On Thu, Dec 15, 2011 at 1:19 PM, Hitesh Vinzoda wrote:
> Hi,
>
> Our provider is sending the calling-station-id usually larger than 50
> characters while the schema for RADIPPOOL table in MYSQL has defined this
> field for 30 CHARACTERS. because of this we are seeing unusual behaviour in
> IP addr
Hi,
Our provider is sending the calling-station-id usually larger than 50
characters while the schema for RADIPPOOL table in MYSQL has defined this field
for 30 CHARACTERS. because of this we are seeing unusual behaviour in IP
address assignment as first 35 characters are same for all users and
Angelica Delgado wrote:
> I want to know which reference I can use to make a certicate request for
> a third party ca. This certificate is for peap with mschap v2. In
> terms of adding the extensions for peap.
Microsoft has web pages on this.
READ eap.conf. It explains this in excruciating
"Fajar A. Nugraha" escribió:
On Fri, Dec 9, 2011 at 11:36 PM, Michel Bulgado wrote:
In conclusion what we discussed, my Linksys router when accounting packets
sent after authenticating my user, but not shown or at least are suppressed
by TTLS. is not so?
So should I change the mechanism to u
On Thu, Dec 15, 2011 at 9:11 AM, Nathan M wrote:
> I have a setup such as:
>
> NAS > Freeradius Proxy > Freeradius Auth
>
> Periodically the NAS (different company and outside of my control)
> gets rebooted and when it starts up it sends thousands of simultaneous
> requests to the radius proxy, w
On Fri, Dec 9, 2011 at 11:36 PM, Michel Bulgado wrote:
> In conclusion what we discussed, my Linksys router when accounting packets
> sent after authenticating my user, but not shown or at least are suppressed
> by TTLS. is not so?
>
> So should I change the mechanism to use!
Like Alan said, some
I have a setup such as:
NAS > Freeradius Proxy > Freeradius Auth
Periodically the NAS (different company and outside of my control)
gets rebooted and when it starts up it sends thousands of simultaneous
requests to the radius proxy, which in turn forwards them all to the
appropriate freeradius a
I want to know which reference I can use to make a certicate request for a
third party ca. This certificate is for peap with mschap v2. In terms of
adding the extensions for peap.
Thanks.
On Dec 14, 2011 5:48 PM, "Alan Buxey" wrote:
> Hi,
> >Can you please provide a URL that I can use for
On Thu, Dec 15, 2011 at 6:58 AM, Det Det wrote:
> Hi,
>
> Thanks!
>
> Is there a way that I can set log level in RADIUS to make it log like when
> in debug mode? Coz I cannot trace exactly what causes the 'Invalid user' log
> in RADIUS. I have already confirmed that for this case it is not the
> p
On Wed, Dec 14, 2011 at 3:58 PM, Det Det wrote:
> Hi,
>
> Thanks!
>
> Is there a way that I can set log level in RADIUS to make it log like when
> in debug mode? Coz I cannot trace exactly what causes the 'Invalid user' log
> in RADIUS. I have already confirmed that for this case it is not the
> p
Hi,
Thanks!
Is there a way that I can set log level in RADIUS to make it log like when in
debug mode? Coz I cannot trace exactly what causes the 'Invalid user' log in
RADIUS. I have already confirmed that for this case it is not the password. So
now, I'm left to look into other causes.
than
Hi,
>Can you please provide a URL that I can use for reference?
what is it that you need or want? the RFC for 802.1X authentications
via the EAP methods? Is there a particular issue you are trying to resolve
here?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/us
Can you please provide a URL that I can use for reference?
Thanks
On Wed, Dec 14, 2011 at 4:24 PM, Alan Buxey wrote:
> Hi,
> >Does the SSID needs to match the common name of the certificate or it
> can
> >be an alternative subject?
>
> SSID has nothing to do with it - its the CN from th
Hi,
>Does the SSID needs to match the common name of the certificate or it can
>be an alternative subject?
SSID has nothing to do with it - its the CN from the RADIUS server that needs
to match in your 802.1X settings on the client
alan
-
List info/subscribe/unsubscribe? See http://www.f
Does the SSID needs to match the common name of the certificate or it can
be an alternative subject?
Thanks.
Angela
On Wed, Dec 14, 2011 at 11:42 AM, Angelica Delgado wrote:
> Thanks for the help, I will redo the certificates.
>
>
> On Wed, Dec 14, 2011 at 10:39 AM, Alan DeKok wrote:
>
>> Angel
On Wed, Dec 14, 2011 at 07:13:05PM +0100, Alan DeKok wrote:
> So submit a patch which implements accounting replication which (a)
> doesn't write to disk, and (b) is robust in the event of temporary
> process/system failures.
