Re: Response-Packet-Type == Access-Challenge

2013-08-07 Thread Dominique Frise
On 08/06/2013 05:29 PM, Alan DeKok wrote: Dominique Frise wrote: Is there any other flag/function that would indicate that an Access-Challenge packet was received from the NAS? A NAS will NEVER send an Access-Challenge to the server. A proxy will receive an Access-Challenge from a home

Re: Response-Packet-Type == Access-Challenge

2013-08-07 Thread Arran Cudbard-Bell
On 7 Aug 2013, at 07:51, Dominique Frise dominique.fr...@unil.ch wrote: On 08/06/2013 05:29 PM, Alan DeKok wrote: Dominique Frise wrote: Is there any other flag/function that would indicate that an Access-Challenge packet was received from the NAS? A NAS will NEVER send an

Re: Response-Packet-Type == Access-Challenge

2013-08-07 Thread Olivier Beytrison
On 07.08.2013 08:51, Dominique Frise wrote: Did a fresh install from http://github.com/FreeRADIUS/freeradius-server/tree/v2.x.x ./radiusd -v radiusd: FreeRADIUS Version 2.2.1 (git #12be9f6), for host x86_64-unknown-linux-gnu, built on Aug 6 2013 at 21:51:33 Copyright (C) 1999-2013 The

Re: Response-Packet-Type == Access-Challenge

2013-08-07 Thread Arran Cudbard-Bell
On 7 Aug 2013, at 09:35, Olivier Beytrison oliv...@heliosnet.org wrote: On 07.08.2013 08:51, Dominique Frise wrote: Did a fresh install from http://github.com/FreeRADIUS/freeradius-server/tree/v2.x.x ./radiusd -v radiusd: FreeRADIUS Version 2.2.1 (git #12be9f6), for host

Re: returning a HEX String as a HEX String (bit string) instead of the decimal equivalent - FreeRADIUS 2.1.10

2013-08-07 Thread Alex Sharaz
Works here just fine. Once you've created the correctly formatted value for the radius attribute FR displays it as an integer but whatever happens in the background the HP switch just does its stuff Rgds A Sent from my iPhone On 6 Aug 2013, at 00:39, Andy a...@brandwatch.com wrote: Hello,

Re: returning a HEX String as a HEX String (bit string) instead of the decimal equivalent - FreeRADIUS 2.1.10

2013-08-07 Thread Arran Cudbard-Bell
On 7 Aug 2013, at 10:56, Alex Sharaz alex.sha...@york.ac.uk wrote: Works here just fine. Once you've created the correctly formatted value for the radius attribute FR displays it as an integer but whatever happens in the background the HP switch just does its stuff Yes the HP switch

Re: returning a HEX String as a HEX String (bit string) instead of the decimal equivalent - FreeRADIUS 2.1.10

2013-08-07 Thread Alan DeKok
Arran Cudbard-Bell wrote: I'm honestly not entirely sure why the freeradius dictionary has the attribute as an unsigned int That's what the RFCs say. And the server doesn't really have a way of packing arbitrary structures from attributes. Alan DeKok. - List info/subscribe/unsubscribe?

Re: returning a HEX String as a HEX String (bit string) instead of the decimal equivalent - FreeRADIUS 2.1.10

2013-08-07 Thread Arran Cudbard-Bell
On 7 Aug 2013, at 13:46, Alan DeKok al...@deployingradius.com wrote: Arran Cudbard-Bell wrote: I'm honestly not entirely sure why the freeradius dictionary has the attribute as an unsigned int That's what the RFCs say. And the server doesn't really have a way of packing arbitrary

RE: returning a HEX String as a HEX String (bit string) instead ofthe decimal equivalent - FreeRADIUS 2.1.10

2013-08-07 Thread Franks Andy (RLZ) IT Systems Engineer
Hi, Just agreeing with Arran really, we've got 5406 procurve switches, which I believe are similar in software terms to the 2910s and we do the unlang string Arran has presented here : update reply { Egress-VLANID += %{expr:822083584 + %{Tagged-VID}} } It works fine, although that may

Talloc sanity error (3.0 release branch, reproxying from PEAP inner tunnel)

2013-08-07 Thread Brian Julin
I finally got around to trying some RC code (the release_branch_3.0.0 on github) on our production configurations, after a bit of massaging got them looking like they were working, but not so much the one that re-proxies the inner tunnel contents to an internal server after unwrapping EAP-PEAP:

Re: returning a HEX String as a HEX String (bit string) instead of the decimal equivalent - FreeRADIUS 2.1.10

2013-08-07 Thread Andy
Thank you everyone so much :) Wow, what a great list :D OK. First, you're not doing PPP, remove the default entries in the users file for Framed-Protocol and Framed-Compression. I have commented this out now. And again thank you for your wireshark capture, and perfect explanations of the

Re: Talloc sanity error (3.0 release branch, reproxying from PEAP inner tunnel)

2013-08-07 Thread A . L . M . Buxey
Hi, peap { default_eap_type = mschapv2 proxy_tunneled_request_as_eap = yes copy_request_to_tunnel = no use_tunneled_reply = yes tls = eduroam-eap-tls } okay Any request that tries to go to the proxy causes this to happen: Wed Aug 7 11:57:35 2013 :

RE: Talloc sanity error (3.0 release branch, reproxying from PEAP inner tunnel)

2013-08-07 Thread Brian Julin
a.l.m.bu...@lboro.ac.uk [a.l.m.bu...@lboro.ac.uk] wrote: how did you configure the server...from scratch or copy pasting bits over from a 2.x ? It's a mongrel, not an alteration of fresh 3.0. It was working on a pre-talloc 3.0 development branch. does this 'eap' module use its own