Hi,
> 00-17-f2-ea-b1-3eUser-Password=="00-17-f2-ea-b1-3e"
> Calling-Station-Id=="00-17-f2-ea-b1-3e",
> NAS-IP-Address = 82.182.120.201,
> Called-Station-Id = "00-20-a6-6f-93-bf:My Wireless Network A"
>
> 00-17-f2-ea-b1-3eUser-Password=="verysecret"
>
Hi,
> I think that I did just some changes describes in the document with the
> files:
> the users file: it is original (I delete the testing entry used "user
> Auth-Type := ntlm_auth");
> the radisud.conf file: it is original with following changes:
> 1) the command "ntlm_auth" in the "aut
Hi,
> OMG! Im so sorry Alan - that was too easy (and im a noob). If i ever
> walk by your house you can get a free shot at me. : )
as a resident of nottingham , UK, my neighbours might get their shot
off first! ;-)
> Many thx again A - you'r the man, as always.
I'm guessing it worked then? ;-
Hi,
> User-Name = "ComputerName\\Username"
> User-Password = "Password"
>
> FreeRADIUS expects the request(s) like this.
>
> User-Name = "Username"
> User-Password = "Password"
>
> How do I get FreeRADIUS to ignore the \\ComputerName prefix?
use the prefix module etc - and use Stripped-User-Na
Hi,
> We're running FR to authenticate users on our wireless network. It appears
> that radius is randomly stopping/crashing. I have checked logs, but have
> been unable to locate the problem and am wondering if someone could point me
> in a good location to look for reasons for the failure.
vers
Hi,
> NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 0
> rlm_eap: No EAP-Message, not doing EAP
> modcall[authorize]: module "eap" returns noop for request 0
> users: Matched entry DEFAULT at line 154
> modcall[authorize]: modu
Hi,
you are aware of what your logs are saying by the way?
> rlm_eap: Ignoring EAP-Type/tls because we do not have OpenSSL support.
> rlm_eap: Ignoring EAP-Type/ttls because we do not have OpenSSL support.
> rlm_eap: Ignoring EAP-Type/peap because we do not have OpenSSL support.
you built freera
Hi,
> The document you gave is good, except for the client certificate part. I
> don't want to have to give certificates out to everyone on my wireless
> network. Is there a way to get around this?
err no. EAP-TLS uses client and server certificates. if you want to use
just the server cert then
Hi,
> network, mac & xp. I wouldn't mind using plain text passwords if that could
> be forced. The only configurations that get close to working get as far as
> machapv2, then fail because of no nt/lm password. If I could use the
> password from my ldap connection which seems to be working nice
Hi,
> I am running FR version 1.1.7 along with OpenSSL 0.9.8c on Debian.
> Authentication from XP works flawlessly and from what I have been able to
> tell from, with these versions I should be able to have Vista do
> PEAP/MSChapv2 authentication via Freeradius. However, it still seems that
> Vist
Hi,
>
> Hi,
>
> I do have a question about the proxy reply attribute.
> Where should i set/change the attribute like Session-Timeout and Idle-Timeout
> after the proxy authentication accepted?
wherever you set replies eg post-proxy could fire up an SQL query or
Perl script. you could also u
Hi,
> 1.If I enter service radiusd reload command in linux than freeradius
> process dead.
> 2.Sometime, I enter radtest command than no response from service
> (process was running in that time)
> 3.After I install mod_auth_radius to apache and configure complete but
> apache can't co
Hi,
> ** High Priority **
> ** Reply Requested When Convenient **
What? This isnt a paid-for service. answers given on this mailing list
are given in community spirit. however, should you wish to take
any of us on in a consulting role for usual financial reimbursements
under contractual agreement
Hi,
> I feel really stupid now...