>
> I don't think you can satisfy both requirements at the same time
Florian Lohoff wrote:
> For most of my purposes i dont care about systems not available for a longer
> period as backend systems take care on synchronisation.
Then why replicate via RADIUS? Why not synchronise via the backend?
> In the past 15 years i have seen a lot of broken Radius implement
Thanks for the help, I will redo the certificates.
On Wed, Dec 14, 2011 at 10:39 AM, Alan DeKok wrote:
> Angelica Delgado wrote:
> > Does peap needs xpextensions
>
> YES. ALWAYS YES.
>
> > even though we are not using client
> > certficates? I got the certificate from Incommon cert service.
>
Hi,
On Wed, Dec 14, 2011 at 05:45:17PM +0100, Alan DeKok wrote:
> Florian Lohoff wrote:
> > A "duplicate" policy would be what i was looking for. Acknowledge the
> > packet to the sending NAS and sending requests to all final systems
> > and waiting for their acknowlegde.
>
> This can be done.
Florian Lohoff wrote:
> A "duplicate" policy would be what i was looking for. Acknowledge the
> packet to the sending NAS and sending requests to all final systems
> and waiting for their acknowlegde.
This can be done.
> A limit in queue or storage capacity
> would be acceptable e.g. max 1000 r
Angelica Delgado wrote:
> Does peap needs xpextensions
YES. ALWAYS YES.
> even though we are not using client
> certficates? I got the certificate from Incommon cert service.
So you didn't follow the instructions on how to create certificates,
and you didn't read the many documents which
Hi,
i'd like to forward accounting requests to multiple locations. We use radius
accounting not just for billing/accounting but also monitoring, tr069
configuration and other stuff so we need multiple locations to send the
information to.
I have found the home_server_pool stuff but the policys a
Does peap needs xpextensions even though we are not using client
certficates? I got the certificate from Incommon cert service.
Thanks.
On Wed, Dec 14, 2011 at 3:34 AM, Alan DeKok wrote:
> Angelica Delgado wrote:
> > I am using a certificate from incommon for eap/peap setup. It works
> with
On Wed, Dec 14, 2011 at 5:39 AM, Sušnik Rudolf wrote:
> Perhaps you may want delivering PIN to user's cellular over SMS. Anyway
> Freeradius seems not to be enough, at least you would need some external
> database and web server - both for creating and storing PINs. I did the task
> using FR, A
On Wed, Dec 14, 2011 at 6:08 PM, KatsuroKurosaki wrote:
>> What I meant was, AFTER you enable copy-acct-to-home-server and stuff,
>> have you ACTUALLY send an accounting packet to server A? If yes, it
>> SHOULD display some things (like writing to a detail file), and then
>> there should be a log
Hi Rudolf,
So it can be done, that's what I wanted to know really. I appreciate that all I
am going to get is dual-passwords (1 LDAP, 1 Pin) but this will lift the level
of security somewhat, and make it far harder to guess simple Username/Password
combinations.
Thanks,
Peter
> Perhaps you m
KatsuroKurosaki wrote:
> And this is what I'm trying to configure, server A send the packet to server
> B, and vice-versa. Server A won't handle all requests, for example, if we
> have 50 NASes, 25 will handle requests to server A and B as fail-over, and
> the other 25 will handle requests to serve
Ratnesh Sinha wrote:
> I require to simulate and test the RADIUS ACCESS_REQUEST message with
> PPAC, Update Reason & Service Type Parameters in the packet and
> ACCESS_ACCEPT with PPAQ(VQ/DQ, VT/DT). Any radius client which supports
> setting these two parameters and send ACCESS_REQUEST message
Hi,
I require to simulate and test the RADIUS ACCESS_REQUEST message with PPAC,
Update Reason & Service Type Parameters in the packet and ACCESS_ACCEPT with
PPAQ(VQ/DQ, VT/DT). Any radius client which supports setting these two
parameters and send ACCESS_REQUEST message & how to set the respons
Alan DeKok-2 wrote
>
> KatsuroKurosaki wrote:
>> I mean: while debugging ( /freeradius -X/ ) I have Server A as primary
>> and
>> server B as secondary (or back-up, fail-over,...). Then: I do a login
>> process, and Server A is running, I'm logged in with no problems, and
>> suddently server A fa
Perhaps you may want delivering PIN to user's cellular over SMS. Anyway
Freeradius seems not to be enough, at least you would need some external
database and web server - both for creating and storing PINs. I did the task
using FR, Apache and MySql. As I see, my concept is quite similar to Nick'
On Wed, Dec 14, 2011 at 5:15 PM, KatsuroKurosaki wrote:
> /[radutmp] expand: /var/log/freeradius/radutmp ->
> /var/log/freeradius/radutmp
> [radutmp] expand: %{User-Name} -> pruebas
> rlm_radutmp: Logout for NAS SurfLabs Phys port 2151677953, *but no Login
> record*
> ++[radutmp] return
KatsuroKurosaki wrote:
> I mean: while debugging ( /freeradius -X/ ) I have Server A as primary and
> server B as secondary (or back-up, fail-over,...). Then: I do a login
> process, and Server A is running, I'm logged in with no problems, and
> suddently server A fails (stopping the service). Then
Fajar A. Nugraha-2 wrote
>
> FR shouldn't print that. What do you mean it "prints on the screen"?
