Re: Thank you and Diameter question
Do you know if Traffix Openblox also support RADIUS ? > It seems a great Open Source Diameter stack, but do they have RADIUS also ? > Thanks In advance > > RP > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thank you and Diameter question
Hi People First thank you, I been reading this mailing list for some time and I found it great source of help I want to share some info with you and than ask a question We are slowly moving here into Java and starting to have Diameter requirements I found OpenBloX Java Diameter a great source of help (i think its GPL)and it seems to meet our requirements (* http://sourceforge.net/projects/openblox/**) * as anyone else been using it, I will be happy for some feedback I guess this is the right place for a feedback with so many AAA gurus around J so sorry again for my post Thanks In advance RP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: concurrency query
It was just a wild grep :( in rlm_eap folder. Thanks once again Alan. On 10/22/07, Alan DeKok <[EMAIL PROTECTED]> wrote: > > Punith Raj wrote: > > I have a doubt regarding concurrency in freeradius. If freeradius > > recives an eap-sim packets while it is authenticating one currently, > > will the new packet ll' wait for the prior to complete or both ll be > > authenticated simultaniously. > > The server can process requests independently in each thread. This is > true for all modules and methods (subject to some thread locks). > > > I could see thread implementation in > > eapsim directory but just wanted to make sure once. > > There is no threading code in the EAP-SIM code. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Regards Punith - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
concurrency query
Hi all I have a doubt regarding concurrency in freeradius. If freeradius recives an eap-sim packets while it is authenticating one currently, will the new packet ll' wait for the prior to complete or both ll be authenticated simultaniously. I could see thread implementation in eapsim directory but just wanted to make sure once. Thanks in advance -- Regards Punith - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Tesing Freeradius
well if u are testing freeradius with NTRADPING then this wat i did some
time back
*add the following in user file*
# Framed-MTU = 1500,
# Framed-Compression = Van-Jacobsen-TCP-IP
###punith added this for testing#
*punith Cleartext-Password := "test123"
root Cleartext-Password := "root123"
dam Cleartext-Password := "dam123"
*#
#
# This is an entry for a user with a space in their name.
*add the following in radius.conf*
# sql
#punith added this for testing#
*etc_group
*###
#
# If you are using /etc/smbpasswd, and are also doing
*add the following in the client file*
# password= someadminpas
}
#client some.host.org {
# secret = testing123
# shortname = localhost
#}
punith added this for testing###
*client 172.22.55.222 {
secret = mysec
shortname = punith
}
client 172.22.54.64 {
secret = mysec
shortname = punith
}
client 172.22.55.10 {
secret = mysec
shortname = root
}
client 10.19.1.237 {
secret = mysec
shortname = root
}
*##end###
#
# You can now specify one secret for a network of clients.
Then i used NT radping with the following parameters
radius secret --> mysec
user -->root
password -- > root123
hope this helps u !
I am not sending this to mail list cos i am not sure abt it but i got this
through googling
or use this
radtest punith test123 1812 mysec
if no nas then just put 10
*radtest punith test123 1812 mysec 10*
regards
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: openikev2 interface
Alan First of all i apologize for my late reply . I dont remember exactly but openswan and strongswan were not supporting EAP payload when we started this project. Our project demands EAP-SIM. Strongswan has added this feature recently i guess. By interface i ment that the EAP-SIM payload to be forwarded to Freeradius server then the response back to the client, but through the secure tunnel of ikev2. Tunnel |--||-|- -- -|-| | client | openikev2|-| openikev2 | AAA | | | |-| | | | || [ EAP-SIM]--> | | | |--|| |--|-| On 7/8/07, Alan DeKok <[EMAIL PROTECTED] > wrote: > > Punith Raj wrote: > > Is it possible to have an interface between openikev2 and > > freeradius ?. > > To do... what? > > > We need to do this for our project called *Unlicensed > > Mobile Access * (*UMA*) where AAA server i.e freeradius receives > > packets from its clients in a secure tunnel implemented with > > openikev2.Has any one tried it before. > > Most people just use Openswan for this. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: openikev2 interface
Oh ! does it mean that I have to use radius client libraries and develop an interface? Well the project is not opensource but at the same time it not for commercial purpose either. We are on to it to gain some knowledge in the domain. If we succeed to bring up the setup i ll propose to my manager to make it opensource. On 7/8/07, Peter Nixon <[EMAIL PROTECTED]> wrote: On Sun 08 Jul 2007, Punith Raj wrote: > Hi All > > Is it possible to have an interface between openikev2 and > freeradius ? Yes. You should start with http://wiki.freeradius.org/Radiusclient It should be relatively easy to implement > We need to do this for our project called *Unlicensed Mobile > Access* (*UMA*) where AAA server i.e freeradius receives packets from its > clients in a secure tunnel implemented with openikev2.Has any one tried it > before. > Any help regarding this ll be appreciated. Nice project. Will it be open source? -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
openikev2 interface
Hi All Is it possible to have an interface between openikev2 and freeradius ?.We need to do this for our project called *Unlicensed Mobile Access* (*UMA*) where AAA server i.e freeradius receives packets from its clients in a secure tunnel implemented with openikev2.Has any one tried it before. Any help regarding this ll be appreciated. Regards Punith - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Free Radius compatible with Oracle 9.2.0.7?
Title: Free Radius compatible with Oracle 9.2.0.7? Hi, I'm running freeradius1.0.2 and the database is Oracle 9.2.0.3. Planning to upgrade to Oracle 9.2.0.7. Are there any compatibility issues with this, or are these two completely compatible with each other? Appreciate the advice in advance. Rog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius Sending Rollback Message?
Title: Radius Sending Rollback Message?
Radius Sending Rollback Message
A rather curious scenario of events:
In our setup of Radius, we use an Oracle database. Ordinarily, when NAS sends Accounting Start messages to Radius, Radius sends Update messages to Oracle. Periodically, something odd happens - Radius sends a Rollback message to Oracle which undoes the Update. This Rollback message is really not wanted as the Oracle DB doesnt get updated, but I havent got a clue why this happens. Please let me know if you've seen this before or if you know why this would happen. Help greatly appreciated.
Some more details are below.
(Radius-Oracle communicate with:
Data Manipulation Language (DML) consists of UPDATEs, INSERTs and MERGEs.
Transaction Control consists of COMMIT, SAVEPOINT, ROLLBACK and SET TRANSCATION.)
Here are the two failing sessions, (containing 4 UPDATE messages from the radius server) that did not successfully update the oracle DB.
UPDATE radacct SET Status = 1, NASIPAddress = '10.10.32.4', AcctStartTime = to_d
ate('2005-11-18 14:12:21','-MM-DD HH24:MI:SS'), CalledStationId = 'wx', XDI
AL= '213.55.204.140', FramedIPAddress= '10.12.33.152' WHERE CallingStationId =
'8380323'
UPDATE radacct SET Status = 0 , AcctStopTime = to_date('2005-11-18 14:28:20','Y
YYY-MM-DD HH24:MI:SS') WHERE CallingStationId = decode('8380323','', '0
00', '8380323')
UPDATE radacct SET Status = 1, NASIPAddress = '10.10.32.4', AcctStartTime = to_d
ate('2005-11-18 14:29:10','-MM-DD HH24:MI:SS'), CalledStationId = 'wx', XDI
AL= '213.55.204.140', FramedIPAddress= '10.12.23.199' WHERE CallingStationId =
'8380323'
UPDATE radacct SET Status = 0 , AcctStopTime = to_date('2005-11-18 15:13:04','Y
YYY-MM-DD HH24:MI:SS') WHERE CallingStationId = decode('8380323','', '0
00', '8380323')
The Oracle DB listener trace for the first message shows the DML was received ok but the end of a trace shows a ROLLBACK (this undoes all the DMLs since the last COMMIT was sent). Details:
UPDATE radacct SET Status = :"SYS_B_0", NASIPAddress = :"SYS_B_1",
AcctStartTime = to_date(:"SYS_B_2",:"SYS_B_3"), CalledStationId =
:"SYS_B_4", XDIAL= :"SYS_B_5", FramedIPAddress = :"SYS_B_6"
WHERE
CallingStationId =:"SYS_B_7"
call count cpu elapsed disk query current rows
--- -- -- -- -- -- --
Parse 1 0.00 0.00 0 0 0 0
Execute 1 0.01 0.00 2 3 14 1
Fetch 0 0.00 0.00 0 0 0 0
--- -- -- -- -- -- --
total 2 0.01 0.01 2 3 14 1
Misses in library cache during parse: 1
Optimizer goal: CHOOSE
Parsing user id: 162
Rows Row Source Operation
--- ---
1 UPDATE
1 INDEX UNIQUE SCAN PK_RADACCT (object id 622971)
SELECT CallingStationId,
FramedIpAddress
from radius.radacct
where rowid = :b1
and Status = 1
call count cpu elapsed disk query current rows
--- -- -- -- -- -- --
Parse 1 0.00 0.00 0 0 0 0
Execute 1 0.00 0.00 0 0 0 0
Fetch 1 0.00 0.00 0 1 0 1
--- -- -- -- -- -- --
total 3 0.00 0.00 0 1 0 1
Misses in library cache during parse: 0
Optimizer goal: CHOOSE
Parsing user id: 162 (recursive depth: 1)
Rows Row Source Operation
--- ---
1 TABLE ACCESS BY USER ROWID RADACCT
UPDATE radius.radacct
set Status = 0
where Status = 1
and FramedIpAddress = :b2
and CallingStationId != :b1
call count cpu elapsed disk query current rows
--- -- -- -- -- -- --
Parse 1 0.00 0.00 0 0 0 0
Execute 1 0.03 0.04 0 2066 0 0
