Re: post-auth not being entered in inner-tunnel
Yup works just fine thanks Rgds Alex On 14 Mar 2013, at 14:22, Matthew Newton wrote: > On Thu, Mar 14, 2013 at 10:10:28AM +, Phil Mayers wrote: >> On 03/14/2013 09:36 AM, Alex Sharaz wrote: >>> so is that done as in post-auth in the inner-tunnel now works? >> >> Should be. Please "git pull" and recompile and confirm. > > It should fully work now. Previously, inner-tunnel post-auth > reject was skipped, so inner post-auth was only called for > success. > > Some confirmation would be useful - I haven't got time to check > right now. > > Cheers, > > Matthew > > > -- > Matthew Newton, Ph.D. > > Systems Specialist, Infrastructure Services, > I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom > > For IT help contact helpdesk extn. 2253, > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: post-auth not being entered in inner-tunnel
On Thu, Mar 14, 2013 at 10:10:28AM +, Phil Mayers wrote: > On 03/14/2013 09:36 AM, Alex Sharaz wrote: > >so is that done as in post-auth in the inner-tunnel now works? > > Should be. Please "git pull" and recompile and confirm. It should fully work now. Previously, inner-tunnel post-auth reject was skipped, so inner post-auth was only called for success. Some confirmation would be useful - I haven't got time to check right now. Cheers, Matthew -- Matthew Newton, Ph.D. Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: post-auth not being entered in inner-tunnel
On 03/14/2013 09:36 AM, Alex Sharaz wrote: so is that done as in post-auth in the inner-tunnel now works? Should be. Please "git pull" and recompile and confirm. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: post-auth not being entered in inner-tunnel
so is that done as in post-auth in the inner-tunnel now works? Rgds Alex On 13 Mar 2013, at 20:14, Arran Cudbard-Bell wrote: > > On 13 Mar 2013, at 13:19, Matthew Newton wrote: > >> On Wed, Mar 13, 2013 at 12:58:15PM -0400, Arran Cudbard-Bell wrote: 00cadac7 >>> >>> Defines the function rad_virtual_server, but doesn't call it >>> from anywhere. Where should that be called? Was there another >>> commit? >> >> Grr, fatfinger paste bug :) >> >>> I'd suggest that either a00c4432 needs backing out, or 00cadac7 >>> and need backporting as well. >> >> should have read: >> >> I'd suggest that either a00c4432 needs backing out, or 00cadac7 >> and c625bf173 need backporting as well. >> >> There are three commits in series that all go together. > > Ok done. Most of it just came over cleanly. > > -Arran > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: post-auth not being entered in inner-tunnel
On 13 Mar 2013, at 13:19, Matthew Newton wrote: > On Wed, Mar 13, 2013 at 12:58:15PM -0400, Arran Cudbard-Bell wrote: >>> 00cadac7 >> >> Defines the function rad_virtual_server, but doesn't call it >> from anywhere. Where should that be called? Was there another >> commit? > > Grr, fatfinger paste bug :) > >> I'd suggest that either a00c4432 needs backing out, or 00cadac7 >> and need backporting as well. > > should have read: > > I'd suggest that either a00c4432 needs backing out, or 00cadac7 > and c625bf173 need backporting as well. > > There are three commits in series that all go together. Ok done. Most of it just came over cleanly. -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: post-auth not being entered in inner-tunnel
On Wed, Mar 13, 2013 at 12:58:15PM -0400, Arran Cudbard-Bell wrote: > > 00cadac7 > > Defines the function rad_virtual_server, but doesn't call it > from anywhere. Where should that be called? Was there another > commit? Grr, fatfinger paste bug :) > I'd suggest that either a00c4432 needs backing out, or 00cadac7 > and need backporting as well. should have read: I'd suggest that either a00c4432 needs backing out, or 00cadac7 and c625bf173 need backporting as well. There are three commits in series that all go together. Cheers! Matthew -- Matthew Newton, Ph.D. Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: post-auth not being entered in inner-tunnel
> 00cadac7 Defines the function rad_virtual_server, but doesn't call it from anywhere. Where should that be called? Was there another commit? -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: post-auth not being entered in inner-tunnel