>
> i insert in users file:
>
> myuser Cleartext-Password := "somepass"
>
> run freeradius -X
>
> /etc/freeradius/users[219]: Parse error (check) for entry myuser: Unknown
> attribute "Cleartext-Password"
sounds like you are running an ol dversion. you wi
Hi,
> network={
> ssid="eduroam"
> scan_ssid=1
> proto=WPA
> key_mgmt=WPA-EAP
> pairwise=TKIP
> eap=TTLS
> identity="[EMAIL PROTECTED]"
> password="mycorrectpassword"
> ca_cert="/etc/wpa_supplicant/ca.uni.opole.pl.pem"
>
hi,
you say EAP-TTLS but the logs clearly show PEAP going on - does
the windows box have the CA of your signed cert?
PS users file,
test Cleartext-Password := "testpassword"
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
>
> Hi all,
>
>
> I'm running FreeRADIUS Version 1.1.3, I need to configure freeradius for ONLY
> receiving radius accounting packets and saving these on a file and if
> possible saving the information in a database using postgresql.
> Can any anyone give me an overview of what i need to d
Hi,
> After the supplicant authenticated successfully from the FreeRadius server,
> my notebook fails to obtain an IP address from the Access Point (router) and
> end up getting a 169.254.198.216 IP address.
>
> here is my setup :
> Supplicant = WIRE1x ( a windows port of Open 1x )
> Authen
hi,
you seem to be using the system auth. if you dont want to
use that (and i'm sure you dont) remove the line from
users that is matching it. looks possible something like
DEFAULT Auth-Type := System
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> It works w/o EAP. I can do a radtest with a valid userid and password
> on the kerberos server and get authorized (and not get authorized with
> bad information).
right
> I can get EAP-TTLS to work if I put a user and a password in the radius
> users file but that's not what we want.
Hi,
> I use freeradius-1.0.4-1.FC4.1 version in a PC Linux Fedora Core 4.
I wont even bother starting with the upgrade to 1.1.7 stuff. if you want to run
buggy older and insecure versions then thats YOUR choice.
> carlos Auth-Type := EAP, User-Password == "carlos"
> Service-Type = Fr
Hi,
> We had one of our MAC-auth radius server instances hang up with this
> error at about 0200 this morning.
>
> That server receives pretty heavy load, and it's bursty, so we see this
> a couple of times a day:
>
> The maximum number of threads (32) are active, cannot spawn new thread
> to ha
Hi,
> Hi,
> I use freeradius-1.0.4-1.FC4.1 version in a PC Linux Fedora Core 4. I
> form the file uses:
>
> lucy Auth-Type := EAP, User-Password == "lucy"
> Service-Type = Framed-User,
> Tunne-type = VLAN,
> Tunnel-medium-type = IEEE-802,
> Tunnel-Private-Gro
Hi,
> I do post users
> thanks
> dkupis Auth-Type := system
> Service-Type = NAS-Prompt-User,
> cisco-avpair == "shell:priv-lvl=15",
> idle-timeout = 1800
okay. from this it looks like your attempting to configure FR to do some
form of Cisco device login authentication. i
Hi,
> Hello,
>
> does FreeRADIUS 1.1.0 supports reading the NAS list from SQL?
>
> I'm using this rather old version because it's the one supplied by my
> Ubuntu version, and, if possible, I wouldn't like to use another. Of
> course, if I must, I will.
yes, FR has been able to read NAS from SQL
Hi,
> I'm not familiar with freeradius yet. I read some HOWTOs and I do try to
> make wireless Windows XP talk to Radius server. I have an AP 1131. I
> have managed to make this configuration work with cisco ACS in the past,
> so AP part should be OK.
