Ivan,
>> There is no change in that values, if I increase the max database
>> connections. So I think it might be a problem, that there are not enough
>> requests produced from the radclient(s) aprox 800 per minute.
>>
>> Could that be?
>
> Yes. Database will start coming into play with some 100 r
Tseveendorj wrote:
> Sorry for bothering you. Have a nice day.
I've never understood why people buy equipment from a vendor, and then
ask for for support on this list.
It's OK to ask other people about experience with *undocumented*
features of a product. i.e. incompatibilities, experiences,
Thank you Alan DeKok.
Sorry for bothering you. Have a nice day.
Sincerely,
Tseveen.
Alan DeKok wrote:
Tseveendorj wrote:
checkrad: No SNMP answer from cisco.
checkrad: not found!
The NAS doesn't respond.
I thought maybe OID is not compatible for my router c3825. is it ?
Tseveendorj wrote:
> checkrad: No SNMP answer from cisco.
> checkrad: not found!
The NAS doesn't respond.
> I thought maybe OID is not compatible for my router c3825. is it ?
Why not ask Cisco?
> Can you please provide more information about NAS port and Session ID ?
Ask Cisco which OID
Hello,
Following packages installed on my server.
FreeRADIUS 2.1.4
Perl 5.8.9
p5-SNMP_Session-1.12
p5-Net-Telnet-3.03
MySQL-5.0.77
I decided to use SNMP_Session and BER modules.
When I'm executing checkrad by hand then I got following message.
# checkrad cisco 192.168.0.60 1645 tseveen 40
SNMP
On Wed, Apr 22, 2009 at 8:43 PM, Uwe Kastens wrote:
>>> The problem with master master for
>>> mysql is, that you have to resync each time you are dropping a table, a
>>> view etc.pp.
No you don't.
When setup correctly, all SQL statement on one node will be executed
on the other node as well. Tha
If you require synchronous replication and your queries are conducive to it
there is MySQL Cluster. You might get some of the functionality you want
with DRBD (but write performance hits) and MySQL, which is supported
officially by MySQL, or through the use of circular replication with a pair
of ma
> We just don't have enough information to make a decision. If the query
> returns id,Username,Attribute, op, value sorted by id, perhaps we
> could. If the attributes were
> san0001 Cleartext-Password := santi1
> san0001 NAS-IP-Address == 123.123.123.123
> san0001 Cleartext-Password := santi2
>
John Dennis wrote:
> Santiago Balaguer García wrote:
>> Hi,
>>
>> I want the 'san0001' user has two passwords. There is in my
>> radcheck table:
>>
>> Username | Attribute | op | value
>>
>> san0001 Pas
>
> Yes, man.
>
> We know the PostgreSQL solution does not work. ORACLE is expensive. MySQL
> is one master and serveral slaves.
>
You can set up MySQL as master1-slave2 <==> slave1-master2. That works
sort of like master-master replication.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe
> Hi lists,
>
> I am just measuring (maybe more guessing) some performance figures. I
> started 3 radclients (1 on localhost, 2 on different remote hosts) with
> 12K different user and credentials. I am working with virtual hosts
> under XEN.
>
> I am just counting the logfile entries from logfile
Santiago,
> Yes, man.
> We know the PostgreSQL solution does not work. ORACLE is expensive.
> MySQL is one master and serveral slaves.
I don't think that the price of oracle is the problem. Without 3rd party
there is no way to have a real cluster solution.
>
> Do you know another master-master
Santiago Balaguer García wrote:
Hi,
I want the 'san0001' user has two passwords. There is in my
radcheck table:
Username | Attribute | op | value
san0001 Password ?? santi1
Matthieu Lazaro wrote:
> No, I have set them up to checkItems:
I agree with Ivan here: don't do this.
> I inspired my configuration based on "man 5 users" and I didn't find an
> FAQ article that covers using policies with an LDAP backend.
There is a FAQ entry for "it doesn't work".
> rlm_
Santiago Balaguer García wrote:
> I want the 'san0001' user has two passwords.
This is a VERY uncommon situation.
> Which op value have to use (=, :=, +=, ==) ?
You don't. You will need to write a custom module to authenticate
users with multiple passwords.
