On 11 July 2013, at 15:24, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
On 11 Jul 2013, at 22:39, Doug Hardie bc...@lafn.org wrote:
On 11 July 2013, at 06:09, Fajar A. Nugraha l...@fajar.net wrote:
On Thu, Jul 11, 2013 at 7:28 PM, Arran Cudbard-Bell
a.cudba...@freeradius.org
Lovaas,Steven wrote:
Thanks, Adam... this got me looking at the right thing.
I had a mismatch between the type of the home_server localhost (auth), and
the attribute used in one of the realms pointing to the pool that references
that home server (pool, instead of auth_pool). Changing the
laurence.schuler wrote:
I'm trying to use mod_auth_radius(-2.0) with apache 2.4.4 and it does
not appear to be working properly. It complains:
[:warn] [pid 14690] AuthRadiusActive set, but no RADIUS server IP -
missing AddRadiusAuth in this context?)
When I have AuthRadiusAuth set, and I can
Analyser Great wrote:
I am trying to setup a configuration where network admins have access to
all devices and users have only access to cisco vpn. I don't wanna use
local user database since I already have Ldap to authorize and Kerberos
to authenticate.
How do you do this in your domain
Hi!
We have been running FreeRADIUS 2.1.12/dhcp module with success for long time
with FreeBSD 8.
Our DHCP perl script opens two file descriptors (per thread):
one for database connection TCP socket and one for syslog
(/var/run/log unix domain socket). With pool size consisting of 1000 threads,
On Fri, Jul 12, 2013 at 11:19:00AM +0200, Alan DeKok wrote:
Lovaas,Steven wrote:
Thanks, Adam... this got me looking at the right thing.
I had a mismatch between the type of the home_server localhost (auth), and
the attribute used in one of the realms pointing to the pool that
On 12/07/13 11:17, Eugene Grosbein wrote:
Please help. We need at least 1000 concurrent threads to deal with the load
here.
1000 threads is a crazy number. Can you explain why you think you need
that many? Are you doing very slow logic/lookups or something?
Anyway, the problem is almost
On Fri, Jul 12, 2013 at 11:24:54AM +0100, Matthew Newton wrote:
On Fri, Jul 12, 2013 at 11:19:00AM +0200, Alan DeKok wrote:
Lovaas,Steven wrote:
I had a mismatch between the type of the home_server localhost (auth),
and the attribute used in one of the realms pointing to the pool that
On 12.07.2013 17:17, Eugene Grosbein wrote:
Hi!
We have been running FreeRADIUS 2.1.12/dhcp module with success for long time
with FreeBSD 8.
Our DHCP perl script opens two file descriptors (per thread):
one for database connection TCP socket and one for syslog
(/var/run/log unix domain
On 12.07.2013 17:38, Phil Mayers wrote:
On 12/07/13 11:17, Eugene Grosbein wrote:
Please help. We need at least 1000 concurrent threads to deal with the load
here.
1000 threads is a crazy number. Can you explain why you think you need
that many? Are you doing very slow logic/lookups or
Eugene Grosbein wrote:
Forgot to mention that operating system's open files limit for freeradius is
over 11000.
And file descriptors are numbered starting from zero, so descriptor 1024 is
really 1025th.
radiusd works fine until it has descriptors 0-1023 only and breaks with
creation
of
On 12.07.2013 18:10, Alan DeKok wrote:
Eugene Grosbein wrote:
Forgot to mention that operating system's open files limit for freeradius is
over 11000.
And file descriptors are numbered starting from zero, so descriptor 1024 is
really 1025th.
radiusd works fine until it has descriptors
On 12/07/13 11:55, Eugene Grosbein wrote:
On 12.07.2013 17:38, Phil Mayers wrote:
On 12/07/13 11:17, Eugene Grosbein wrote:
Please help. We need at least 1000 concurrent threads to deal with the load
here.
1000 threads is a crazy number. Can you explain why you think you need
that many?
Eugene Grosbein wrote:
Extra sockets got opened just fine, I see that with lsof/fstat here.
OK. But I'm not aware of any change in any code which will limit the
number of sockets.
2.1.12 has not this issue with same Perl.
OK. The rlm_perl module changed. It added some locks to avoid
On 12.07.2013 19:07, Alan DeKok wrote:
Eugene Grosbein wrote:
Extra sockets got opened just fine, I see that with lsof/fstat here.
OK. But I'm not aware of any change in any code which will limit the
number of sockets.
2.1.12 has not this issue with same Perl.
OK. The rlm_perl
On 12.07.2013 18:39, Phil Mayers wrote:
Our database is powerful enough to deal with so many requests.
We may easily get that many requests and want to be able to process
them in parallel without needless queueing.
With respect, this is a pretty basic logic.
The figure of merit here is
Hi guys ,
i have a freeradius setup that works with ldap group authentication ,i also
need to configure the dynamic VLAN assignment , so i configured the
users file as fallows ,
DEFAULT Ldap-Group == cn=staff,ou=groups,dc=ldap,dc=example,dc=com
Tunnel-Type = VLAN,
On 12 Jul 2013, at 13:57, val john valjohn1...@gmail.com wrote:
Hi guys ,
i have a freeradius setup that works with ldap group authentication ,i also
need to configure the dynamic VLAN assignment , so i configured the users
file as fallows ,
DEFAULT Ldap-Group ==
On 12.07.2013 19:57, Alan DeKok wrote:
Eugene Grosbein wrote:
The problem is always reproducible and have obvious hard limit
correlating or consisting with number of open files.
I'm not sure what changes from 2.1.12 to 2.2.0 would cause that.
I understand. With one exception - we have
Hi guys ,
Small question , do i need to import radius ldap schema ( items like
radiusprofiles
) to our ldap server to get this VLAN assignment work
Thank You
john
On 12 July 2013 18:39, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
On 12 Jul 2013, at 13:57, val john
It seems to be last call for refactoring some of the user-visible
config items that are easier to change when bumping a major
rev number. The syntax for regexp-based realms has always
struck me as a bit hinky:
realm ~regexp\\.edu {
}
Would it require too much tokenization witchdoctoring to
Certainly!
Here's the complete proxy.conf, configured with the mismatch (line 6: type =
auth, and line 60: pool = csu-auth) such that FR exits before completely
loading in debug mode. Changing either of these to match (or just omitting that
pool definition and letting that realm be local)
Brian Julin wrote:
Would it require too much tokenization witchdoctoring to make:
realm /regexp\.edu/ {
}
...work?
No. We'll wait for 3.0.1, though.
Also I find a note in my config file comments about some regexp
availability in the hints file being in-transition and so not
to use
Hello!
I need some help with RADIUS regarding Wireless authentication with
RADIUS + LDAP.
I need to check if the user has permission to connect to a specific
SSID, so we check a LDAP attribute for that.
By that, we need to know from which SSID the authentication is being
requested so we
On 12.07.2013 17:03, Gustavo Vieira Oliveira wrote:
I need some help with RADIUS regarding Wireless authentication with
RADIUS + LDAP.
Hello. which version of freeradius are you running ?
I need to check if the user has permission to connect to a specific
SSID, so we check a LDAP attribute
I forgot to say that we use H-REAP so we do not authenticate it in the WLC
Atenciosamente,
Gustavo Vieira Oliveira
GETIC - Gerência de Tecnologia da Informação
SUSERV - Superintendência de Serviços Compartilhados
Sistema FIESC
Rod. Admar Gonzaga, 2765 - Itacorubi - 88034-001 - Florianópolis -
Olivier,
You don't need to set radius-server vsa send in the AP so it sends the
SSID in the authentication request?
Atenciosamente,
Gustavo Vieira Oliveira
GETIC - Gerência de Tecnologia da Informação
SUSERV - Superintendência de Serviços Compartilhados
Sistema FIESC
Rod. Admar Gonzaga,
Look at the requests coming from your AP in debug mode. You should see
information there that can be used eg called station id with SSID appended or a
VSA with the SSID name or number in it. Use that with your policy
alan
-
List info/subscribe/unsubscribe? See
If you were put off from contributing by learning git, this might work well for
you.
https://github.com/blog/1557-github-flow-in-the-browser
Arran Cudbard-Bell a.cudba...@freeradius.org
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
We got it working, the AP is sending the SSID with the calling station
ID but only setting radius-server vsa send in the Access-point.
The problem is that we have to do it manually (the Controller doesn't
support it) in the AP, so when it reboots for some reason it cannot
authenticate cause
On Fri, Jul 12, 2013 at 12:48:48PM -0300, Gustavo Vieira Oliveira wrote:
The problem is that we have to do it manually (the Controller
doesn't support it) in the AP, so when it reboots for some reason it
cannot authenticate cause the RADIUS doesn't receive the SSID. So,
we need an alternative
hi,
the radius servers on my network are receiving spikes of ACCESS-ACCEPT
traffic, I have been analysing traffic using tshark and noticed that some
of the ACCESS-ACCEPT sent from the server back to the client does not have
the AVP attributes set
below is an example
Frame 167 (62 bytes on wire,
Freradius Users,I have installed FreeRadius on CentOS 6.4 in VMWare
environment and I am pretty new to using something like FreeRadius. However
I have it on my virtual machine and it is running I am able to authenticate
against my Cisco 3550 Switch that is on my desk and connected to the
network.
On 12 Jul 2013, at 23:31, kyle woock kylewo...@gmail.com wrote:
Freradius Users,
I have installed FreeRadius on CentOS 6.4 in VMWare environment and I am
pretty new to using something like FreeRadius. However I have it on my
virtual machine and it is running I am able to authenticate
On Wed, Jul 10, 2013 at 6:34 PM, Olivier Beytrison
oliv...@heliosnet.org wrote:
On 10.07.2013 07:48, Olivier Beytrison wrote:
if ( ADSL-Agent-Remote-Id =~ /(.{0,31})$/ ) {
if ( ADSL-Agent-Remote-Id =~ /(.{1,32})$/ ) {
that's even better as it won't match an empty attribute (you never know
On 13 Jul 2013, at 00:14, Peter Lambrechtsen pe...@crypt.co.nz wrote:
On Wed, Jul 10, 2013 at 6:34 PM, Olivier Beytrison
oliv...@heliosnet.org wrote:
On 10.07.2013 07:48, Olivier Beytrison wrote:
if ( ADSL-Agent-Remote-Id =~ /(.{0,31})$/ ) {
if ( ADSL-Agent-Remote-Id =~ /(.{1,32})$/ ) {
On Sat, Jul 13, 2013 at 11:36 AM, Arran Cudbard-Bell
a.cudba...@freeradius.org wrote:
On 13 Jul 2013, at 00:14, Peter Lambrechtsen pe...@crypt.co.nz wrote:
On Wed, Jul 10, 2013 at 6:34 PM, Olivier Beytrison
oliv...@heliosnet.org wrote:
On 10.07.2013 07:48, Olivier Beytrison wrote:
if (
37 matches
Mail list logo
