Re: VLAN assignment to HP Switch with 802.1x client

2013-08-09 Thread Iliya Peregoudov
On 08.08.2013 19:16, Shaw, Colin M. wrote: [peap] Using saved attributes from the original Access-Accept User-Name = "testx" [peap] Saving response in the cache Your inner-tunnel virtual server returns only User-Name attribute in Access-Accept. Configure your inner-tunnel virtual serv

Re: Multiple policy files

2013-08-09 Thread Arran Cudbard-Bell
On 9 Aug 2013, at 10:40, Jonathan Gazeley wrote: > For a while I've been using FreeRADIUS with a set of includes.d-style > directories that I can drop modules, virtual sites, etc into. This works well > - until today. So far I've only had one included policy file in use, and the > stock poli

Re: Multiple policy files

2013-08-09 Thread Jonathan Gazeley
On 09/08/13 10:52, Arran Cudbard-Bell wrote: Whilst making up features is a fun pastime it's not very productive. There is one global policy section at the top level. Virtual servers do not have different policy name spaces. Hi Arran, Thanks for this. So you're saying that there can only be

Re: Multiple policy files

2013-08-09 Thread Matthew Newton
On Fri, Aug 09, 2013 at 11:05:47AM +0100, Jonathan Gazeley wrote: > On 09/08/13 10:52, Arran Cudbard-Bell wrote: > >Whilst making up features is a fun pastime it's not very productive. > > > >There is one global policy section at the top level. Virtual servers do not > >have different policy name

Re: Multiple policy files

2013-08-09 Thread A . L . M . Buxey
Hi, > Thanks for this. So you're saying that there can only be one policy > {} section in the whole server, and if I wish to load two sets of > policies I will have to merge the two files? each policy has its own name/tag - in FR 3, there is a policy.d directory in which policy files get put...ea

Re: Multiple policy files

2013-08-09 Thread Jonathan Gazeley
On 09/08/13 11:18, Matthew Newton wrote: On Fri, Aug 09, 2013 at 11:05:47AM +0100, Jonathan Gazeley wrote: On 09/08/13 10:52, Arran Cudbard-Bell wrote: Whilst making up features is a fun pastime it's not very productive. There is one global policy section at the top level. Virtual servers do

Re: Configuring the DHCP module to forward request to another Radius server.

2013-08-09 Thread Fabrice-externe SEGURA
Hi. Your approach (use an external script) finally worked It's definitely a hack, as I discovered that Linuxes don't do any DHCP-Release (and I expected to send a radius acct stop at this point). Nevertheless, it will help me to emulate a mobile operator network behaviour, when a machine conne

Re: Configuring the DHCP module to forward request to another Radius server.

2013-08-09 Thread Arran Cudbard-Bell
On 9 Aug 2013, at 15:35, Fabrice-externe SEGURA wrote: > Hi. > > Your approach (use an external script) finally worked > > It's definitely a hack, as I discovered that Linuxes don't do any > DHCP-Release (and I expected to send a radius acct stop at this point). > Nevertheless, it will he

Re: Configuring the DHCP module to forward request to another Radius server.

2013-08-09 Thread Alan DeKok
Fabrice-externe SEGURA wrote: > A word on documentation however : It's quite an understatement to say > that it can be improved. We've had ~15 years of people complaining about this. So far, contributions have been sporadic. Doing documentation takes a concerted effort, and commitment. It's

RE: Talloc sanity error (3.0 release branch, reproxying from PEAP inner tunnel)

2013-08-09 Thread Brian Julin
Alan DeKok wrote: > Well... I tried it, and I didn't see any errors. > Can you check that you're really running a *stock* binary, and a > *stock* configuration? Attached is a recipe for how I replicated it (and another doublefree) on a clean system. 1) started on a fresh system that had

Re: Talloc sanity error (3.0 release branch, reproxying from PEAP inner tunnel)

2013-08-09 Thread Arran Cudbard-Bell
On 9 Aug 2013, at 16:14, Brian Julin wrote: > > Alan DeKok wrote: > >> Well... I tried it, and I didn't see any errors. > >> Can you check that you're really running a *stock* binary, and a >> *stock* configuration? > > Attached is a recipe for how I replicated it (and another doublefree) on

Re: Talloc sanity error (3.0 release branch, reproxying from PEAP inner tunnel)

2013-08-09 Thread Arran Cudbard-Bell
On 9 Aug 2013, at 16:27, Arran Cudbard-Bell wrote: > > On 9 Aug 2013, at 16:14, Brian Julin wrote: > >> >> Alan DeKok wrote: >> >>> Well... I tried it, and I didn't see any errors. >> >>> Can you check that you're really running a *stock* binary, and a >>> *stock* configuration? >> >> Att

RE: VLAN assignment to HP Switch with 802.1x client

2013-08-09 Thread Shaw, Colin M.
> > You could move "files" above "eap" but IMO it's better (cleaner, more > obvious) to run this in post-auth like so: > > authorize { >... >eap { > ok = return >} >... > } > post-auth { >... >files >... > } > > Note that you'll need to set the "postauth_usersfile"