Alan DeKok.
-
List info/sub
On 22.04.2009, at 13:23, Alan DeKok wrote:
Apostolos Pantsiopoulos wrote:
If any changes are to be made to the current
implementation to support multiple interpreters (one per thread)
would they show up in a 2.1.x release or a future one (2.2.x or
something)?
They will show up in the next
Hi,
I want the 'san0001' user has two passwords. There is in my radcheck table:
Username | Attribute | op | value
san0001 Password ?? santi1
san0001 Password ??
Yes, man.
We know the PostgreSQL solution does not work. ORACLE is expensive. MySQL is
one master and serveral slaves.
Do you know another master-master database management system which is cheap?
Santiago
> Ok. That is true. In that case you are talking about loosing money if
> the
Hi,
I try to make "gmake clean" and try again. Now everything went fine.
Maybe Moon is moving again for new position :)
Br,
Ville
-Original Message-
From: freeradius-users-bounces+ville.leinonen=solodel@lists.freeradius.org
on behalf of Alan DeKok
Sent: Mon 20/04/2009 14:42
To: Fr
> No, I have set them up to checkItems:
> checkItem Tunnel-Type:0 radiusTunnelType
> checkItem Tunnel-Medium-Type:0radiusTunnelMediumType
> checkItem Tunnel-Private-Group-Id:0 radiusTunnelPrivateGroupId
>
And what is the point of that? Why do
Hi lists,
I am just measuring (maybe more guessing) some performance figures. I
started 3 radclients (1 on localhost, 2 on different remote hosts) with
12K different user and credentials. I am working with virtual hosts
under XEN.
I am just counting the logfile entries from logfile for Auth: Logi
Hi,
> I noticed this version mismatch too: radiusd -v returns 2.1.5 when built
> from the 2.1.4 tarball.
thats exactly what John was talking about
I'd expect the next version to be 2.1.6 with 2.1.5 marked
in changelog as a short-term interim release.
alan
-
List info/subscribe/unsubscribe? See
Alan DeKok a écrit :
> Matthieu Lazaro wrote:
>
>> The thing is, it is just READING the ldap content and not comparing
>> to what the NAS is sending.
>>
>
> Yes.. because you (or the defaults) configured those LDAP attributes
> in ldap.attrmap as "replyItems". This means that they ar
I noticed this version mismatch too: radiusd -v returns 2.1.5 when
built from the 2.1.4 tarball.
On 22.04.2009, at 17:25, Alan DeKok wrote:
John Dennis wrote:
I'd like to package up the current release but I can't because the
current tar files have version problems. What is currently on the
John Dennis wrote:
> Do we have a target date? Do we need to get volunteers testing a trial
> 2.1.6 so we can move forward?
The target date is a week or two.
As of now (and moving on), the page at:
http://git.freeradius.org/pre/
Will contain the latest pre-release tar files. These files
Alan DeKok wrote:
John Dennis wrote:
I'd like to package up the current release but I can't because the
current tar files have version problems. What is currently on the
download link is 2.1.4 but builds as 2.1.5. There have been two
different versions of the 2.1.4 tar file. This means we can
Matthieu Lazaro wrote:
> The thing is, it is just READING the ldap content and not comparing
> to what the NAS is sending.
Yes.. because you (or the defaults) configured those LDAP attributes
in ldap.attrmap as "replyItems". This means that they are read from
LDAP, and added to the RADIUS r
John Dennis wrote:
> I'd like to package up the current release but I can't because the
> current tar files have version problems. What is currently on the
> download link is 2.1.4 but builds as 2.1.5. There have been two
> different versions of the 2.1.4 tar file. This means we can never
> release
It's possible that this is my laptop that is causing this and not the
Wireless AP or FreeRadius but I thought I would ask because my laptop
doesn't do this on WPA-PSK on my home setup.
Using Windows supplicant, clearly connects using PEAP and am given an IP
address via LAN DHCP server.
