Re: Unlang comparing variable correctly
On Fri, May 03, 2013 at 05:03:41PM +0200, Tyller D wrote: > Hi, > > I am trying to compare a variable in freeradius using unlang but it seems > to not be working correctly, more than likely i've made a mistake but let > me show you. > > ? Evaluating (control:IMS-ActiveDirectory == 0) -> FALSE > ++? if (control:IMS-ActiveDirectory == 0) -> FALSE > ++? if (control:IMS-Timeout < 0) > ? Evaluating (control:IMS-Timeout < 0) -> FALSE > ++? if (control:IMS-Timeout < 0) -> FALSE > ++? elsif (control:IMS-Timeout > 0) > ? Evaluating (control:IMS-Timeout > 0) -> FALSE > ++? elsif (control:IMS-Timeout > 0) -> FALSE > ++? if (control:IMS-Data < 0) > ? Evaluating (control:IMS-Data < 0) -> TRUE > ++? if (control:IMS-Data < 0) -> TRUE > ++- entering if (control:IMS-Data < 0) {...} > expand: %{control:IMS-Data} Voucher Depleated -> 3221197824 Voucher > Depleated > +++[reply] returns noop > +++[reject] returns reject > > > So as you can see it enters entering if (control:IMS-Data < 0) {...}, as it > says that IMS-Data is < 0. Its not, so I echoed out the variable in the > next line and its value is 3221197824... > > The strange thing is if the variable is equal to 2147465216 then it does > not enter that function. > > Why? The value is stored in 4 bytes/signed. Values greater than (2**31)-1 and less than (2**32) are negative, i.e. 3221197824. Cheers, Ken - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Certificate Validation Process
On Tue, Nov 15, 2011 at 01:58:25PM -0600, Whitlow, Michael wrote: > All, > > I have one minor issue to ask the group about. > > Using Freeradius to authenticate 802.1X wireless clients, I noticed that if I > try to connect to the wireless network and I purposely put in a bad password > I still get the popup to validate the server certificate. > > On the other radius implementations I am used to the cert validation does not > happen until after the user is authenticated. I imagine I have something > configured not quite right but I don't know what. > > So, in Freeradius is there a way to change it so the validate server > certificate comes only after successfull authentication? > > > Thanks much, > > Mike > If the server cert is bogus, you should not send any authentication information down a compromised connection. It sounds like it is functioning correctly now and was broken then. Cheers, Ken - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segfaulting with rlm_perl
On Fri, Sep 02, 2011 at 07:16:26PM +0200, Bjørn Mork wrote: > Alan Buxey writes: > > >> Oh, I've experienced lots of them! So many, in fact, that I figured it > >> was a common and well understood occurrence. Let me come up with an > >> easily reproducible example and I'll post the relevant information. > > > > 2.1.11 is out...and 2.1.12 is almost ready for release - does your system > > behave in the same way with 2.1.11? > Are you using a pre-built package for freeradius or one that you have built yourself? Perl can pull in so many different libraries that version differences can result in segfaults. Cheers, Ken - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html