Re: Re [How to use Listen directive in inner tunnel virtual server]
Thomas Fagart wrote: > I've tried 2.1.x. (2.1.11) > > Seems to work well but after an hour of working > > I've got the following > > Apr 10 22:20:50 vma-prdaut-08 radiusd[65766]: Exiting due to internal > error: Failed in select: Invalid argument > Apr 10 22:20:50 vma-prdaut-08 radiusd[65766]: Exiting due to internal > error: Failed in select: Invalid argument My guess is you're running FreeBSD, and possibly in a VM? The issue seems to be that the system time goes up and down... FreeRADIUS expects time to increase, and when it doesn't, it passes a negative "wait time" to the select() function. This isn't nice, so select() complains. The fix is to double-check the times, and limit them at some reasonable value. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re [How to use Listen directive in inner tunnel virtual server]
I've tried 2.1.x. (2.1.11) Seems to work well but after an hour of working I've got the following Apr 10 22:20:50 vma-prdaut-08 radiusd[65766]: Exiting due to internal error: Failed in select: Invalid argument Apr 10 22:20:50 vma-prdaut-08 radiusd[65766]: Exiting due to internal error: Failed in select: Invalid argument Apr 10 22:20:50 vma-prdaut-08 radiusd[65766]: rlm_sql (sql): Closing sqlsocket 4 Apr 10 22:20:50 vma-prdaut-08 radiusd[65766]: rlm_sql (sql): Closing sqlsocket 3 Apr 10 22:20:50 vma-prdaut-08 radiusd[65766]: rlm_sql (sql): Closing sqlsocket 2 Apr 10 22:20:50 vma-prdaut-08 radiusd[65766]: rlm_sql (sql): Closing sqlsocket 1 Apr 10 22:20:50 vma-prdaut-08 radiusd[65766]: rlm_sql (sql): Closing sqlsocket 0 Seems to be linked to mysql ?, after that radiusd died. I'll try to provide output from radiusd -X in developper mode. Thomas On 10/04/2011 09:20, Alan DeKok wrote: Thomas Fagart wrote: Then I would wait for 2.1.11, or do you thing it's ok to use git "release" in Production Yes. Use the v2.1.x branch from git. It's fine. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [How to use Listen directive in inner tunnel virtual server]
Thomas Fagart wrote: > > Then I would wait for 2.1.11, or do you thing it's ok to use git > "release" in Production Yes. Use the v2.1.x branch from git. It's fine. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [How to use Listen directive in inner tunnel virtual server]
Thomas Fagart wrote: The server where it is located has two IP interfaces and even worse on one of the interface we're using IP aliasing :-) I've notice that freeradius always use the same IP to proxy from inner tunnel. I know that I could use the listen directive in radiusd.conf (and that's what I've done) to force freeradius to choose the correct IP to proxy. Even better, use the latest version of the server. It supports a "src_ipaddr" for each home server. This forces the server to open a socket using a particular address. That looks great, but 2.1.10 is not working properly on my environment (you've corrected something in git commit 5849d7aa69) Then I would wait for 2.1.11, or do you thing it's ok to use git "release" in Production branch. But this does not seems to work for inner-tunnel proxyfication. That might be true for 2.1.6. For later versions, probably not. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [How to use Listen directive in inner tunnel virtual server]
Thomas Fagart wrote: > The server where it is located has two IP interfaces and even worse on > one of the interface we're using IP aliasing :-) > > I've notice that freeradius always use the same IP to proxy from inner > tunnel. > > I know that I could use the listen directive in radiusd.conf (and that's > what I've done) to force freeradius to choose the correct IP to proxy. Even better, use the latest version of the server. It supports a "src_ipaddr" for each home server. This forces the server to open a socket using a particular address. > But this does not seems to work for inner-tunnel proxyfication. That might be true for 2.1.6. For later versions, probably not. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[How to use Listen directive in inner tunnel virtual server]
Hello, We're using freeradius 2.1.6 as a proxy server. It receives authentication/accounting from Wimax NAS/ASN Gateway, (EAP/TTLS), send it to inner tunnel, and then proxy to customer home server. The server where it is located has two IP interfaces and even worse on one of the interface we're using IP aliasing :-) I've notice that freeradius always use the same IP to proxy from inner tunnel. I know that I could use the listen directive in radiusd.conf (and that's what I've done) to force freeradius to choose the correct IP to proxy. But this does not seems to work for inner-tunnel proxyfication. Do you have any ideas how I could do that ( e g use two differents sources IP to do the proxification). Thanks Thomas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: listen directive
Joe Vieira wrote: > Is it possible to have radius listen on multiple (but not all) ip's / > interfaces on a server? >> Yes. Use multiple "listen" directives. thanks Joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: listen directive
Joe Vieira wrote: > Is it possible to have radius listen on multiple (but not all) ip's / > interfaces on a server? Yes. Use multiple "listen" directives. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
listen directive
Is it possible to have radius listen on multiple (but not all) ip's / interfaces on a server? Joe Vieira UNIX Systems Administrator Clark University - ITS 508.793.7287 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: New "listen" directive
