Re: rlm_exec question

2008-04-18 Thread T Kid82
Anybody know about these two things that I asked? 1. I have log incoming authentication requests set to yes but they do not seem to be getting logged (in the radiusd.log file). Ideally I would like to see the same level of verbosity as the radiusd -X mode gives on standard out in my logs. Is

Re: Possible to limit user access to different types of authentication?

2008-04-18 Thread Alan DeKok
Ryan wrote: Did some further searching on the listing and noticed that it is possible to do a string compared in the authorize and authenticate sections. $ man unlang However running radius in debug mode will return the following error. (Attribute Cisco-AVPair was not found) Because

Re: clients can't authenticate in FR 2.0.3

2008-04-18 Thread Alan DeKok
Gustavo Chavelas wrote: But when I to configure the freeradius-1.1.3-1.2.el5 (rpm) it works fine. My windows XP and CE clients connect without problems, but I need urgently to connect a Windows Vista clients too. You can try upgrading to 1.1.7, which should work with Vista, and will be

Re: rlm_exec question

2008-04-18 Thread Alan DeKok
T Kid82 wrote: 1. I have log incoming authentication requests set to yes but they do not seem to be getting logged (in the radiusd.log file). Ideally I would like to see the same level of verbosity as the radiusd -X mode gives on standard out in my logs. Is there anyway to do that without

Dan Schaffer is out of the office.

2008-04-18 Thread Dan Schaffer
I will be out of the office starting 04/17/2008 and will not return until 04/21/2008. Thank you and have a nice day, Dan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: assert failed event.c and perl performance

2008-04-18 Thread Julien Leloup
Hi, I have re-tested it with the lastes CVS, it's working fine. Thanks for your work on FreeRadius :) Regards, Julien Leloup Axione 130/132 Boulevard Camélinat 92240 MALAKOFF FRANCE Alan DeKok a écrit : Julien Leloup wrote: The same configuration, in FreeRadius 2.0.1 worked fine, but

Re: rlm_perl , unlang and Exec-Wait with Perl

2008-04-18 Thread rsg
Thanks a lot for sharing your experience and ideas Alan. If things are done mainly using SQL, for eg. IP address management, then unlang seems to be doing more or less the same work(easily) a sophisticated Perl script could do. However my question is about performance and about how fast

Re: rlm_perl , unlang and Exec-Wait with Perl

2008-04-18 Thread A . L . M . Buxey
Hi, If things are done mainly using SQL, for eg. IP address management, then unlang seems to be doing more or less the same work(easily) a sophisticated Perl script could do. However my question is about performance and about how fast scalable this kind of a setup compared to a Perl

Vendor-Specific attributes in Modules

2008-04-18 Thread Vincent Arniego
Hi there, I'm working on a module on radius for a Nokia client. Somehow, by dumping, I was able to verify that the Vendor Spcific attrib is using code 1. So I just added this entry in the dictionary.nokia (as there are no code 1 in the present dictionary) I named this attribute Nokia-Avpair

Re: Vendor-Specific attributes in Modules

2008-04-18 Thread Alan DeKok
Vincent Arniego wrote: I'm creating a module that gets the value of these attributes. But for now I'm just testing how to get the values of these attributes. According to the modules wiki http://wiki.freeradius.org/Modules#Accessing_Radius_Request_Attributes I just have to put NOKIA_AVPAIR

Re: rlm_perl , unlang and Exec-Wait with Perl

2008-04-18 Thread Alan DeKok
rsg wrote: However my question is about performance and about how fast scalable this kind of a setup compared to a Perl based system. Perl will almost always be slower, for the simple reason that it has a lot more work to do in order to set up the interpreter, etc. for every request. The

Re: Vendor-Specific attributes in Modules

2008-04-18 Thread Vincent Arniego
Hi Alan, Thanks for the help, it worked. Were getting the attributes But somehow the messages we're getting have that attribute around 3 times in the request. This is from the file were feeding radclient: Nokia-Avpair=ita:ubi=0/0/0/0/0/0/0/0/0/0/0/0/0/0/0/0/0/0/0/0

