On 30 Jul 2012, at 01:04, Matthew Newton m...@leicester.ac.uk wrote:
On Sun, Jul 29, 2012 at 07:39:52PM +, Khapare Joshi wrote:
I see Acct-Status-Type = Interim-Update in my detail log. does it mean
Acct-Status-Type = Alive ?
No, it means Interim Update.
You get Start at the
Thanks for your answer.
i had ever added linelog under accounting section.
I'm gonna check if my NAS sends accounting packets by tcpdumping port 1813 on
my server.
From: a.cudba...@freeradius.org
Subject: Re: linelog and accounting informations
Date: Fri, 27 Jul 2012 15:51:55 +0100
To:
On Mon, Jul 30, 2012 at 07:50:01AM +0100, Arran Cudbard-Bell wrote:
Yes it means Alive. Is sometimes used as an alternate value for
for Acct-Status-Type 3. Not sure what the history behind that
is…
Apologies - you're right. I need to get back to reading
dictionaries before going to sleep :-)
Yes, I know this is really a Samba problem. I'm asking on this list
because I really feel that a number of the users of ntlm_auth, winbindd
are Radius admins.
This is in regards to the munged nt-key bug in Winbindd. Most of
the suggestions have been to simply upgrade Samba. From my reading,
So, I can't speak to everything, but I can tell you that I found somewhat of an
alternative to the Samba/Winbind setup that most folks run as stand-alone
packages.
We are an Ubuntu 12.04 LTS shop, and one of the packages we use for our Radius
servers is Likewise-open5. Rather than having to
On 30/07/12 16:14, Robert Roll wrote:
This is in regards to the munged nt-key bug in Winbindd. Most of
Are you referring to this bug:
https://bugzilla.samba.org/show_bug.cgi?id=6563
It looks to me like that bug has fallen into the weeds after being
thought fixed. My advice would be to
Yes, I do believe this is the bug in question.
I did find this yesterday and noticed that while
the problem may not happen 100% of the time,
There are reports of it still happening. Even as
late as version 3.5.10.. I am planning on
adding my incident to the list...
Thanks Much,
Robert
Hi,
We are running a freeradius 2.1.12 server for access to our wifi. The server
is configured to authenticate users through ldap back to our Novell Edirectory.
We are required to change our passwords every 6 months. The password change
occurs, but users are not prompted for this new
Jonathan Paul wrote:
We are running a freeradius 2.1.12 server for access to our wifi. The
server is configured to authenticate users through ldap back to our
Novell Edirectory. We are required to change our passwords every 6
months. The password change occurs, but users are not prompted
We're (again) close to releasing 2.2.0. This time for real.
In order to make the server more future-proof, I've made some changes
to the TTLS parser. This will solve issues in the long term. But it
needs more testing now.
Please try the git v2.1.x branch with various supplicants, and
Hello folks,
I am trying to devise the best way to configure a global blacklist in
freeradius.
In the current configuration, I am handling a number of different
authentication types with various virtual servers. For PEAP, I have integrated
active directory, and for the other services, I use
David Aldwinckle wrote:
Is it possible to do LDAP group checking in post-auth of the default server
even if the request is EAP?
Yes.
if (LDAP-Group == banned) {
reject
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks for your response, Alan.
I'll give that a shot.
Is it to correct to assume that the only additional thing I should need is to
uncomment ldap in the authorize stanza of the inner-tunnel? I would imagine
listing it after eap in the default server would have a large impact on
performance.
Hi,
I'm getting a segmentation fault when a user certificate is verified, OCSP is
switched on and OCSP responder does not set the next update.
Then in src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
the OCSP_resp_find_status returns null for nextupd and
ASN1_GENERALIZEDTIME_print(bio_out,
I was under the impression the following from 2.11 was what I was looking for:
Allow EAP-MSCHAPv2 to send error message to client. This change allows some
clients to prompt the user for a new password. See raddb/eap.conf, mschapv2
section, send_error.
I enabled that but am still not
Hi,
Allow EAP-MSCHAPv2 to send error message to client. This change allows
some clients to prompt the user for a new password. See raddb/eap.conf,
mschapv2 section, send_error.
you need to enable the function in the mschap module AND in the eap.conf
I'm not sure whether there was
Maja Wolniewicz wrote:
I'm getting a segmentation fault when a user certificate is verified,
OCSP is switched on and OCSP responder does not set the next update.
Then in src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
the OCSP_resp_find_status returns null for nextupd and
I have allow_retry = yes in /etc/raddb/modules/mschap
and
send_error = yes in the mschapv2 section of /etc/raddb/eap.conf
I am not seeing any change in behavior from the mac, it doesn't even prompt for
a new username/password so I must be missing something else
Jonathan
alan buxey
18 matches
Mail list logo