On 2 Jul 2013, at 19:28, Ti Leggett wrote:
> I'm not seeing a spin lock, but I'm running a 2.2.1 branch version that I
> believe you pointed me at to fix an rlm_krb5 issue I was seeing earlier this
> year. Is there an update for that branch or should I be moving to some other
> version/branch
Ti Leggett wrote:
> Well sure. I figured it was in my local configuration, but is there any other
> debugging I can do to help me pinpoint what may be going on since, as you
> said, from the debug logs everything looks correct? Disabling the script will
> give me a working installation but not a
I'm not seeing a spin lock, but I'm running a 2.2.1 branch version that I
believe you pointed me at to fix an rlm_krb5 issue I was seeing earlier this
year. Is there an update for that branch or should I be moving to some other
version/branch?
On Jul 2, 2013, at 1:03 PM, Arran Cudbard-Bell
wr
Well sure. I figured it was in my local configuration, but is there any other
debugging I can do to help me pinpoint what may be going on since, as you said,
from the debug logs everything looks correct? Disabling the script will give me
a working installation but not a usable one in our environ
On 2 Jul 2013, at 18:51, Alan DeKok wrote:
> Ti Leggett wrote:
>> I'm not sure how the script could be blocking the server after it's already
>> ran and returned the updated packet so the proxying can take place which
>> does happen:
>
> I don't know. All I know is that the default configur
Ti Leggett wrote:
> I'm not sure how the script could be blocking the server after it's already
> ran and returned the updated packet so the proxying can take place which does
> happen:
I don't know. All I know is that the default configuration doesn't
have child threads blocking when sending
I'm not sure how the script could be blocking the server after it's already ran
and returned the updated packet so the proxying can take place which does
happen:
• rlm_perl: Changing User-Name: legg...@yubiauth.mcs.example.com
• rlm_perl: Added pair NAS-Port-Type = Virtual
Ti Leggett wrote:
> Tue Jul 2 10:39:04 2013 : Error: WARNING: Unresponsive child for request 0,
> in component module
Fix your scripts so that they don't block the server.
> The upstream server does get the request, send the reject back to the proxy
> and the proxy receives the reject but
I have a setup where we have three distinct OTP services, one by the
organization and 2 specific to our group. Users can choose which service they
want to use and this is done by membership in a netgroup (an rlm_perl script
looks up the user to see what netgroup they belong to). We have proxy se
On 2 Jul 2013, at 12:19, Arran Cudbard-Bell wrote:
>
> On 2 Jul 2013, at 12:15, Arran Cudbard-Bell wrote:
>
>>
>> On 2 Jul 2013, at 11:57, Phil Mayers wrote:
>>
>>> On 02/07/13 11:37, Arran Cudbard-Bell wrote:
On 2 Jul 2013, at 08:53, Phil Mayers
wrote:
> On 07/0
On 2 Jul 2013, at 12:15, Arran Cudbard-Bell wrote:
>
> On 2 Jul 2013, at 11:57, Phil Mayers wrote:
>
>> On 02/07/13 11:37, Arran Cudbard-Bell wrote:
>>>
>>> On 2 Jul 2013, at 08:53, Phil Mayers
>>> wrote:
>>>
On 07/02/2013 07:52 AM, Arran Cudbard-Bell wrote:
> This may work
On 2 Jul 2013, at 11:57, Phil Mayers wrote:
> On 02/07/13 11:37, Arran Cudbard-Bell wrote:
>>
>> On 2 Jul 2013, at 08:53, Phil Mayers
>> wrote:
>>
>>> On 07/02/2013 07:52 AM, Arran Cudbard-Bell wrote:
>>>
This may work for 2.x.x but definitely wont't work for 3.0 which
uses direct
Hi,
> We have a generic VPN profile that we'd like to allow *all* users to
> login to - this works well.
>
> When users login to the "secret" profile, then the following VPN
> attribute is included in the request:
>
> Vendor-3076-Attr-146 = 0x554d44
use/load the dictionary.cisoc.vpn3000 diction
On 02/07/13 11:37, Arran Cudbard-Bell wrote:
On 2 Jul 2013, at 08:53, Phil Mayers
wrote:
On 07/02/2013 07:52 AM, Arran Cudbard-Bell wrote:
This may work for 2.x.x but definitely wont't work for 3.0 which
uses direct DICT_ATTR pointer comparisons in some places (instead
of comparing vendor/a
On 2 Jul 2013, at 08:53, Phil Mayers wrote:
> On 07/02/2013 07:52 AM, Arran Cudbard-Bell wrote:
>
>> This may work for 2.x.x but definitely wont't work for 3.0 which uses
>> direct DICT_ATTR pointer comparisons in some places (instead of
>> comparing vendor/attribute number).
>
> So... what *c
On 07/02/2013 07:52 AM, Arran Cudbard-Bell wrote:
This may work for 2.x.x but definitely wont't work for 3.0 which uses
direct DICT_ATTR pointer comparisons in some places (instead of
comparing vendor/attribute number).
So... what *can* you do with Vendor-X-Attr-Y?
-
List info/subscribe/unsubs
On 07/02/2013 07:56 AM, Ming-Ching Tiew wrote:
So this [^@]*@wlan.mncX.mccY.3gppnetwork.org is unique ? All the SIMs
from the same mobile operator will have the same string and it will be
different from another mobile operator ?
Yes, though be aware the pattern given isn't exactly valid; X and
Hi
I'll see if I can send through some dictionary file entries later today
Alan
This smartphone uses eduroam which gives me free WiFi around the world. Now
thats what I call smart!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
From: Iliya Peregoudov
To: freeradius-users@lists.freeradius.org
Sent: Tuesday, July 2, 2013 2:20 PM
Subject: Re: Using freeradius as proxy for EAP-SIM/EAP-AKA
On 01.07.2013 18:34, Alan DeKok wrote:
>>> It's not possible for one proxy radius to send request to different EAP
>>> SIM/EAP AKA
On 2 Jul 2013, at 07:41, Arran Cudbard-Bell wrote:
>
> On 2 Jul 2013, at 07:18, Phil Mayers wrote:
>
>> On 07/02/2013 02:30 AM, Matt Zagrabelny wrote:
>>
>>> If a user is not in the secret group, then their login should fail if
>>> the Vendor-3076-Attr-146 = 0x554d44 pair is in the request.
20 matches
Mail list logo
