Kris,
Thanks for your help.
Do you think that (1) and (2) in my previous message could be the
reason that freeradius will not authenticate the client?
thanks again.
[EMAIL PROTECTED] wrote:
Send Freeradius-Users mailing list submissions to
freeradius-users@lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than Re: Contents of Freeradius-Users digest...
Today's Topics:
1. FreeRadius EAP-TLS quesitons (Hamid Salim)
2. Re: problem with using rlm_sql for accounting only (John Donagher)
3. Re: problem with using rlm_sql for accounting only (John Donagher)
4. Re: FreeRadius EAP-TLS quesitons (Kris Benson)
5. sql.conf (update query) (Michel B?langer)
6. Re: problem with using rlm_sql for accounting only (Alan DeKok)
7. Hi. Windows RADIUS server died. (Derrick MacPherson)
8. Re: Hi. Windows RADIUS server died. (Alan DeKok)
9. Re: Hi. Windows RADIUS server died. (Derrick MacPherson)
10. Re: how to return multiple attributes from ldap? (kevin)
--
Message: 1
Date: Tue, 9 Aug 2005 13:54:52 -0400 (EDT)
From: Hamid Salim [EMAIL PROTECTED]
Subject: FreeRadius EAP-TLS quesitons
To: freeradius-users@lists.freeradius.org
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=UTF-8
Hello,
Two part question:
1. Is it critical to have certificates, dh and random files in
etc/raddb/certs directory for eap-tls to work.
2. Is it ok to generate random file as date random
thanks a lot.
Hamid.
--
Message: 2
Date: Tue, 09 Aug 2005 13:55:45 -0400
From: John Donagher [EMAIL PROTECTED]
Subject: Re: problem with using rlm_sql for accounting only
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain
On Tue, 2005-08-09 at 00:01 +0200, Nicolas Baradakis wrote:
John Donagher wrote:
If the SQL server is inaccessible (i.e. down, or locked), freeradius
rejects all radius requests. In my case, since the SQL database is
being
used only for accounting, this is not desired behavior.
The link below explains how to control the flow of modules in
FreeRADIUS.
http://www.freeradius.org/radiusd/doc/configurable_failover
There is an example which looks like what you want to do for
accounting.
Thanks, that was exactly what I was looking for!
John
--
Message: 3
Date: Tue, 09 Aug 2005 14:01:11 -0400
From: John Donagher [EMAIL PROTECTED]
Subject: Re: problem with using rlm_sql for accounting only
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain
On Mon, 2005-08-08 at 18:09 -0400, Alan DeKok wrote:
John Donagher [EMAIL PROTECTED] wrote:
If the SQL server is inaccessible (i.e. down, or locked), freeradius
rejects all radius requests. In my case, since the SQL database is
being
used only for accounting, this is not desired behavior.
See the log messages.
What's probably happening is that all of the threads are blocked,
waiting for SQl to respond. Therefore, there are no threads ready to
service authentication requests, and they get discarded.
The solution is to fix the SQL server so it doesn't go down. If
it's a critical part of your infrastructure, I'm a little unsure as to
why it would go down, or lock FreeRADIUS out for many seconds at a
time.
Indeed.. under normal circumstances it wouldn't go down. My issue is
that the SQL server is not a critical part of our infrastructure and I
don't want it to be (at this point anyway). I'm using it for accounting
trend reporting only.. in any event, Nicolas' suggestion was right on
and works like a charm.
Thanks
John
--
Message: 4
Date: Tue, 09 Aug 2005 11:18:10 -0700
From: Kris Benson [EMAIL PROTECTED]
Subject: Re: FreeRadius EAP-TLS quesitons
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Cc: freeradius-users@lists.freeradius.org
Message-ID:
[EMAIL PROTECTED]
Content-Type: text/plain; charset=ISO-8859-1
FreeRadius users mailing list freeradius-users@lists.freeradius.org on
August 9, 2005 at 10:54 -0800 wrote:
Hello,
Two part question:
1. Is it critical to have certificates, dh and random files in
etc/raddb/certs directory for eap-tls to work.
2. Is it ok to generate random file as date random
1. Yes, sort of. You can put it in a different directory if you change
the eap.conf entries.
2. No. This is the correct way:
To generate the dh file you can use a function that comes with openssl
openssl dhparam -check