Re: Vendor-Specific attributes in Modules

2008-04-18 Thread Alan DeKok
Vincent Arniego wrote: But somehow the messages we're getting have that attribute around 3 times in the request. That's allowed in RADIUS. This is from the file were feeding radclient: Nokia-Avpair=ita:ubi=0/0/0/0/0/0/0/0/0/0/0/0/0/0/0/0/0/0/0/0

Re: Vendor-Specific attributes in Modules

2008-04-18 Thread Vincent Arniego
Thanks Alan, I'll take a look at it and hopefully I can get the value. Thanks again! - Original Message From: Alan DeKok [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Friday, April 18, 2008 5:58:23 PM Subject: Re: Vendor-Specific

rlm_perl - authorize - authenticate issue

2008-04-18 Thread Apostolos Pantsiopoulos
Hi, I am using freeradius (rlm_perl) for a VoIP system for a long time now and today I tried to use it for routing purposes as well. In my authorize function of my perl script I am assigning the routing info to $RAD_REPLY : ... my @final_routing = (

OT: EAP-TTLS - Problem with securew2 and Vista

2008-04-18 Thread Sergio Belkin
Hi, Sorry for the Off Topic, I know that I can ask in securew2 forums, but I bet that many of you as radius administrators with Windows clients are using EAP-TTLS with PAP. So, you are using securew2. *** Securew2 works fine with Windows XP. *** Sadly, newers laptops are shipped with a crappy

Re: OT: EAP-TTLS - Problem with securew2 and Vista

2008-04-18 Thread Sergio Belkin
Only a clarification: It happens that many laptops with Vista due a unknown reason (at least for me) prevents that securew2 appears I mean: It happens that many laptops with Vista due a unknown reason (at least for me) prevents that securew2 dialog box appears 2008/4/18, Sergio Belkin [EMAIL

Re: rlm_perl , unlang and Exec-Wait with Perl

2008-04-18 Thread rsg
My particular problem is to compare IP address management(Authorization) (1) 'solely' based on PerlVS (2) SQLIPPOOL + unlang Does it mean that SQLIPPOOL isn't a good choice for large scale deployments requiring scalability faster response time? On Fri, Apr 18, 2008 at

Re: rlm_perl , unlang and Exec-Wait with Perl

2008-04-18 Thread Alan DeKok
rsg wrote: My particular problem is to compare IP address management(Authorization) (1) 'solely' based on PerlVS (2) SQLIPPOOL + unlang Does it mean that SQLIPPOOL isn't a good choice for large scale deployments requiring scalability faster response time? No.

Re: clients can't authenticate in FR 2.0.3

2008-04-18 Thread Gustavo Chavelas
I have tried to configure the 2.0.3 because they said to me in the forum that the VISTA works with a version superior to the 2. With version 2.0.3 or the 2.0.2 it does not allow me to connect nothing. Can't connect XP, VISTA or CE clients. I cannot connect anything. I will try with 1.1.4 or

Re: clients can't authenticate in FR 2.0.3

2008-04-18 Thread Alan DeKok
Gustavo Chavelas wrote: I have tried to configure the 2.0.3 because they said to me in the forum that the VISTA works with a version superior to the 2. Yes. Other people have it working. With version 2.0.3 or the 2.0.2 it does not allow me to connect nothing. Can't connect XP, VISTA or CE

Re: clients can't authenticate in FR 2.0.3

2008-04-18 Thread A . L . M . Buxey
Hi, I have tried to configure the 2.0.3 because they said to me in the forum that the VISTA works with a version superior to the 2. With version 2.0.3 or the 2.0.2 it does not allow me to connect nothing. Can't connect XP, VISTA or CE clients. I cannot connect anything. any 2.x version

