Re: Unlang comparing variable correctly
On Fri, May 03, 2013 at 05:03:41PM +0200, Tyller D wrote:
> Hi,
>
> I am trying to compare a variable in freeradius using unlang but it seems
> to not be working correctly, more than likely i've made a mistake but let
> me show you.
>
> ? Evaluating (control:IMS-ActiveDirectory == 0) -> FALSE
> ++? if (control:IMS-ActiveDirectory == 0) -> FALSE
> ++? if (control:IMS-Timeout < 0)
> ? Evaluating (control:IMS-Timeout < 0) -> FALSE
> ++? if (control:IMS-Timeout < 0) -> FALSE
> ++? elsif (control:IMS-Timeout > 0)
> ? Evaluating (control:IMS-Timeout > 0) -> FALSE
> ++? elsif (control:IMS-Timeout > 0) -> FALSE
> ++? if (control:IMS-Data < 0)
> ? Evaluating (control:IMS-Data < 0) -> TRUE
> ++? if (control:IMS-Data < 0) -> TRUE
> ++- entering if (control:IMS-Data < 0) {...}
> expand: %{control:IMS-Data} Voucher Depleated -> 3221197824 Voucher
> Depleated
> +++[reply] returns noop
> +++[reject] returns reject
>
>
> So as you can see it enters entering if (control:IMS-Data < 0) {...}, as it
> says that IMS-Data is < 0. Its not, so I echoed out the variable in the
> next line and its value is 3221197824...
>
> The strange thing is if the variable is equal to 2147465216 then it does
> not enter that function.
>
> Why?
The value is stored in 4 bytes/signed. Values greater than (2**31)-1 and
less than (2**32) are negative, i.e. 3221197824.
Cheers,
Ken
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Certificate Validation Process
On Tue, Nov 15, 2011 at 01:58:25PM -0600, Whitlow, Michael wrote: > All, > > I have one minor issue to ask the group about. > > Using Freeradius to authenticate 802.1X wireless clients, I noticed that if I > try to connect to the wireless network and I purposely put in a bad password > I still get the popup to validate the server certificate. > > On the other radius implementations I am used to the cert validation does not > happen until after the user is authenticated. I imagine I have something > configured not quite right but I don't know what. > > So, in Freeradius is there a way to change it so the validate server > certificate comes only after successfull authentication? > > > Thanks much, > > Mike > If the server cert is bogus, you should not send any authentication information down a compromised connection. It sounds like it is functioning correctly now and was broken then. Cheers, Ken - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segfaulting with rlm_perl
On Fri, Sep 02, 2011 at 07:16:26PM +0200, Bjørn Mork wrote: > Alan Buxey writes: > > >> Oh, I've experienced lots of them! So many, in fact, that I figured it > >> was a common and well understood occurrence. Let me come up with an > >> easily reproducible example and I'll post the relevant information. > > > > 2.1.11 is out...and 2.1.12 is almost ready for release - does your system > > behave in the same way with 2.1.11? > Are you using a pre-built package for freeradius or one that you have built yourself? Perl can pull in so many different libraries that version differences can result in segfaults. Cheers, Ken - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