If I try t
I'd like to package up the current release but I can't because the
current tar files have version problems. What is currently on the
download link is 2.1.4 but builds as 2.1.5. There have been two
different versions of the 2.1.4 tar file. This means we can never
release a 2.1.4 RPM because it's
Michael,
>>> supposedly a PostgreSQL master-master replication package
>> I think there might be much more read access then write access by using
>> a DB backend for RADIUS. If so it might be enough to have one master to
>> write and many slaves to read from. Or many master with a kind of sql
>> p
Alan DeKok a écrit :
> Matthieu Lazaro wrote:
>
>
>> Here is the content of a packet received by radiusd:
>>
>
> Weird, but OK.
>
>
>> Futhermore, to reply to Alan about the radiusUserCategory, it is given
>> with the radius.schema for ldap. Is it a useless attribute then?
>>
>
>
Am Mittwoch, 22. April 2009 15:20:11 schrieb Uwe Kastens:
> Hello,
>
> >>> I could be wrong, there might be one we've missed. If so, i'd love to
> >>> know as well, as master-master replication would make our lives easier
> >>> too :)
> >>
> >> What is your need? More Read than write? Mabye think a
Hello,
>>> I could be wrong, there might be one we've missed. If so, i'd love to
>>> know as well, as master-master replication would make our lives easier
>>> too :)
>>
>> What is your need? More Read than write? Mabye think about mysql proxy
>> or some free cluster option.
> First the disclaimer
Matthieu Lazaro wrote:
> Here is the content of a packet received by radiusd:
Weird, but OK.
> Futhermore, to reply to Alan about the radiusUserCategory, it is given
> with the radius.schema for ldap. Is it a useless attribute then?
Yes.
> I'll be checking this afternoon and testing about
t...@kalik.net a écrit :
>> Here is one policy that I wish to make work.
>>
>> 1- a client connects to a 802.1x protected VLAN ID 10 ( per port basis
>> configuration on the switch)
>> --> this client has some of the following LDAP attributes:
>> uid = bobalice
>> radiusTunnelP
Thanks man,
done.
--- On Wed, 4/22/09, Alan DeKok wrote:
From: Alan DeKok
Subject: Re: Exec-Program problem
To: "FreeRadius users mailing list"
Date: Wednesday, April 22, 2009, 5:25 PM
Nirmal wrote:
...
> Wed Apr 22 17:05:03 2009 : Debug: Exec-Program-Wait: plaintext: Wed Apr
> 22 17:0
Am Mittwoch, 22. April 2009 11:54:00 schrieb Meyers, Dan:
>
>
> > I use a PostgreSQL DB form my three AAA server and the DB is enough
> > quick for serveral request per second.
>
> Aah. We were wanting to handle 100 or so requests a second. Postgres
> might well have done this, but we wanted room
On Wed, Apr 22, 2009 at 2:58 PM, Santiago Balaguer García
wrote:
> However, I am looking for a (free) master-master DB, and the replication in
> postgres crashes. And the problem in MySQL it was told before.
>
> I admit suggestions for a BETTER free DB.
MySQL can do master-master replication just
Nirmal wrote:
...
> Wed Apr 22 17:05:03 2009 : Debug: Exec-Program-Wait: plaintext: Wed Apr
> 22 17:05:03 2009 : Error: Exec-Program: FAILED to execute
> /etc/raddb/getmac: Exec format error
...
> #/bin/bash
You can't run that program from a shell prompt, either. You have a
typo. It should be:
changed permission of /etc/raddb/mac_entries
now getting wrong format error.
Wed Apr 22 17:21:27 2009 : Auth: Login OK: [spark] (from client localhost port
0 cli 00:19:D1:4A:53:F8)
Wed Apr 22 17:21:27 2009 : Info: +- entering group post-auth {...}
Wed Apr 22 17:21:27 2009 : Info: [exec]
> Here is one policy that I wish to make work.
>
> 1- a client connects to a 802.1x protected VLAN ID 10 ( per port basis
> configuration on the switch)
> --> this client has some of the following LDAP attributes:
> uid = bobalice
> radiusTunnelPrivateGroupID = 20
> ra
Hi,
I am running freeradius-server-2.1.1-7.
++--+---++-+
| id | username | attribute | op | value |
++--+---++-+
| 1 | spark | Exec-Program-Wait | := | /
Matthieu Lazaro wrote:
> 1- a client connects to a 802.1x protected VLAN ID 10 ( per port basis
> configuration on the switch)
The client connects via 802.1X. It doesn't connect on a VLAN. VLAN
assignment comes *after* the client has been authenticated.
