Tseveendorj wrote:
> What is nas_port ? is it mean 1645, 1646 ?
No. It's not a UDP port. It means "port on the NAS". See
http://freeradius.org/rfc/attributes.html. Click on "NAS-Port"
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Arran Cudbard-Bell wrote:
> Interesting indeed. I can see a use for this. How do you initiate the
> HUP ? Via the radmin tool ?
$ kill -HUP pid
or
$ radmin
radmin> hup
:)
There's currently no way of reloading just *one* virtual server. The
reason is that they are all loaded into one big
Hello,
Do I understand right or not about checkrad? Please drive me right
direction.
radius# checkrad
Usage: checkrad nas_type nas_ip nas_port login session_id
What is nas_port ? is it mean 1645, 1646 ?
I found the session_id from cisco router with following command
hostname#sh pppoe sessio
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi John,
>
>> Interesting indeed. I can see a use for this. How do you initiate the
>> HUP ? Via the radmin tool ?
>>
I know what HUP is :) But thank you for expounding on the history.
I was just wondering if there was a way to reload specific virt
Arran Cudbard-Bell wrote:
Interesting indeed. I can see a use for this. How do you initiate the
HUP ? Via the radmin tool ?
HUP is a Unix signal, originally meaning "Hang Up" but since has been
co-opted to mean "reload your configuration" when the signal is sent to
a service (e.g. a daemon).
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alan DeKok wrote:
> I've checked in some code to git that allows HUP to reload virtual
> server configurations. For now, all it does is reload the
> authorize, authenticate, accounting, pre-proxy, etc. sections. It
> does NOT reload listen sections,
>> > When I start it for the first time, it builds all of the 'fake' certs
>> okay
>> > and runs properly.
>> >
>> > (I am not sure if this would be an OpenSSL error or FreeRADIUS error.
>> > What would you think the best way to troubleshoot this would be?
>> > Or do you have any helpful hints?)
>
Hi,
> > When I start it for the first time, it builds all of the 'fake' certs okay
> > and runs properly.
> >
> > (I am not sure if this would be an OpenSSL error or FreeRADIUS error.
> > What would you think the best way to troubleshoot this would be?
> > Or do you have any helpful hints?)
> >
>
Hi,
Per, if you read the debug log you will clearly
see the problem.
(cutting everything until the auth occurring.
> rad_recv: Access-Request packet from host 127.0.0.1 port 43395, id=1,
> length=168
>User-Name = "0016dbd4b7d5"
>User-Password = "0016dbd4b7d5"
>NAS-IP-Address = 192.
Hi,
> Nearly all of them haven't been updated in *years*. i.e. Since long
> before 2.0 was released. They are not just wrong, they are actively
> harmful.
yeh. most of them are from 2006/2007 era and are 'heres how I configured
FreeRADIUS 1.x in some wierd way to do this' - which, whilst may
Sorry - neglected to put that in there!
I followed the instructions in the README file in /usr/local/etc/raddb/certs
If you want to see any files/info/parameters, please ask!
Thanks
Glen
On Thu, Apr 23, 2009 at 16:32, wrote:
> >> When I start it for the first time, it builds all of the 'fake
>> When I start it for the first time, it builds all of the 'fake' certs
>> okay
>> and runs properly.
>>
>> (I am not sure if this would be an OpenSSL error or FreeRADIUS error.
>> What would you think the best way to troubleshoot this would be?
>> Or do you have any helpful hints?)
>>
>> However,
> Thanks for your quick response.
> I purged all my old configuration and did a reinstall.
> This time only updated the users file by adding the line above but with
> the same result.
>
> Ready to process requests.
> rad_recv: Access-Request packet from host 127.0.0.1 port 43395, id=1,
> length=168
ique] WARNING: Attribute NAS-Port was not found in request,
unique ID MAY be inconsistent
[acct_unique] WARNING: Attribute Acct-Session-Id was not found in
request, unique ID MAY be inconsistent
[acct_unique] WARNING: Attribute User-Name was not found in request,
unique ID MAY be inconsistent
On Thu, Apr 23, 2009 at 15:34, Glen Millard wrote:
> How are you sir?
>
> I will post this to the group if you want , but this is making me crazy:
>
> I am wondering the best way to troubleshoot this.
>
> Installing FreeRADIUS on CentOS 5:
> radiusd: FreeRADIUS Version 2.1.5, for host i686-pc-lin
Per Hermansson wrote:
> I'm having troubles setting up EAP-PEAP with freeradius (2.1.0) +
> hostapd (0.6.9) + wpa_supplicant (0.6.6)
> What I've done is mostly to follow
> http://tldp.org/HOWTO/8021X-HOWTO/freeradius.html
I should update the "man" page to say IGNORE ALL THIRD PARTY HOWTOs
Nea
> Hi
> I'm having troubles setting up EAP-PEAP with freeradius (2.1.0) +
> hostapd (0.6.9) + wpa_supplicant (0.6.6)
> What I've done is mostly to follow
> http://tldp.org/HOWTO/8021X-HOWTO/freeradius.html
> Which basically is to update eap.conf to use peap and add my login
> details to the users fi
Hi
I'm having troubles setting up EAP-PEAP with freeradius (2.1.0) +
hostapd (0.6.9) + wpa_supplicant (0.6.6)
What I've done is mostly to follow
http://tldp.org/HOWTO/8021X-HOWTO/freeradius.html
Which basically is to update eap.conf to use peap and add my login
details to the users file:
"tes
I've checked in some code to git that allows HUP to reload virtual
server configurations. For now, all it does is reload the authorize,
authenticate, accounting, pre-proxy, etc. sections. It does NOT reload
listen sections, client sections, or anything else.