you're authenticating, or trying to, from the
Hi,
> I forgot about the atachment:)
you dont seem to have the 'strip' option for your home_server localhost {}
stanza in proxy.conf
likewise, there is no strip directive for any defined realm eg
templates {
realm {
strip
}
}
realm myrealm.com {
strip
}
real
Hi,
> carlos User-Password == "carlos"
> Service-Type = Framed-User,
> Tunnel-Type = VLAN,
> Tunnel-Medium-Type = IEEE-802,
> Tunnel-Private-Group-Id = 2
>
> saulUser-Password == "saul"
> Service-Type = Framed-User,
> Tunnel-Type = VLAN,
>
hi,
i've got a remote site that we want to trust a few return attributes
from no problem. configured. however, there are 2 different attribute
values for one of the attributes and i'm not quite sure of the syntax
available for useeg
realm.com
Session-Timeout <= 28800,
Idl
Hi,
> I'm having difficulty locating documentation on how to manage the
> certificates that are generated for use with WPA. It appears that no matter
> how long I set the Certificate Authority Certificate to be valid for, it
> appears to be valid for only 30 days from the day it was created.
>
hi,
a whole lot of wierd things - we need your Linux WPA config
and FR config though to get to the bottom of it.
i'm hoping you have set Auth-Type := EAP in your users file
(the logs seem to suggest you have) and also the log claims
that its trying to use MD5 but doesnt know how to. you havent
Hi,
> I do not understand, should the Windows XP's supplicant encrypt password
> prior to sending, or does it send it in cleartext and the radius encrypts
the windows supplicant? err, it doesnt send the password in any sane way.
you need to either set up an MSCHAPv2 challenge response system or
p
Hi,
> Hi,
> I've installed freeradius and it was working fine with users file
> authentication but when I add sql module ( freeradius's wiki->SQL_HOWTO )
> when I try radtest with a username that is in db, authentication failed, and
> it's the out put of debug mode:
Cleartext-Password is for late
Hi,
> And PAP is not very safe and smart way to go as i read it.
as an inner auth type for EAP-TTLS it isnt too bad.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> No one knows?
>
> On 10/23/07, hadi golestani <[EMAIL PROTECTED]> wrote:
^
you posted less than 24 hours ago. this isnt a commercial
support contract. maybe someone knows and is currently busy or away.
looking from the logs, it seems that your FR is configured to use system
aut
Hi,
> > I am trying to install 1.1.6. When i try to make the SUSE Linux Package
> > and run the rpm build command then an error message comes which reads:
> > freeRadius 1.1.5.gz file not present.
check the "Version" line in the freeradius.spec file of the 1.1.6
suse directory. pro
Hi,
>echo "Session-Timeout:=100";
> else
>echo "Access-Reject"; //NOT WORKING!!
hmmm, normally/properly you dont send such attributes
back - thats a server job. you should simply exit with
the return code that equals reject.
alan
-
List info/subscribe/unsubscribe? See http://www.fr
Hi,
> I'm having the exact same problem as described below, with Freeradius
> 1.7 hanging at 99 percent. Also using PEAP, MSCHAPV2, and eDir, and
> running 1.7 on a SLES 10 SP1.
> I have been using the same configuration since 1.3 without any problems
> problems, but since upgrading from 1.6 to 1.
Hi,
> It was set to 1, but the actual delay is clearly bigger than that. In
> fact, it doesn't seem to be constant, it seems to wait until a new
> request was sent, and then it unleashes the reject.
>
> I set reject_delay to 0 and now there's no delay, but I'm not sure I
> like it that way, du
Hi,
> But you are just using FreeRADIUS for authentication. I didn't realise
> it was possible to separate posture assessment from authentication in
> Cisco NAC. Interesting to hear that you can.
..i guess we are all looking at development of EAP-TNC with interest..
alan
-
List info/subscribe/uns
Hi,
> Hi, all
>
> Following is error message when install freeradius1.1.3. Who can give me
> some advice or solutions? Appreciate very much.
1.1.7
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
>
> Hi evr,
>
> I'm currently experimenting on freeradius 1.1.6 (on rhl3) my setup seams to
> be working fine except a little bug !