Hi, On Wed, Mar 13, 2013 at 04:09:55PM +, Alex Sharaz wrote: > On 13 Mar 2013, at 13:05, Olivier Beytrison wrote: > > > On 13.03.2013 12:46, Alex Sharaz wrote: > >> coming in the inner-tunnel deals with them. About a week ago > >> I downloaded the latest 2.2 code from git.freeradius, built > >> that and upgraded one of my FR2.2 servers. Since then I > >> can't see an invocation of post-auth within the inner-tunnel. > >> I can see it for the "default" site but not the inner-tunnel. > >> Everything else seems to work but not that. Same hardware > >> platform, same config files just different FR code. > > > > Sounds weird. But again hard to tell without a radius -X output. Just > > send it here on the list, a complete request output, and maybe the > > relevant virtual-server configuration snippet I hacked around on master in September (see commits 5f03313da, 00cadac7 and c625bf173) to fix up auth.c so that inner-tunnel post-auth worked properly. It looks like Arran may have backported 5f03313da to 2.2 in commit a00c4432, which means that rad_postauth is called from event.c, rather than from auth.c Unfortunately, this also means that the inner-tunnel code needs fixing, as it then won't call post-auth at all. I'd suggest that either a00c4432 needs backing out, or 00cadac7 and need backporting as well. Cheers, Matthew -- Matthew Newton, Ph.D. Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: post-auth not being entered in inner-tunnel
On 13.03.2013 12:46, Alex Sharaz wrote: > Hi, > > I've got a number of FR 2.2.0 servers that invoke sql_log in the inner-tunnel > post-auth in order to write user-name some other attributes into a back end > mysql database server and it all works. If I've got non-eap requests coming > in , the "default" site deals with it. If I've got eap-based requests coming > in the inner-tunnel deals with them. About a week ago I downloaded the latest > 2.2 code from git.freeradius, built that and upgraded one of my FR2.2 > servers. Since then I can't see an invocation of post-auth within the > inner-tunnel. I can see it for the "default" site but not the inner-tunnel. > Everything else seems to work but not that. Same hardware platform, same > config files just different FR code. > > I've generated two radius -X dumps, vsn220.log and vsn221.log on my test > server. The only raw client accessing this server is the switch my mac is > sitting on configured to do macauth and 802.1x on my ethernet port. By > simply disconnecting and reconnecting my mac I've generated a macauth > followed by an 802.1x auth. In both files you can see post-auth being invoked > for the default site. but only the vsn220.log file has a corresponding > post-auth for the inner-tunnel. > > It may be that there's something else I've configured wrong that is only > showing up in van 2.2.1 (ish). Should I be sending these traces to the free > radius list or is there another address I can email them to Sounds weird. But again hard to tell without a radius -X output. Just send it here on the list, a complete request output, and maybe the relevant virtual-server configuration snippet Olivier -- Olivier Beytrison Network & Security Engineer, HES-SO Fribourg Mail: oliv...@heliosnet.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
post-auth not being entered in inner-tunnel
Hi, I've got a number of FR 2.2.0 servers that invoke sql_log in the inner-tunnel post-auth in order to write user-name some other attributes into a back end mysql database server and it all works. If I've got non-eap requests coming in , the "default" site deals with it. If I've got eap-based requests coming in the inner-tunnel deals with them. About a week ago I downloaded the latest 2.2 code from git.freeradius, built that and upgraded one of my FR2.2 servers. Since then I can't see an invocation of post-auth within the inner-tunnel. I can see it for the "default" site but not the inner-tunnel. Everything else seems to work but not that. Same hardware platform, same config files just different FR code. I've generated two radius -X dumps, vsn220.log and vsn221.log on my test server. The only raw client accessing this server is the switch my mac is sitting on configured to do macauth and 802.1x on my ethernet port. By simply disconnecting and reconnecting my mac I've generated a macauth followed by an 802.1x auth. In both files you can see post-auth being invoked for the default site. but only the vsn220.log file has a corresponding post-auth for the inner-tunnel. It may be that there's something else I've configured wrong that is only showing up in van 2.2.1 (ish). Should I be sending these traces to the free radius list or is there another address I can email them to Rgds Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