hello. is there anyone here who knows the error from radius that says user profile not found or deactive login name? milver - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: New "listen" directive
Dennis Skinner <[EMAIL PROTECTED]> wrote: > > e.g. You can make the server listen on 2 IP's of a machine, but not > > a third. > > What address will it send the reply packet on?www The one it came in on. The server opens a different socket for each "listen" directive. Any request received on a socket has the response sent out the same socket. > I've noticed that my > servers tend to respond on eth0 when bind=* even if the request came in > on eth0:1. That's what --with-udpfromto is for, when you set "bind_address=*" The new "listen" directive makes the --with-udpfromto less critical. > Is there an option like Bind's (DNS) "query-source address"? Nope. There's no need. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: New "listen" directive
On Tue, 2004-04-06 at 16:23, Alan DeKok wrote: > I've just added a "listen" directive to the current CVS snapshot. > This lets the administrator control the IP address, port, and packet > types which the server listens for. > > e.g. You can make the server listen only to authentication requests, > but not accounting requests. > > e.g. You can make the server listen on 2 IP's of a machine, but not > a third. What address will it send the reply packet on? I've noticed that my servers tend to respond on eth0 when bind=* even if the request came in on eth0:1. Is there an option like Bind's (DNS) "query-source address"? Thanks for all the hard work! -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: New "listen" directive
Kevin Bonner <[EMAIL PROTECTED]> wrote: > Awesome! I thought it would be useful. The idea's been kicking around in my head for a while, and I finally managed to get is simple, clean, and neat. > Will there be a proxy type added, or will the proxy port just be a port >= > auth_port? There's a proxy type internally, but i'm not sure if it should be under user control in the configuration file. What's the benefit? > At the moment, the proxy FD isn't opened if using the listen > directives. "using ONLY" the listen directives". If you use "bind_address", the proxy port should be opened. I'll poke at it, to get it to open a proxy port when "bind_address" isn't use. > Other than that, everything else seems to be working so far. I was a little concerned. I did some testing to be sure nothing broke (like losing packets on HUP), but I feel better when other people can test it in larger systems. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: New "listen" directive
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tuesday 06 April 2004 22:00, Kevin Bonner wrote: > On Tuesday 06 April 2004 16:23, Alan DeKok wrote: > > I've just added a "listen" directive to the current CVS snapshot. > > This lets the administrator control the IP address, port, and packet > > types which the server listens for. > > > > e.g. You can make the server listen only to authentication requests, > > but not accounting requests. > > > > e.g. You can make the server listen on 2 IP's of a machine, but not > > a third. > > Awesome! > > Will there be a proxy type added, or will the proxy port just be a port > > auth_port? At the moment, the proxy FD isn't opened if using the listen > directives. Bah! Yet again I speak before fully testing. I didn't see a port open specifically for proxying, so just assumed...and we all know that assumption is the mother of . I'm sure you can fill in the rest. I'll go sit in the corner now. - - Kevin -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAc2Rx/9i/ml3OBYMRAhhPAKCcboU3rtuqYRYB7+WKu7yjcF31sACeP/uG fU+IdL+MZv8NfLzkxF2+cKI= =MeBd -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: New "listen" directive
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tuesday 06 April 2004 16:23, Alan DeKok wrote: > I've just added a "listen" directive to the current CVS snapshot. > This lets the administrator control the IP address, port, and packet > types which the server listens for. > > e.g. You can make the server listen only to authentication requests, > but not accounting requests. > > e.g. You can make the server listen on 2 IP's of a machine, but not > a third. Awesome! Will there be a proxy type added, or will the proxy port just be a port > auth_port? At the moment, the proxy FD isn't opened if using the listen directives. Other than that, everything else seems to be working so far. Kevin Bonner -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAc2Co/9i/ml3OBYMRAlTKAJ4qj2UAaTjez+X77t1R8EUnxD5upwCgkbB5 SztbiEN+uoosG1YKNeUICXg= =feeo -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
New "listen" directive
I've just added a "listen" directive to the current CVS snapshot.
This lets the administrator control the IP address, port, and packet
types which the server listens for.
e.g. You can make the server listen only to authentication requests,
but not accounting requests.
e.g. You can make the server listen on 2 IP's of a machine, but not
a third.
The old "bind_address" and "port" configurations still work, but
"listen" is better. You can comment those old entries, and do things
like:
listen {
ipaddr = 127.0.0.1
port = 1812
type = auth
}
listen {
ipaddr = 127.0.0.1
port = 1813
type = acct
}
listen {
ipaddr = 1.2.3.4
port = 1812
type = auth
}
This accepts auth+acct packets from localhost, but only auth packets
sent to 1.2.3.4.
Happily, this feature also simplifies some of the bad code in the
server core, so it's a nice change.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