However, it now allows you to upd
> I am now trying to figure how to have the replyItem in my accept-accept
> message.
>
Just map appropriate attributes in ldap.attrmap as replyItem. I can see
tunnel attributes in default ldap.attrmap in stable branch now, so that
will be there in future. For PEAP you should list ldap only in
inne
t...@kalik.net a écrit :
>> I try to ask my questions more precisely:
>> * what are the radius ldap attributes meant for? Is only for accounting
>> or can we use them for something else?
>>
>
> They can be used for authorization as well. You put them in your
> Access-Accept packet (reply) and
Alan DeKok wrote:
> Tseveendorj wrote:
>> Sorry for bothering you. Have a nice day.
>
> I've never understood why people buy equipment from a vendor, and then
> ask for for support on this list.
>
Not just this list, don't worry. The wn.arg[1] mailing lists are much
the same. There you get th
Matthieu Lazaro wrote:
> I think we didn't understand each other and this is probably because my
> questions are not clear enough because I have such precise idea of what
> I want radius to do.
I disagree that that is the cause of the confusion.
> I should have explained the problem the other
> I was running freeradius 2.0.5 on my Centos 5.2 server
> using rlm_perl. When I upgraded to 5.3 I get :
>
> "rlm_perl: perl_parse failed: /billing/bin/billing.pl not found or has
> syntax errors."
>
> I googled it and found that this may be caused by libperl.so not being
> linked properly or Data
It was a cifs problem.
The script was being shared by a samba server and
after the upgrade I got : Setuid/gid script is writable by world.
And this made radius to fail.
I moved the script locally and it works.
Apostolos Pantsiopoulos wrote:
I was running freeradius 2.0.5 on my Centos 5.2 server
> i have installed freeradius version 1.0.3 on windows xp.
>
> any body have resource to generate certificates on windows.
>
1.0.3 will not work with Vista. It might not work with XP SP3 either. You
have 1.1.7 on freeradius.net that will. It supports most basic things +
mysql.
You can't generate
I was running freeradius 2.0.5 on my Centos 5.2 server
using rlm_perl. When I upgraded to 5.3 I get :
"rlm_perl: perl_parse failed: /billing/bin/billing.pl not found or has
syntax errors."
I googled it and found that this may be caused by libperl.so not being
linked properly or Data::Dumper th
> I try to ask my questions more precisely:
> * what are the radius ldap attributes meant for? Is only for accounting
> or can we use them for something else?
They can be used for authorization as well. You put them in your
Access-Accept packet (reply) and if your switch supports those attributes
> And finally, can you say that when a dumb users plugs in the wrong VLAN,
> like a admin VLAN, I cannot deny him or put him automatically in the
> right VLAN with radius?
>
If he can plug into a switch and get access to admin VLAN it's network
admin that is dumb, not the user. If your switch supp
hi
i have installed freeradius version 1.0.3 on windows xp.
any body have resource to generate certificates on windows.
thanks,
mitul modi
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok a écrit :
> Matthieu Lazaro wrote:
>
>> OK, so tell me where to implement complex policies?
>>
>
> I've been trying.
>
> You need to write down what you have (in RADIUS packets, LDAP, etc.).
> You need to write down what you want (contents of reply packets,
> behaviors, etc.
Matthieu Lazaro wrote:
> OK, so tell me where to implement complex policies?
I've been trying.
You need to write down what you have (in RADIUS packets, LDAP, etc.).
You need to write down what you want (contents of reply packets,
behaviors, etc.). You then need to write down a process for c
Alan DeKok a écrit :
> Matthieu Lazaro wrote:
>
>
>> rlm_ldap manual covers the options to use with the ldap module like
>> server , tls binding, basic filters, etc... not " how to use extended
>> ldap attributes based on the content of the RADIUS-LDAPv3.schema".
>>
>
> Exactly. It descr
> What arguments are you using for radperf? -n doesn't really work.
>
> -p will send requests as fast as the server can handle them, but no
> faster. So if oyu're using "-p 10", and only seeing 15 pps, it's
> because the server can handle only 15 pps.
>
Ok. RTFM is sometimes helpfull. I am
On Apr 22, 2009, at 7:25 PM, Borislav Dimitrov wrote:
On 22.04.2009, at 13:23, Alan DeKok wrote:
Apostolos Pantsiopoulos wrote:
If any changes are to be made to the current
implementation to support multiple interpreters (one per thread)
would they show up in a 2.1.x release or a future one
Uwe Kastens wrote:
> OK, thats strange. One radclient only generates 15 requests per sec in
> my tests - and causes load on the system. The 100 requests per sec were
> "statefull" or fire and forget without parsing the answer?
What arguments are you using for radperf? -n doesn't really work.
36 matches
Mail list logo