>
> I'm using a software to monitor freeradius from the outside this soft is
> called (Whistle Blower running on a mac)
>
> This soft attempt to validat
hi,
Tue Nov 6 10:39:41 2007 : Error: rlm_eap: Failed to remember handler!
Tue Nov 6 10:39:41 2007 : Error: rlm_eap: Failed to remember handler!
Tue Nov 6 10:39:41 2007 : Error: rlm_eap: Failed to remember handler!
then radiusd dead
radiusd: FreeRADIUS Version 2.0.0-pre2, for host i686-pc-lin
Hi,
> We are trying to explore the 802.1x in university resnet. One thing we want
> to do is put the cisco switch port in a walled garden VLAN if the username
> or calling-station-id match a blocklist. If username/calling-station-id is
> not in the blocklist, they will just get to the static acces
Hi,
> Suppose we use Users file, where else in the freeradius configuration, we
> can check and how to rewrite the VLAN?
if you use the users file, simply add the required VLAN attributes
as part of the return reply - check the users file for similar
examples.
alan
-
List info/subscribe/unsubscr
Hi,
> Thanks for this info. One more step, is there any place in the freeradius
> configuration file that we can run a script to check the incoming radius
> request user-name/calling-station-id agaist a file for example
> youAreBlocked.txt, and then set the above attributes in the reply to the
> N
Hi,
> How to solve this problem ?
stop logging the passwords. WHY have you configured it to log the
passwords if you dont want this behaviour?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi,
we use nagios to monitor our freeradius install. this is using
the adv_radius_check plugin to check from the nagios servers a
user on the freeradius server (in the users file), the following
are the succinct details
users file entry
nagios-user Huntgroup-Name == "nagios", Cleartext-Password
Hi,
> We read all dynamic vlan related posts in this mailing list archive,
> but still can't get it to work even the authentication is working
> good.
in your eap.conf have you set the copy to inner tunnel to be "yes"?
on your switch, have you set the device to accept server defined
VLANs?
alan
Hi,
> > on your switch, have you set the device to accept server defined
> > VLANs?
> I believe in cisco
> aaa authorization network default group radius
> will enable switch to accept radius defined VLAN.
err, no. all that does is say 'use the radius group to
authorize network' you still have t
Hi,
> With a value of 5, freeradius now is already running for some hours.
> A value of 20 stops it from working normally within two hours.
> Maybe I can find out more.
ah! and this is *changed* behaviour since the pre2 release.
I'm here to report that 'beta' version taken via CVS yesterday
lunc
Hi,
> userx Cleartext-Password := "hello"
> Service-Type = Framed-User,
> Tunnel-Type = VLAN,
> Tunnel-Medium-Type = 802,
> Tunnel-Private-Group-ID = "552"
Tunnel-Medium-Type = "IEEE-802",
where did you get just '802' from?
alan
-
List info/subscribe/unsubscrib
Hi,
>
> http://wiki.freeradius.org/index.php/FAQ#How_do_I_check_the_configuration_before_sending_a_HUP_to_the_server.3F
well, any talking of HUP'ing right now is bad joojoo.
I've just checked and you can do something like
radiusd -X -p 1890 -i 127.0.0.1
which will work fine - perhaps we sh
Hi,
>
> DEFAULT Realm == jellico.net
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-IP-Address = 255.255.255.254,
> Framed-IP-Netmask = 255.255.255.255,
> Framed-Routing = None,
> Framed-Compression = None,
> Framed-MTU = 15
hi,
nasty. but you could do iteg some in this pseudo code
method - just to start you off... perl module
sql = your SQL table
$password = select password from sql where username = $RADREQUEST{%username}
if ($RADREQUEST{%User-Password} != $password) {
$RADREPLY = "Your password is incorrec
Hi,
> My DB-tables are empty, just accounting should be put into it. I do not need
> anything in usergroup for accounting etc, or do I?
you are probably running more radius threads than you have DB handles - change
the value in sql.conf - and make sure you enable enough max_connections in
your m
Hi,
> Hi Alan, thank you very much for the pseudo codes. I'm quite new to
> FreeRADIUS, so I need to check with you: are these for writing a new module?
no - that was pseudo code for use with the already existing PERL module
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/l
Hi,
>
> I set max_connections to 200, but that didnt help. That cannt really be a
> reason, because I am the only user by now. My partner gave up on this
> Problem. But I need to get this thing running!
