Phil Mayers wrote:
http://bugs.python.org/issue4434
Warning: reading that bug will make you either sad or angry.
Probably both.
Use the static library, closing NOTABUG. Sigh.
I believe it's fixed in Python 2.7.
In my code, I worked around it by dlopen()ing libpython, as per the 1st
Fajar A. Nugraha wrote:
I can't speak for the Tom, but there are legitimate use cases for this.
They're getting more rare.
For example, currently FR does not have limit for a particular virtual
server, port, or purpose (i.e. auth vs acct); everything uses the same
server thread pool. There
On Wed, May 16, 2012 at 1:53 PM, Alan DeKok al...@deployingradius.com wrote:
The solution is to split the DB into two pools. One for accounting
(read/write), and another for authentication (read-only). You can
provision 50 sockets for acct auth, then 100 threads. After that, a
blocked
Fajar A. Nugraha wrote:
Interesting idea. So use the number of db threads to somewhat limit
max number of server threads used for accounting?
Yes.
In our implementation we ended up going with decoupled accounting
instead, which pretty much serialize accounting load to db to the
number of
Hello everyone,
It can be a little weird to ask this question, if it is I am sorry but is
there any way to clone the FR application with everything related to another
machine with same OS?
If I am using FR on my centos and I want to install FR to another centos
with the exactly same configs.
Jan Hugo Prins wrote:
So, far all the packets going from the radius server to the DC contain
the user-name and the packets coming from the Aruba to the radius server
also contain the username, so that seems to be ok for now.
That's good.
The problem I'm now facing is that I don't seem to
Hello Guys.
As I said everything works fine, just I have a problem with session timeout.
User doesn't get kick when his times expires.
From other topics and post I saw , that this row looks correct:
update reply {
Session-Timeout := %{expr:%{Resv-End-Time} - %{Resv-Cur-Time}}
}
Could
On 16/05/12 12:52, jomajo wrote:
Hello Guys.
As I said everything works fine, just I have a problem with session timeout.
User doesn't get kick when his times expires.
From other topics and post I saw , that this row looks correct:
update reply {
Session-Timeout :=
On 16/05/12 12:16, Jan Hugo Prins wrote:
Does anyone have an idea what problem I'm facing here?
Wild guess - set copy_request_to_tunnel = yes on your EAP method(s).
The outer packets contain (amongst others):
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = 0023144E6060
I think NAS supports it. Session timeout is working without a problem with
Login-Time RLM.
Sorry, but how could I confirm that? (logs?)
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Unix-TimeStamp-Based-Login-tp5708187p5710798.html
Sent from the FreeRadius - User
On 16/05/12 13:23, jomajo wrote:
I think NAS supports it. Session timeout is working without a problem with
Login-Time RLM.
Sorry, but how could I confirm that? (logs?)
Run it under debug.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thank you guys! Phil, your check script works perfectly.
Maybe 1.1.8 will behave better. But even if it doesn't, as long as the
cluster layer detects it and reacts, it's fine by me.
Regards,
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi...
i need to configure the freeradius with mschap (need to specify the
ntlm_auth file path in modules/mschap and modules/ntlm_auth files) , but
i cant find the ntlm_auth file in my OS ,
is it coming with freeradius or we have to install it separately .
Thank you
John
-
List
Please note that im using Debian as OS
Thank You
John
On 16 May 2012 19:57, val john valjohn1...@gmail.com wrote:
Hi...
i need to configure the freeradius with mschap (need to specify the
ntlm_auth file path in modules/mschap and modules/ntlm_auth files) , but
i cant find the ntlm_auth
val john wrote:
i need to configure the freeradius with mschap (need to specify the
ntlm_auth file path in modules/mschap and modules/ntlm_auth files) ,
but i cant find the ntlm_auth file in my OS ,
is it coming with freeradius or we have to install it separately .
You have to install
On 16/05/12 15:27, val john wrote:
Hi...
i need to configure the freeradius with mschap (need to specify the
ntlm_auth file path in modules/mschap and modules/ntlm_auth files) ,
but i cant find the ntlm_auth file in my OS ,
is it coming with freeradius or we have to install it separately .
Hi,
i need to configure the freeradius with mschap (need to specify the
ntlm_auth file path in� modules/mschap� and modules/ntlm_auth files) ,
but i cant find the ntlm_auth file in my OS ,
is it coming with freeradius or we have to install it separately .
its part of SAMBA. you
i cant find the ntlm_auth file in my OS ,
is it coming with freeradius or we have to
install it separately .
It's part of Samba. A simple google search for ntlm_auth
would have answered that question for you.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
We have 2 SSL Certs for two SSID (802.1x). How can my freeradius server
present wifi clients the cert based on SSID? Should I have two eap.conf?
Thanks,
CF
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -
/var/log/freeradius/radacct/10.0.0.100/auth-detail-20120516
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/freeradius/radacct/10.0.0.100/auth-detail-20120516
[auth_log
On 16/05/12 16:32, jomajo wrote:
I add update reply { Session-Timeout := %{expr:%{Resv-End-Time} -
%{Resv-Cur-Time}}
into authentication and post-auth sections.
User can login at this time , but the session-timeout says ++[reply]
returns notfound :
That's irrelevant. Ignore it.
Sending
On 16/05/12 16:29, C.F. Yeung wrote:
We have 2 SSL Certs for two SSID (802.1x). How can my freeradius server
present wifi clients the cert based on SSID? Should I have two eap.conf?
Yes. Configure the two eap modules with different names e.g.
eap eap_cert1 {
...
}
eap eap_cert2 {
...
}
Dear Phil,
my NAS understands that (I'm using cisco 2811 router). Session timeout as I
said is working correctly with Login-Time module.
Maybe I am missing something on freeradius configuration?
--
View this message in context:
Good news!
Yes, there was a problem with my NAS :)
Before (with this one row session-timeout doesn't work ) :
aaa authentication login default group radius
If you add this row :
aaa authentication login default group radius
aaa authorization exec default group radius
Session-timeout works :)
On Wed, May 16, 2012 at 03:54:03AM -0700, yagizozen wrote:
It can be a little weird to ask this question, if it is I am sorry but is
there any way to clone the FR application with everything related to another
machine with same OS?
tar, dump/restore, rsync, cfengine, csync2 ?
There's plenty
Why? 2.1.1 was released almost 4 years ago.
This is the version that is supplied with SuSE and needs to be
managed via their patch channel, so I am required to use this version.
Well, it should work. It works for me in my testing.
I'll continue to troubleshoot. I wasn't
I have added a new eap_new with the other cert in eap.conf and tried the
unlang policy. But, it still goes to my existing eap/cert. MAC address and
IP are masked by x.
+- entering group authorize {...}
++? if (Called-Station-Id == xx-xx-xx-xx-xx-xx:eduroam)
? Evaluating (Called-Station-Id ==
I have a couple of users who have unknown usernames and passwords. They are
also using EAP-TTLS for authentication. Is there a way to automatically
authenticate all of them and if so, can I also send the Framed-Filter-Id
attribute with the authentication response as if the user were truly
Thank You for your reply but when I use tar which folder/files I should
backup? May be FR files are distributed under many different folders, how
can I succeed a error-less and guarentee backup of FR application?
--
View this message in context:
We have 802.1x authentication via AD. It's okay. Now, we would like to
reject users based on LDAP attribute, WLANStatus. Added attribute in
dictionary and ldap.attrmap as follow. Where should I put the unlang?
/etc/raddb/dictionary
ATTRIBUTE My-Local-wlanStatus 3000string
30 matches
Mail list logo