> --> this client has some of the follo
Uwe Kastens wrote:
> Hi,
>
>
> Meyers, Dan schrieb:
>>
>>> I use a PostgreSQL DB form my three AAA server and the DB is enough
>>> quick for serveral request per second.
>
>> I could be wrong, there might be one we've missed. If so, i'd love to
>> know as well, as master-master replication woul
Alan DeKok a écrit :
> Your examples are pretty close to "do stuff when I see stuff". It's a
> grammatically correct English sentence, but nearly meaningless.
>
> Alan DeKok.
>
> -
>
Ok, So I will try to make myself clear.
Here is one policy that I wish to make work.
1- a client connects
Apostolos Pantsiopoulos wrote:
> If any changes are to be made to the current
> implementation to support multiple interpreters (one per thread)
> would they show up in a 2.1.x release or a future one (2.2.x or something)?
They will show up in the next release, whatever that is.
i.e. "next af
> Yet, I have not been able to:
> - Tell the NAS to change the VLAN depending on LDAP account info,
Have you read you NAS documentation regarding assigning VLANs? If you know
which attributes you need to pass you map them to ldap attributes in
ldap.attrmap as reply items.
> - Tell the NAS to chan
If any changes are to be made to the current
implementation to support multiple interpreters (one per thread)
would they show up in a 2.1.x release or a future one (2.2.x or something)?
Meyers, Dan wrote:
It should be running one Perl thread per system thread. The
server
core already manages
Hi,
Meyers, Dan schrieb:
>
>> I use a PostgreSQL DB form my three AAA server and the DB is enough
>> quick for serveral request per second.
>
> I could be wrong, there might be one we've missed. If so, i'd love to
> know as well, as master-master replication would make our lives easier
> too :
Matthieu Lazaro wrote:
> Yet, I have not been able to:
> - Tell the NAS to change the VLAN depending on LDAP account info,
> - Tell the NAS to change the SSiD + VLAN depending on user LDAP account
> - Filter MAC + MEDIUM TYPE + PORT Number depending on LDAP account info
Perhaps part of the probl
> I use a PostgreSQL DB form my three AAA server and the DB is enough
> quick for serveral request per second.
Aah. We were wanting to handle 100 or so requests a second. Postgres
might well have done this, but we wanted room for expansion and our
tests with 10'000 requests at ~100 a second showe
Alan DeKok a écrit :
> Matthieu Lazaro wrote:
>
>> For example: filtering with more than on attribute in checkval ( MAC /
>> TUNNEL TYPE), sending orders to the NAS to change VLAN depending on the
>> user, etc...
>>
>
> Write down the policies, and then implement them in the policy langua
Matthieu Lazaro wrote:
> OK. I have understood now why it was not working. However, this should
> be clarified in http://freeradius.org/radiusd/man/unlang.html .
Feel free to submit suggested text.
> Still I find a lot of points in Freeradius that are obscure because it's
> not enough documente
Alan DeKok a écrit :
> Matthieu Lazaro wrote:
>
>> It all happens as if the "if () { ... } else { ... } " is completely
>> ignored
>> (and thus it defaults to check if the uid exists)
>>
>
> Yes.
>
>
>> (ie: neither filter1 nor filter2 appears when debugging.
>> But when we only put f
enid wrote:
> to make it more precise, I'm trying to execute a script that checks the
> users accounting (hours and minutes generated from radiusreport tool). And
> when the users passes his limit he is then blocked access.
The exec module can do that.
> The "exec" module allows only this synta
> Postgres does supposedly have a version in beta for full master-master
> replication, but every time we've tried to get it running it's crashed
> on us as soon as we tried to actually write any data. Postgres in
> general seemed much slower than MySQL for reading the data we needed as well.
I
Thank you for your reply,
to make it more precise, I'm trying to execute a script that checks the
users accounting (hours and minutes generated from radiusreport tool). And
when the users passes his limit he is then blocked access.
The "exec" module allows only this syntax: Attribute-Name =
`%{exe
58 matches
Mail list logo