Re: OT: EAP-TTLS - Problem with securew2 and Vista

2008-04-18 Thread Charlie B
Hello Sergio, We find (depending on the version of vista) that the bubble doesn't appear however you can have the user enter there information within the profile - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Timeouts

2008-04-18 Thread Ben Wiechman
What are some techniques you all use to try and track down auth timeouts? Is it normal to see some small percentage of auth timeouts on a typical NAS, even if the radius server isn't all that heavily loaded? I am seeing around 2% timeout on my secondary server that is running radius only. This is

Re: Timeouts

2008-04-18 Thread Nicolas Goutte
Am 18.04.2008 um 17:17 schrieb Ben Wiechman: What are some techniques you all use to try and track down auth timeouts? Is it normal to see some small percentage of auth timeouts on a typical NAS, even if the radius server isn't all that heavily loaded? I am seeing around 2% timeout on

Re: OT: EAP-TTLS - Problem with securew2 and Vista

2008-04-18 Thread Sergio Belkin
2008/4/18, Charlie B [EMAIL PROTECTED]: Hello Sergio, We find (depending on the version of vista) that the bubble doesn't appear however you can have the user enter there information within the profile - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

add eap type

2008-04-18 Thread xiningtom_1986
Hello! Today I added a new eap type whose data type is 24. Actually the method is a copy of LEAP.Is there any code oragnization about LEAP in rlm_eap.c? Because when we completed the process of the auth,there was a problem with 4 way handshake.Is the session key between AS and client is not

Re: add eap type

2008-04-18 Thread Alan DeKok
[EMAIL PROTECTED] wrote: Hello! Today I added a new eap type whose data type is 24. Actually the method is a copy of LEAP.Is there any code oragnization about LEAP in rlm_eap.c? Use grep to look through the source code. Alan DeKok. - List info/subscribe/unsubscribe? See

RE: Timeouts

2008-04-18 Thread Ben Wiechman
Just a wild guess: could it be that the server is in some power saving mode and therefore needs too much time either to process the request or to wake-up fully before processing the request? Ben Wiechman Have a nice day! Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr.

Hello, sqlippool error

2008-04-18 Thread 현옥 장
Hello Thank you very much Readme Fedora core 5 freeradius-client-1.1.5.tar.bz2 ./confiugre make make install freeradius-server-2.0.3.tar.gz %configure --prefix=%{_prefix} \     --localstatedir=%{_localstatedir} \     --sysconfdir=%{_sysconfdir} \     --mandir=%{_mandir} \    

the newbie on radiustesting strikes again

2008-04-18 Thread Si St
WILL THE DEFAULT ROUTER FIREWALL CONFIGURATION BELOW WORK WITH THE RADIUS? Below you have the default setup of my router firewall section. I have not changed anything there yet. Could the router firewall stay as this? I have been looking through the SuSE-firewall settings in YaST too, and cannot

FreeRADIUS + 802.1X wireless rollout questions

2008-04-18 Thread Walter Gould
List, Our institution (a 4 yr. state college) is planning on implementing a 802.1X wireless network in the coming months. We have a test network in place now and all seems to be working well. We have two FreeRADIUS servers. We followed the FreeRADIUS Active Directory Integration HOWTO

Re: FreeRADIUS + 802.1X wireless rollout questions

2008-04-18 Thread A . L . M . Buxey
Hi, Questions: 1. Do any of you have feedback/thoughts/experience on how our freeradius server may handle the auth. request load given our situation? we currently deal with 600 concurrent wireless users and 5000 concurrent wired users. the FR shows no sign of stress (after initial tweaks)

Re: the newbie on radiustesting strikes again

2008-04-18 Thread Ivan Kalik
You need to sort out some basic things: - your user sits at the laptop and connects to - what? What service is router controlling? - your router is most likely the only (radius) client on your network. User machines should be removed from clients.conf. - don't use Auth-Type and User-Password.