Re: [RADIATOR] on Windows Server ?

2013-11-13 Thread Johnson, Neil M 
Heikki,

Can you specify more than one SYSLOG host to send messages to ?

We would like to send messages to two different servers for redundancy.

I tried adding a second IP address to the LogHost attribute, but it
doesn't seem to work.

For  I just created a second  section with a
different Identifier pointing at the other server, but that seems kind of
inelegant.

Thanks.

-Neil

-- 
Neil Johnson
Network Engineer
The University of Iowa
Phone:  +1 319 384-0938 
Fax:+1 319 335-2951 
E-Mail: neil-john...@uiowa.edu

Lync:   neil-john...@uiowa.edu 






On 11/11/13 3:08 PM, "Mueller, Jason C"  wrote:

>It looks like upgrading Perl is our fix. Now on to upgrading everything.
>:-(
>
>It could be worse, so I will be happy that a Perl upgrade seems to have
>fixed the issue.
>
>-Jason
>
>
>On Nov 8, 2013, at 9:15 AM, Heikki Vatiainen  wrote:
>
>> On 11/05/2013 09:22 PM, Mueller, Jason C wrote:
>> 
>>> The syslog server is configured to accept messages of all priorities.
>>>While performing a packet capture on the Radiator host, we do not see
>>>the messages go out.
>> 
>> Hello Jason,
>> 
>> I have tried a AuthLog SYSLOG on Windows 2003, 2008 and 2012 servers and
>> Windows 7. The all seem to work with ActivePerl 5.14.4 and Sys::Syslog
>> 0.32 that comes with it.
>> 
>> Which Radiator version you are using? If you search from Syslog on this
>> page:
>> http://www.open.com.au/radiator/history.html
>> 
>> E.g., Radiator 4.10 has fixes to make sure multiple Syslog users
>> AuthLog, Log, etc. work correctly.
>> 
>> Also, if you could try one configuration change, see below, you can
>> check if debug messages are sent to the syslog server.
>> 
>> 
> 
>   Identifier syslog
>   LogSock udp
>   LogHost IP_ADDRESS_OF_REMOTE_HOST
>   Facility local5
>> 
>> These options look fine. If you add 'Trace 4', radiusd generates plenty
>> of messages to see if anything gets out.
>> 
>> Thanks,
>> Heikki
>> 
>> 
> 
> 
> 
>   Identifier authsyslog
>   LogSock udp
>   LogHost IP_ADDRESS_OF_REMOTE_HOST
>   Facility local5
>   SuccessFormat %H:%M:%S | %{Calling-Station-Id} | %u | OK | NAS-IP %N
>   FailureFormat %H:%M:%S | %{Calling-Station-Id} | %u | FAIL: %1 |
>NAS-IP %N
> 
>> 
>> -- 
>> Heikki Vatiainen 
>> 
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
>> NetWare etc.
>> ___
>> radiator mailing list
>> radiator@open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>
>___
>radiator mailing list
>radiator@open.com.au
>http://www.open.com.au/mailman/listinfo/radiator

___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Net::LDAPS problem with Active Directory on port 636

2013-11-13 Thread Heikki Vatiainen 
On 11/13/2013 04:02 AM, Klara Mall wrote:

> Don't know if these fixes are ok, but they show where the problem
> resides.

Yes, that is very impressive work. My understanding is 1.74 (Debian
wheezy) does not work and needs the fix but 1.33 (Debian squeeze) works.
There's the possibility that the Debian patches have changed something,
but my understanding is they actively push their patches to upstream
authors, so I think it is a good idea to contact Steffen and let him
know about this.

> I want to report this to the module maintainers. Please tell if I'm
> wrong somewhere.

I think the module maintainer should be let known of this problem and
can tell if there's a problem. It's quite likely he can quickly tell if
and what kind of fix is needed.

I guess mixing successive direct SSL/TLS connections with plain text +
start TLS within one process is not very often done and this has
remained uncovered so far.

> As for my radiator configuration I will reconsider it. I think I
> will find a way to only use SSL so that I have no mix of SSL and
> TLS.

Please let us know how it goes and what additional information you get
from module maintainers.

> BTW: I just verified: with libnet-ldap-perl from Debian squeeze it
> works. As it seems the reason is that the part of the
> IO::Socket::SSL code with the identity is not used (no DEBUG
> output for this).

This should narrow down the work to find the change that caused the problem.

Thanks,
Heikki

-- 
Heikki Vatiainen 

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator