>> Again, using *one* database for *many* RADIUS servers is very likely
>> wrong. i.e. it will be slow, fragile, and is likely to not meet your
>> needs of high availability.
>>
Alan is saying a single MySQL instance is fragile because it's a single
point of failure.
Clustered SQL is bad
Alexandre Chapellon wrote:
> Right, nothing will query the database directly on radius servers.
Then don't put a database there.
> But i
> really need to have one central database that will be queried by webapps
> to let users know about thier quota left, time of connection etc...
Then put a
Alan DeKok a écrit :
> Alexandre Chapellon wrote:
>
>> Each radius have a local mysql database to locally store accounting data.
>>
>
> If nothing will be querying those databases, I suggest *not* using
> SQL. It's just not needed.
>
>
Right, nothing will query the database directly
John Dennis wrote:
> If that's not the problem you're encountering then the only other thing
> I can think of is that you're not running the service from an effective
> uid of root. When the server starts up it will have a uid of root but
> then drop it's privileges to radiusd (not sure if the sock
Alexandre Chapellon wrote:
> Each radius have a local mysql database to locally store accounting data.
If nothing will be querying those databases, I suggest *not* using
SQL. It's just not needed.
> Each local database is replicated to a central database which couls be
> used too as a redundan
Alexandre Chapellon wrote:
>> I'm not sure *any* RADIUS server has this functionality. It's usually
>> done as part of the database replication, etc.
>
> Why enabling replication? Isn't it possible to have one centralized
> database for all radius server?
You really don't want that. RADI
On Fri, Sep 26, 2008 at 3:05 PM, David Blackman <[EMAIL PROTECTED]> wrote:
> I have purchased a Linksys SLM248G switch that has 802.1x support. I am
> new to radius server and would like to use this switch to authenticate ports
> for a lab to a freeradius server. I have installed freeradius 2.1.
[EMAIL PROTECTED] a écrit :
>> Why enabling replication? Isn't it possible to have one centralized
>> database for all radius server?
>>
>
> Ahem, even a single radius server is so much faster than the database.
> That arrangement is doomed.
>
Well, actually here is how i wanted to set t
I have purchased a Linksys SLM248G switch that has 802.1x support. I am
new to radius server and would like to use this switch to authenticate
ports for a lab to a freeradius server. I have installed freeradius
2.1.0 on freebsd 7.0 system.
It is the default configuration for FreeRadius 2.1.0
>Why enabling replication? Isn't it possible to have one centralized
>database for all radius server?
Ahem, even a single radius server is so much faster than the database.
That arrangement is doomed.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.o
Alan DeKok a écrit :
> Alexandre Chapellon wrote:
>
>>> The servers will have to communicate with each other before handing
>>> out IP addresses.
>>>
>>>
>> Is it a featured in freeradius?
>>
>
> No. That code would need to be written.
>
>
>> I thought about it but not m
>[suffix] No '@' in User-Name = "\ aduserr", looking up realm NULL
This is nothing to do with perl. There is a bug in handling "\r" in
username. It is "seen" as carriage return and I can see it in sql
queries (converted since it is not a safe character). Try a username
that doesn't start with
I have opened the following bugzilla to request the SELinux policy be
updated to allow for the new unix domain socket:
https://bugzilla.redhat.com/show_bug.cgi?id=464199
--
John Dennis <[EMAIL PROTECTED]>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
John Horne wrote:
Hi,
I have installed FR2.1.1 onto a test server, built using the Fedora
rawhide RPM source. No problems building and installing FR, but when I
start FR it seems to immediately stop. The radius.log file just shows:
Fri Sep 26 17:20:58 2008 : Error: Failed to
stat /var/run
On Fri, 2008-09-26 at 17:31 +0100, John Horne wrote:
> Hi,
>
> I have installed FR2.1.1 onto a test server, built using the Fedora
> rawhide RPM source. No problems building and installing FR, but when I
> start FR it seems to immediately stop. The radius.log file just shows:
>
>Fri Sep 26 17
Hi,
I have installed FR2.1.1 onto a test server, built using the Fedora
rawhide RPM source. No problems building and installing FR, but when I
start FR it seems to immediately stop. The radius.log file just shows:
Fri Sep 26 17:20:58 2008 : Error: Failed to
stat /var/run/radiusd/radiusd.soc
Peter Eriksson wrote:
> Any suggestions on where I should start adding debugging
> printf's/debugger checkpoints in order to try to pin-point
> this problem?
src/lib/radius.c, rad_encode, and the attr2vp functions.
> Am I correct in assuming the keys in question are generated in
> src/modules/r
>> Vendor Specific Attribute (26), length: 59, Value: Vendor:
>> Microsoft (311)
>> Vendor Attribute: 16, Length: 51, Value:
>> ..."D...1.RX...dt..F..x4..&}...> 0x: 0137 1035 009d be22 4487 0b90 31ab
>
> The '1035 00' is odd. The extra '00' doesn't b
el access point tiena la IP 10.0.31.40 y esta incluida dentro de
raddb/client.conf, olvidemos la IP 10.0.42.250 porque me conecte a esa red
para otro tema.