Fetch 0 0.00 0.00 0 0 0 0
-
pls igonre my previous email.. that was meant for Alan DeKok
pls igonre my previous email.. that was meant for Alan DeKok --- Alan DeKok <[EMAIL PROTECTED]> wrote: > "David Mitton" <[EMAIL PROTECTED]> wrote: > > there is the OpenDiameter project which is > more of a tool kit, but you can put together a > server from it. A number of people have. > > http://www.opendiameter.org/ > > Yes, and Wire diameter is a server that's based on > OpenDiameter. > > > And there are a couple commerical servers; > including HP and Interlink > > Are there *clients*? I can't think of a widely > used diameter > client, which makes the server implementations less > than useful. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Is there a way to get the responses to ONLY your posting on this mailing list??
Is there a way to get the responses to ONLY your posting on this mailing list?? I looked into various options. Looks like there's a disable Option which will disable all posts to this mailing list. --- Alan DeKok <[EMAIL PROTECTED]> wrote: > "David Mitton" <[EMAIL PROTECTED]> wrote: > > there is the OpenDiameter project which is > more of a tool kit, but you can put together a > server from it. A number of people have. > > http://www.opendiameter.org/ > > Yes, and Wire diameter is a server that's based on > OpenDiameter. > > > And there are a couple commerical servers; > including HP and Interlink > > Are there *clients*? I can't think of a widely > used diameter > client, which makes the server implementations less > than useful. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > __ Yahoo! Music Unlimited Access over 1 million songs. Try it free. http://music.yahoo.com/unlimited/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
effort required to create passwd DB nsswitch lookup using AAA server..
Currently, there's LDAP lookup support for passwd DB in nsswitch.conf. I don't think similar service exist for AAA server lookup for passwd DB in nsswitch. How much effort is required to accomplish this. Any pointers are apprecaited... --- Raj <[EMAIL PROTECTED]> wrote: > If I have a Radius client setup on a RHEL 4.0 linux > with pam_auth_radius module > active for telnet/ssh service, do I need to create > a > linux user (with no passwd) that > is same as the Radius user for this authentication > to > work? > This is assuming "sufficient" control flag for > pam_radius_auth as the very first > entry in the related service files under /etc/pam.d > dir. > > > Basically, I don't want to create a user account on > AAA client machine but only on AAA server. Is there > a > way I can accomplish this using pam_auth_radius and > nsswitch.conf ? i.e if there's a way to specify AAA > server lookup for passwd DB in nsswitch.conf? > > > > __ > Yahoo! Mail - PC Magazine Editors' Choice 2005 > http://mail.yahoo.com > __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
about pam_radius_auth.so module and creating user accounts on AAA client..
If I have a Radius client setup on a RHEL 4.0 linux with pam_auth_radius module active for telnet/ssh service, do I need to create a linux user (with no passwd) that is same as the Radius user for this authentication to work? This is assuming "sufficient" control flag for pam_radius_auth as the very first entry in the related service files under /etc/pam.d dir. Basically, I don't want to create a user account on AAA client machine but only on AAA server. Is there a way I can accomplish this using pam_auth_radius and nsswitch.conf ? i.e if there's a way to specify AAA server lookup for passwd DB in nsswitch.conf? __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