>
I mean: while debugging ( /freeradius -X/ ) I have Server A as primary and
server B as secondary (or back-up, fail-over,...). Then: I do a login
process, and Server A is running, I'm logged in wi
I'm not sure why the Simultaneus-use is so hard to setup...
1. turn on sql inside accounting section
2. turn on sql inside session section
3. be sure that NAS works properly (sending Interim-Updates)
4. insert Simultaneus-Use := X (where X is number you want to allow)
inside radcheck table..
ht
On Tue, Dec 13, 2011 at 6:16 PM, KatsuroKurosaki wrote:
> Then I need Accounting to be sync between servers A and B, because if server
> A fails, when Server B receives the request, prints on the screen "Received
> logout request, but no Login was received", and same happen on server A when
> serv
Angelica Delgado wrote:
> I am using a certificate from incommon for eap/peap setup. It works with
> Windows 7 when validate certificate is enabled but not with Windows XP.
> Windows XP works only without
> the certificate validation. Following is the error that I am getting with
> Windows XP
Толик Шавловский wrote:
> SQL doesn't SELECT COUNT(*) from radacct. Is this a problem of sql
> configuration?
You have been told many, many, times what is necessary for accounting
data to be put into SQL. *Weeks* later, you still don't understand.
We cannot help you if you refuse to read
tolik_shavlov...@mail.ru wrote:
> I just asked to indicate what exact is wrong, I supposed that maillist
> was created for such purposes.
The whole point of asking questions is to read the responses. You
have not been doing that.
The point of mailing lists is to help people who want help.
2011/12/14 Толик Шавловский :
> Dear Fajar,
>
> here is the debug:
Why on earth did you cut down the log?
As Alan said, you need the output of 'radius -X' - to show what
happens when 1 client connects and then tries to connect
simultaneously.
Your log only show ONE user connecting. And even from
Alan,
sorry for wasting your time. I said that i am new in FR and I understand that
problem is ME.
I just asked to indicate what exact is wrong, I supposed that maillist was
created for such purposes.
Again sorry, for waisting your time.
14 декабря 2011, 13:05 от "Alan DeKok-2 [via FreeRadiu
ss}%{NAS-Port-ID:}%{NAS-Port}}
-> 15f0e8167a1f7da83d358d77ecdc4f3e
(50) } # update request = ok
(50)- else else returns ok
(50) - policy acct_unique returns ok
(50) suffix : No '@' in User-Name = "user", looking up realm NULL
(50) suffix : No such realm "NULL"
(50
tolik_shavlov...@mail.ru wrote:
> i made everything from:
> - enable sql in accounting section of sites-available/default
> - enable sql in session section of sites-available/default (and
> sites-available/inner-tunnel, if you use EAP)
> - uncomment simul_count_query in sql /*/ dialup.conf
>
>
So what us your decoupled accounting using?
alan
--
Message may be brief as it has been sent from my mobile
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
'..but it doesn't work'
This is a meaningless statement without providing this list the important thing
to help you with, ie the output of 'radius -X' - to show what happens when 1
client connects and then tries to connect simultaneously. There is really no
point in just saying you've done xyz
On Wed, Dec 14, 2011 at 3:34 PM, tolik_shavlov...@mail.ru
wrote:
> Hi Fajar,
>
> i made everything from:
>
> - enable sql in accounting section of sites-available/default
> - enable sql in session section of sites-available/default (and
> sites-available/inner-tunnel, if you use EAP)
> - uncomment
Hi Fajar,
i made everything from:
- enable sql in accounting section of sites-available/default
- enable sql in session section of sites-available/default (and
sites-available/inner-tunnel, if you use EAP)
- uncomment simul_count_query in sql /*/ dialup.conf
but it doesn't work((
13 декабр
Alan DeKok-2 wrote
>
> Because you only have one server. Split the server into two
> processes. One listens on network sockets and writes to the detail
> file. It shouldn't do anything else. Another reads from the detail
> file and writes to SQL.
>
I think this might just work will try it
a...@netconnect.ro wrote:
> All is well when there's no load but at certain times it
> happens that one of the tables must be locked for 2 or 3 seconds
One response is to use a real database. Something as critical as a
database shouldn't lock for 2-3 seconds.
> (snapshot
> and purge on a memor
49 matches
Mail list logo