El servidor esta en la 10.30.1.x y no hace falta que esté en la misma red
porque son VLAN ruteables. Haciendo ping responde bien.
¿cual podria
Hello Alan,
I have upgrade to 2.1.1 however still the same effect with perl to lc the
usernames
perl_pool: item 0x2043d70 asigned new request. Handled so far: 1
found interpetator at address 0x2043d70
rlm_perl: RAD_REQUEST: NAS-Port-Type = Ethernet
rlm_perl: RAD_REQUEST: Service-Type = Framed-Use
Michael Schwartzkopff wrote:
> Think about using DRBD.
It's very often more efficient to implement application-aware
replication. i.e. replication that knows about the data && it's contents.
Using DRDB may be much higher overhead than simply proxying RADIUS
packets.
Alan DeKok.
-
List inf
Peter Eriksson wrote:
>> Yes. But it's *not* being printed as MS-MPPE-Recv-Key, which means
>> you've broken the dictionaries somehow.
>
> Hmm.. Strange. Since I haven't touched the dictionaries at all.
Well, the only way that the MS attributes are printed as
"Vendor-Specific" is if the MS d
Am Freitag, 26. September 2008 10:05 schrieb Alan DeKok:
> Alexandre Chapellon wrote:
> >> The servers will have to communicate with each other before handing
> >> out IP addresses.
> >
> > Is it a featured in freeradius?
>
> No. That code would need to be written.
Think about using DRBD.
--
>> FreeRadius 2.1.0 directly to the Access Point (with a response received
>> via Proxying to the same 1.1.7 server):
> ...
>> Sending Access-Accept of id 6 to 192.168.160.158 port 1036
>> Vendor-Specific =
>> 0x013711348565439b6986f71bfa7425319eac8dd791f24936bc66a8cdd928a91c9c4343958e
Peter Eriksson wrote:
> Just got the same coredump here. Here's a first debugger backtrace (have
> to recompile to get more details). Seems to be triggered by a MacOS X
> machine trying to use PEAP.
OK. I've pushed some fixes to git.freeradius.org.
Alan DeKok.
-
List info/subscribe/unsubscri
You say 10.0.32.x is on a different network than 10.0.42.x?
What's your netmasks and your routing table like? What network is your
client on and what network is your server on? Can you ping the server (or
access it in any way) from the client?
This is really more a basic networking question than
Just got the same coredump here. Here's a first debugger backtrace (have
to recompile to get more details). Seems to be triggered by a MacOS X
machine trying to use PEAP.
Session established. Decoding tunneled attributes.
Identity - teleportd-iMac
Got tunnled request
EAP-Message = 0x02090
Chris Howley wrote:
> FR 2.1.1 running under Solaris 10 x86 creates a core dump when using EAP
> PEAP/MSCHAPv2.
>
...
> [peap] Got tunnled request
> EAP-Message = 0x0207000c01656475726f616d
> Segmentation Fault (core dumped)
Please read doc/bugs. It gives instructions that can help giv
Alan DeKok wrote:
Vegard Svanberg wrote:
I have a NAS which sends a NAS-Port-Id attribute in the range
2147483648..2164260863. PostgreSQL doesn't like the query Freeradius
performs. It's choking when trying to insert for instance
'2163214239::integer' into the radacct table.
$ select 2163214239
* Alan DeKok <[EMAIL PROTECTED]> [2008-09-26 11:07]:
> > $ select 2163214239::integer;
> > ERROR: integer out of range
>
> It's treating the number as a signed 32-bit integer, and the number is
> greater than 2^31.
>
> And the NASPortId field in the default schema is VARCHAR, not integer.
>
Dear Alan,
FR 2.1.1 running under Solaris 10 x86 creates a core dump when using EAP
PEAP/MSCHAPv2.
Chris Howley
bash-3.00# radiusd -X
FreeRADIUS Version 2.1.1, for host i386-pc-solaris2.10, built on Sep 25
2008 at 12:42:55
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
Vegard Svanberg wrote:
> I have a NAS which sends a NAS-Port-Id attribute in the range
> 2147483648..2164260863. PostgreSQL doesn't like the query Freeradius
> performs. It's choking when trying to insert for instance
> '2163214239::integer' into the radacct table.
>
> $ select 2163214239::integer
Alexandre Chapellon wrote:
> Sorry i made a mistake with my patch:
Thanks. I've added that patch in.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
This isn't a question about a problem, rather a "best practise" sort of
thing...
I've currently got a FreeRadius installation servicing a number of Cisco
units providing WPAv2 Auth against MS AD. This works great.
I need to expand my setup a bit, and am looking for guidance/advise as to
how
Freeradius 2.1.0.
I have a NAS which sends a NAS-Port-Id attribute in the range
2147483648..2164260863. PostgreSQL doesn't like the query Freeradius
performs. It's choking when trying to insert for instance
'2163214239::integer' into the radacct table.
$ select 2163214239::integer;
ERROR: intege
Alexandre Chapellon wrote:
>> The servers will have to communicate with each other before handing
>> out IP addresses.
>>
> Is it a featured in freeradius?
No. That code would need to be written.
> I thought about it but not managing a huge number of ippool (for
> different type of users,
36 matches
Mail list logo
