottle neck??? On Tue, Feb 12, 2013 at 1:44 PM, a.l.m.bu...@lboro.ac.uk wrote: Hi, I am using Freeradius 2.2.0 on redhat 5. My goal was to increase the speed of user authentication. To achieve this I configured Load Balancing (with realms). I have a proxy Freeradius server, that is just proxying requests to 2 other freeradius servers. you only asked this question less than 2 hours ago. okay, you need to see why the proxy is causing a x3 factor in slowdown? run the servers in full debug mode with timestamps and check to see where your delay isdont throw 10 million requests at it though, just a dozen should be enought in the first instance to see where the hit is. I'd assume that you havent made any configuration changes or tweaked any configs...in which case your proxy box is probably not ready to be dealing with that many in transit requests (whereas the authentication servers can handle multiple requests per thread) - so, some basic tweaking will probably do something ..though I think you've already found that you dont need to load-balance ;-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Load Balancing
Hi, I am new to freeradius. I wantto implement load balancing on freeradius servers (not on backend database). I want that if a bulk of requests are received, these requests should be distributed evenly among multiple freeradius servers. Can any one please tell me, how could i achieve this goal. Thanks in advance - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Load Balancing
thanx alan,, I have configured a proxy server using documentation of 'proxy.conf'. which is proxying requests to 2 home_servers. Yes you are right, may b the tool which I am using (Radius NT client) sending requests in series. I tried to use Rad Client to send requests in Parallel, but i wasn't succeed. Could you please help me out to send parallel requests to proxy server??? Bundle of thanks in advance :) On Tue, Feb 12, 2013 at 7:19 PM, Alan DeKok al...@deployingradius.comwrote: Muhammad Nadeem wrote: Hi, I am new to freeradius. I wantto implement load balancing on freeradius servers (not on backend database). I want that if a bulk of requests are received, these requests should be distributed evenly among multiple freeradius servers. Can any one please tell me, how could i achieve this goal. The documentation is clear. Load-balancing is simple to configure. It's documented in proxy.conf. My guess is your test is wrong. You're probably sending packets in *series*. The latency added by a proxy slows down series, so that it takes longer. If you send packets in parallel, you would see a higher latency for each packet, but the ability to process more packets per second. You've admitted to not knowing much about RADIUS. If the test doesn't do what you expect, the obvious conclusion is to blame the test, not FreeRADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Load Balancing
thanx alan.. But i searching around on web i came to know that radclient can also be used for load testing. But when i use this with -p (to send requests in parallel), it only send one packet. here is the command out put [root@billing ~]# echo User-Name=001AAD3F8165, NAS-IP-Address=10.192.100.4|radclient -p 100 192.168.0.102 auth testing123 -x Sending Access-Request of id 120 to 192.168.0.102 port 1812 User-Name = 001AAD3F8165 NAS-IP-Address = 10.192.100.4 rad_recv: Access-Accept packet from host 192.168.0.102 port 1812, id=120, length=143 Qos-Policing-Profile-Name = 128K_UL Qos-Metering-Profile-Name = 512K_DL Context-Name = Postpaid-VR DHCP-Max-Leases = 1 Forward-Policy = in:nonpayment_redirect_post HTTP-Redirect-Profile-Name = nonpayment_redirect why dont -p sends requests in parallel ? On Tue, Feb 12, 2013 at 7:45 PM, Alan DeKok al...@deployingradius.comwrote: Muhammad Nadeem wrote: thanx alan,, I have configured a proxy server using documentation of 'proxy.conf'. which is proxying requests to 2 home_servers. Yes you are right, may b the tool which I am using (Radius NT client) sending requests in series. Then the test doesn't mean anything. I tried to use Rad Client to send requests in Parallel, but i wasn't succeed. Could you please help me out to send parallel requests to proxy server??? There aren't many good tools available. I did have a tool on the corporate web site (radperf), but that's been taken down for various reasons. You can always use commercial traffic generators. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html