> Maybe its the mysql-Version? We run mysql 3.23 on suse 8.1...
> Any Ideas?
can freeradius
Hi,
> Do I then remove ldap from the authorize section so that it doesn't call
> it every packet? I did a bunch of testing and it seems that I have to
> do that to reduce the number of calls to our eDirectory servers.
yes - only call it from the INNER check. otherwise you are in exactly
the same
Hi,
> eap {
> default_eap_type = ttls
>
> tls {
> private_key_file = /etc/raddb/server.tld.pem
> certificate_file = /etc/raddb/server.tld.pem
> CA_file = /etc/raddb/server.tld.pem
>
Hi,
> if (pthread_mutex_trylock(&cur->mutex) != 0) {
> radlog(L_INFO, "rlm_sql (%s): goto next %d", inst->config->xlat_name,
> cur->id);
> /* goto next; */
> } /* else we now have the lock */
>
> The radius inserts accountingdata now into my DB, but
Hi,
> I'm sorry again, I wouldn't have said "authentication request" but
> "authentication SQL request" made by the freeradius server to the SQL
> database.
its a check item request in the SQL table
item operator value
MD5-Password := MD5-value
read sql.conf for more details
alan
-
Hi,
> Thanks for everyone's help. I have it working nicely now, but have one
> more situation I just started testing.
>
> I want to use the same radius servers to authenticate users on a
> different wireless network though a captive portal to the same
> eDirectory servers via LDAP.
>
> In ord
hi,
either the PATH defined is not correct or the files cannot be read by the
radius daemon
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> Hi All
>
> i used " radclient -f attr -p 10 -c 1 localhost:1812 auth local "
>
> but also got one entry in my log file !!
> i guess i must get 10 entries .
err, no. because ou only asked for it to do a single request ( -c 1 )
if you want it to do 10, then tell it to do 10. the -p 10
m
Hi,
>
> my authorize section has "files" entry too...sorry for this lack
>
> ok i've used freeradius -X it seems to give me other info...but still
> problems to understand:
> why gives me an error on processing password using Auth-Type := System,
> i'have no entry with that!
if your 'users
Hi,
> Hi guys/gals
>
> Any ideas why i would be getting the error below ??
>
> Here are the sql packages i have installed
>
> mysql++-2.2.3-1.fc5
> mysql-5.0.27-1.fc5
> mysql-devel-5.0.27-1.fc5
> mysql-server-5.0.27-1.fc5
you dont have any of the ltdl stuff installed
libtool-ltdl-devel
libtoo
Hi,
> Alan, I didn't find any option for the mschapv2 problem in your web page.
>
> Unencrypt ldap passwords is not a smart solution.
>
> It seems that windos xp client only accept mschapv2 or TLS to authenticate,
> if a use TLS, I cannot use ldap because only the client certificate is used
>
Hi,
> Hi,
> Eap-fast introduction from cisco said freeradius support eap-fast. Is it
> right?
