Hi,
I was just wondering why the Makefile in freeradius 2.0 for creating
certificates only produces a CA which is valid for 1 month. I don't reckon
that's handy for production use.
Is there any particular reason? Changing the ca.cnf file doesn't change it?
Adding -days 3650 to the Makefile
Hello
I am trying to use mod_radius on ubuntu.
But i am getting error:
Invalid command 'AddModule', perhaps misspelled or defined by a module not
included in the server configuration.
When i comment out the line with AddModule from httpd.conf i got the
following error message.
Invalid command
hi,
specifically this isnt a mod_radius problem - its
a 'how to configure apache for my distro' problem.
ubuntu have split their config into 'enabled
modules' which are then called into play
read a suitable document to find how to get the
module incorporated into your apache 2.2.x install
eg
Hello Ivan,
How do I get it to spit it out after the change?
I can get it prior to:
rlm_perl: RAD_REQUEST: NAS-Port-Type = Ethernet
rlm_perl: RAD_REQUEST: Service-Type = Framed-User
rlm_perl: RAD_REQUEST: Calling-Station-Id = 00-15-C5-02-39-99
rlm_perl: RAD_REQUEST: Called-Station-Id =
Hello Alan,
I changed the script, as per your indication to return MODULE_UPDATED rather
than OK and get the following:
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Calling-Station-Id = 00-15-C5-02-39-99
rlm_perl: Added pair
Hi,
thoughts on where to go from here to get this not to alter the username and
just lc it
but its not altering (apart from LC'ing it) - as your other
post shows.
throw the daemon some uppercased username (eg with 'radtest' tool)
and check the debugging to see what you see from PERL
alan
-
but its not altering (apart from LC'ing it) - as your other
post shows.
Hi Alan, it is lc'ing it, however it is also moving the r from the
beginning of the username to the end of the username, which is what Im
trying to stop
-
List info/subscribe/unsubscribe? See
Post the full debug for a radtest request with uppercase username. That
logging function should go before you work with attributes. debug
already logs what comes after.
Ivan Kalik
Kalik Informatika ISP
Dana 22/9/2008, Charlie B [EMAIL PROTECTED] piše:
but its not altering (apart from LC'ing
Hi,
Hi Alan, it is lc'ing it, however it is also moving the r from the
beginning of the username to the end of the username, which is what Im
trying to stop
..and from what you've posted so far, I'd say it isnt
moving it. wheres the other upper case tests and debug
as per requested?
alan
-
On Tue, Sep 09, 2008 at 03:28:15PM -0600, Greg Woods wrote:
On Tue, 2008-09-09 at 15:24 -0400, John Dennis wrote:
Wildcards passed to commands must always be quoted or escaped
Well, no, not always any more. If I did something like cd /root first,
then the yum commands work just fine. It's
sphaero wrote:
I was just wondering why the Makefile in freeradius 2.0 for creating
certificates only produces a CA which is valid for 1 month. I don't reckon
that's handy for production use.
They are test certificates. For production use you need to edit the
OpenSSL configuration files.
Charlie B wrote:
Hi Alan, it is lc'ing it, however it is also moving the r from the
beginning of the username to the end of the username, which is what Im
trying to stop
I think it's a bug in the code. Please try the current git tree. See
git.freeradius.org for instructions on grabbing a
Post the full debug for a radtest request with uppercase username. That
logging function should go before you work with attributes. debug
already logs what comes after.
Hello Ivan,
Here is the debug using radtest
radtest RadUser [EMAIL PROTECTED] localhost 10 testing123
FreeRADIUS Version
Hi Alan,
I run the same config (as previous post) which works as you indicated (and
Ivan) with radtest however when I use a windows client this is what I
get and the rearrangement of the username
rad_recv: Access-Request packet from host 10.0.1.9 port 1645, id=203,
length=139
Here is the debug using radtest
radtest RadUser [EMAIL PROTECTED] localhost 10 testing123
..
rlm_perl: RAD_REQUEST: User-Name = RadUser
..
rlm_perl: Added pair User-Name = raduser
..
Sending Access-Accept of id 225 to 127.0.0.1 port 38149
Tunnel-Medium-Type:0 = IEEE-802
Hi,
User-Name = \\raduser
^
ha. okay. with just a plain username you are safe,
but with this windows case, you are dealing with
\r - which is a special character. its getting
borked elsewhere. to verify this use another
username that cannot be a
Alan DeKok-2 wrote:
sphaero wrote:
I was just wondering why the Makefile in freeradius 2.0 for creating
certificates only produces a CA which is valid for 1 month. I don't
reckon
that's handy for production use.
They are test certificates. For production use you need to edit the
It's not exactly a bug in openSSL. Just weirdness:
openssl req command options:
-days n
when the -x509 option is being used this specifies the number of days to
certify the certificate for. The default is 30 days.
It looks like default_days setting in ca.cnf is irrelevant.
Ivan Kalik
Kalik
thanks
-
radtest luis x 127.0.0.1 0 123
Sending Access-Request of id 189 to 127.0.0.1 port 1812
User-Name = luis
User-Password = x
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Reject packet from host
Hi,
now im receiving this
edit
ERROR: Unknown value specified for Auth-Type. Cannot perform requested
action.
auth: Failed to validate the user.
WARNING: Unprintable characters in the password. ? Double-check the shared
secret on the server and the NAS!
snip!
you are still
radtest luis x 127.0.0.1 0 123
Default shared secret for localhost is testing123, not 123. That will
take care of:
WARNING: Unprintable characters in the password. ? Double-check the shared
secret on the server and the NAS!
radtest sends a pap request. You want to test mschap. You can set up
sphaero wrote:
Well according to your site the instructions are for production use.
And according to the email which you quoted:
Is there any particular reason? Changing the ca.cnf file doesn't
change it?
Maybe it's a bug in OpenSSL.
But you deleted that portion. By selectively
[EMAIL PROTECTED] wrote:
It's not exactly a bug in openSSL. Just weirdness:
...
It looks like default_days setting in ca.cnf is irrelevant.
i.e. OpenSSL ignores a configuration that is documented as doing
something. That sounds like a bug to me.
A few simple searches on google found other
Hi Alan,
Did you want me to compare with git tree for 2.1 or with my current version
2.0.5? thx
I think it's a bug in the code. Please try the current git tree. See
git.freeradius.org for instructions on grabbing a tar file if you
don't have git.
Alan DeKok.
-
List
Charlie B wrote:
Did you want me to compare with git tree for 2.1 or with my current
version 2.0.5? thx
Please download the git master branch. The fixes are in that, and
not in 2.0.5.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
http://marc.info/?l=openssl-usersm=110958909114203w=2
That's from 2005. They know about it. And don't care.
Ivan Kalik
Kalik Informatika ISP
Dana 22/9/2008, Alan DeKok [EMAIL PROTECTED] piše:
[EMAIL PROTECTED] wrote:
It's not exactly a bug in openSSL. Just weirdness:
It looks like
Hi Team.
This is my first alias, the reason of this alias is because I have a
freeradius server on my server to provide authentication, everything was
working fine until I tried to set it up to use mysql, after I configure my
server to check the mysql database I'm getting the segmentation fault
27 matches
Mail list logo