hi guys
i am having a hard time getting a post-proxy setup going.
we have a freeradius 2.1.8 server setup for a specific realm.
authentication requests are coming from a upstream provider (3g carrier)
onto our radius server. our radius server sends the authentication request
to another radius
On 2013-04-30 16:30, Alan DeKok wrote:
George Chelidze wrote:
We use rlm_ippool for pool management. Each pool is configured with 16K
addresses. About 10K are used in the peek time (per pool).
The DBM files underlying IP pools really aren't that scalable.
I believe we have almost reached
On 2013-04-30 14:17, stefan.pae...@diamond.ac.uk wrote:
Here's an entry from the archives where Alan (sort-of) suggests using
rlm_sqlippool to fix the same problem you're having:
http://lists.cistron.nl/pipermail/freeradius-users/2009-July/039544.html
SQL does appear to have better
We have configured FreeRadius 2.1.12 on RedHat ;
Requirement
==
In a given WiMax-Packet-Flow-Descriptor VSA, we want to have following multiple
WiMAX-Uplink-Classifier (attribute 9) as shown in the below packet capture:
WiMAX-Uplink-Classifier:
===
1. permit in ip
/127.0.0.1/detail-20130501
[detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/freeradius/radacct/127.0.0.1/detail-20130501
[detail]expand: %t - Wed May 1 09:58:20 2013
++[detail] returns ok
Sending CoA-Request of id 91 to 172.16.255.35 port 3799
Hi,
if you look at freeradius running in debug mode, you can see what bits of the
server are being hit and where you can do the required changes. so
post-proxy
would be okay - but you update the reply
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
If we configure the FreeRadius using the Master branch, we get the 2nd
Uplink-Classifier in the same VSA as expected (as shown in the first
packet capture)
so likely a bug fixed
For our production implementation, don't want to go to the master branch
if possible.
???
On Wed, May 1, 2013 at 11:15 AM, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
if you look at freeradius running in debug mode, you can see what bits of
the
server are being hit and where you can do the required changes. so
post-proxy
would be okay - but you update the reply
when running in
Hi,
why are you now talkign about users file? use unlang - as you originally
stated
and then update the reply
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
/detail-20130501
[detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/freeradius/radacct/127.0.0.1/detail-20130501
[detail]expand: %t - Wed May 1 09:58:20 2013
++[detail] returns ok
Sending CoA-Request of id 91 to 172.16.255.35 port 3799
sorry alan, perhaps I'm mixing up my examples in an attempt to get this
working...
1. where (or in which file) do I add the unlang code?
2. how do i update the reply?
I currently have the following code in my proxy-inner-tunnel file :-
post-proxy {
eap
if
On Tue, Apr 30, 2013 at 3:09 PM, gregoire.le...@retenodus.net wrote:
Hello,
It pretty much said that:
- you need to add an entry to radgroupcheck, so that when
Huntgroup-Name matches a value (site_a), an SQL group (site_a_admins)
will be assigned
- you add entries to radgroupreply to
Hi,
sorry alan, perhaps I'm mixing up my examples in an attempt to get this
working...
run your freeradius is full debug mode. LOOK at what is going on
1. where (or in which file) do I add the unlang code?
as you have
2. how do i update the reply?
by updating the reply
I
Nick Khamis wrote:
Thanks so much for your response. I can provide a specific example.
In the client we have defined:
modparam(acc, aaa_extra, Sip-From-Tag=$si;
Sip-To-Tag=$tt;
.
In the
Tyller D wrote:
The process I'm using is as follows. User connects to landing page,
landing page sends access-request to server with users details.
FreeRADIUS then sends a COA to the NAS to change the state and apply
attributes. However when FreeRADIUS gets the accounting-start packet, it
Cholleti, Hanumantha wrote:
Version 2.1.2 and 2.20
--
In both FreeRadius versions 2.1.2 and 2.20 on RedHat, the 2^nd
Uplink-Classifier (permit in ip src any dst any 69-65535 priority 3) is
showing up in a separate VSA on its own as shown below;
Yeah, that's an
It seems that the sql module of freeraedius does not support calls
to stored mysql procedures. Is this correct?
PS Sorry for the noise.
Cheers,
Nick
On 5/1/13, Alan DeKok al...@deployingradius.com wrote:
Nick Khamis wrote:
Thanks so much for your response. I can provide a specific example.
Nick Khamis wrote:
It seems that the sql module of freeraedius does not support calls
to stored mysql procedures. Is this correct?
No.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No calls to stored procedures do not work? Or no. that is not correct?
Thanks in Advance,
N.
On 5/1/13, Alan DeKok al...@deployingradius.com wrote:
Nick Khamis wrote:
It seems that the sql module of freeraedius does not support calls
to stored mysql procedures. Is this correct?
No.
Nick Khamis wrote:
No calls to stored procedures do not work? Or no. that is not correct?
Q: Is this correct?
A: No.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
When does the release of 2.21 come out? How about 3.0?
Thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Raithatha, Divyesh wrote:
When does the release of 2.21 come out? How about 3.0?
We hope to have both out by June.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I did some more debugging and I always seem to get a segfault at the same
place. Is there something I should be looking at on the LDAP backend?
[files] users: Matched entry DEFAULT at line 214
++[files] returns ok
[pap] Normalizing SSHA1-Password from base64 encoding
[pap] WARNING: Auth-Type
Chris Taylor wrote:
I did some more debugging and I always seem to get a segfault at the same
place. Is there something I should be looking at on the LDAP backend?
See doc/bugs
That should help.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
FYI...
-Original Message-
From:
freeradius-users-bounces+hanumantha.cholleti=viasat@lists.freeradius.org
[mailto:freeradius-users-bounces+hanumantha.cholleti=viasat@lists.freeradius.org]
On Behalf Of Alan DeKok
Sent: Wednesday, May 01, 2013 8:18 AM
To: FreeRadius users mailing
Thank you guys so much for your time.
Kind Regards,
N.
On 5/1/13, Alan DeKok al...@deployingradius.com wrote:
Nick Khamis wrote:
No calls to stored procedures do not work? Or no. that is not correct?
Q: Is this correct?
A: No.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
I have tried a few times but I can't get a core dump. After radius dies I run
gdb /usr/sbin/radiusd /tmp/core_dump/test.dump but I get the following output.
#
[root@on-radius01 core_dump]# gdb /usr/sbin/radiusd /tmp/core_dump/test.dump
GNU gdb (GDB) CentOS
On 05/01/2013 01:36 PM, Chris Taylor wrote:
I have tried a few times but I can't get a core dump. After radius dies I run gdb
/usr/sbin/radiusd /tmp/core_dump/test.dump but I get the following output.
#
[root@on-radius01 core_dump]# gdb /usr/sbin/radiusd
Thanks John, I am actually using the complied version rather than the RPM
package. I was finally able to get a core dump (a few actually), this was the
output.
I was the same failure everytime.
Thanks,
Chris
[root@on-radius01 tmp]# gdb /usr/sbin/radiusd
Nick Khamis wrote:
Thank you guys so much for your time.
If you care to look, good questions get good answers.
Bad questions get bad answers.
People who ask questions and ignore the answers get ignored in turn.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Chris Taylor wrote:
I have tried a few times but I can't get a core dump.
See doc/bugs. It contains instructions for debugging a live server.
If you can't get core dumps, use the instructions in Section 3 of that file.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
I really did not mean any trouble. I realize that I am not only too in
a hurry to read the proper documentation, but my questions also
reflect how rushed I want to get this part over with. Regardless of my
last comment, I realized that I should take a step back, go through
the documentation, and
Hi,
FYI...
huh? why did you repost this? we've just SEEN that info from Alan directly
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I did some more debugging and I always seem to get a segfault at the same
place. Is there something I should be looking at on the LDAP backend?
i'd like to knwo what you are doing, how you have this configured.and why
your server thinks '45270' or
'bradly' or SSHA encrypted, its
Hi Alan,
Thanks a lot for the quick response and putting in the fix under 2.x.x branch.
We configured the FreeRadius using this new 2.x.x branch from git;
The length of the AVP comes correct, but the 2nd classifier is showing in a
separate AVP.
Here is the packet capture (2.x.x git branch):
Cholleti, Hanumantha wrote:
Thanks a lot for the quick response and putting in the fix under 2.x.x branch.
It's what I do. :)
We configured the FreeRadius using this new 2.x.x branch from git;
The length of the AVP comes correct, but the 2nd classifier is showing in a
separate AVP.
Sorry my bad, was sharing the info with my internal team and accidently added
the users mail list.
Sorry again
-Hanu
Buxey Wrote:
huh? why did you repost this? we've just SEEN that info from Alan directly
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks a lot Alan for the quick response and change again :-).
The new fix works like charm :-). We see the 2 classifier in the same AVP.
Here is the packet capture:
AVP: l=125 t=Vendor-Specific(26) v=WiMAX(24757)
VSA: l=119
In my authorize section I am matching LDAP groups to set VLAN attributes as
such:
if (Ldap-Group == netCoreClass-IT) {
update reply {
Tunnel-Private-Group-Id:1 := 102
}
}
elsif (Ldap-Group == netCoreClass-engineering) {
hi,
..thats the startupand when a request comes in (the one that segfaults
the server.) ?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
elsif (Ldap-Group == netCoreClass-finance) {
update reply {
Tunnel-Private-Group-Id:1 := 124
}
}
Authentication is against Active Directory. So while a user may get
assigned to a VLAN based of
Thanks for the reply.
First, adding an else to the if statement doesn't really help. As that is
in the authorize section that simply queries AD via LDAP to check for
groups of the user. It uses an admin DN to bind and query, not the actual
user credentials (as this is a PEAP) request. So I
42 matches
Mail list logo