> http://www.t11.org/ftp/t11/pub/fc/sp-2/07-595v0.pdf
iirc, there was a small patch submitted to the devel list a few weeks
back...but it needed some formatting changes etc and a re-posting.
alan
-
Hi,
> I still didn't get whar I would need rlm_perl for ...
you obviously dont need to run a PERL script in any of
the AAA sections. many people do.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> I am having trouble configuring VLAN assignment for CISCO switches,
not suprising as you are doing a comparison check operation.
change the operator value for each return attribute to
a straight-forward '='
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users
Hi,
>
> inl2goal wrote:
> Already did that, it is not working
>
> Should it say (in my attributes)
>
> Tunnel-Type = VLAN
> Tunnel-Medium-Type = IEEE-802
> Tunnel-Private-Group-Id = 120
we simply return them in the form of
Tunnel-Medium-Type = "IEEE-802"
Tunnel-Type = "VLAN"
Tunnel-Private-Gro
Hi,
> Hm, does this mean that even now when I use rlm_passwd and tacacs passwd
> file, I need to HUP radiusd whenever someone changes their password?
dont HUP the server, restart the process.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> But is this for real? I need to restart the server if someone changes
> their password in the file that is configured with rlm_passwd?
>
> If so, that's not just a minor annoyance :P
there are other modules which provide non-restart functionality
such as SQL password modules - there has a
Hi,
> Hi,
>
> I am satyanarayana,we are working to implement 802.1x wired supplicent ,
> But Tried a lot by checking somany sites But i didn't get that open source.
> If any body knows the site are any details Please send to me.
freeradius is an existing supplicant which can do wired and wireless
Hi,
> if anybody has the same problem, here's the solution..
>
> i've installed 2.0.0-pre2 and made just the following
> changes to radiusd.conf:
>
> mschap {
> with_ntdomain_hack = yes
> ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
> --username=%{mschap:User-Name} --challenge=
Hi,
> I should say that I do not want to use an external solution. Creating a
> huntgroup for each NAS with the exact same user list does work, but then
> if I have to change a user I would then have to modify what could be
> over 100 groups.
i think, therein, lies your problem - you havent look
Hi,
> "# This file can also be used to define restricted access
> # to certain huntgroups. The second and following lines
> # define the access restrictions (based on username and
> # UNIX usergroup) for the huntgroup.
> #"
so why not do as
Hi,
> My question deals with the username sent by the supplicant when the
> authentication goes on. At boot
> time, the username sent is : host/user_name. After the login, the username
> sent is : user_name. So, I
> have to create 2 users. I want to cut 'host/' to make this task easier. It is
>
hi,
you have installed the user programs for mysql - the library
and the tools/database - but for compiling things that USE
mysql, you need to install the development programs for mysql.
usually mysql-devel, or mysql-dev or somesuch
alan
-
List info/subscribe/unsubscribe? See http://www.freeradi
Hi,
what does the 'less debugging' mode -> radiusd -x
give you (thats a small x rather thana big X)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> Also, using -x makes it run in the foreground, whether or not I'm using -f.
> I'm starting to wonder if the guys at Mandriva have been messing in the code
> for their distribution...
whoah! i didnt realize you were using the version that came with your
distro. sorry - try downloading and
hi,
looks about right - you either return the OK or REJECT
as you have done - you just need to ensure that you
pass in the correct username and password variables.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> Hi,
> I want to know is someone is using freeradius with APs with OpenWRT
> installed. I'd like to hear experiences about it.
works. i wouldnt get a too complex system though - unless you
are fortunate enough to have one of the routers with 32Mb
of RAM and 16Mb of storage
alan
-
List in
Hi,
> Can the two stanzas both have the same CIDR and can the 'shortnames' be the
> same or do they have to be different?
the device is chosen by its closest matching subnet mask - so you could
slowly migrate people by subnet allocation - eg take a /23 of the devices
and migrate those...then do
Hi,
> #pkill radiusd
> #radiusd -x
-X
its a large X for debug mode. the little x also works but is different!
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
>
>
> Hi sir,
>
> i am using freeradius server version(1.1.7)
>
> initially i sent some request to server (radiusd),it was turned failure by
> server.
>
> now is there any way, so that "without restarting the server (radiusd)" ,
> further requests can be sent and get processed by the server.
hi,
your database is too slow to handle all the accounting in real time.
hence the error messages. hence the lack of accounting
either speed the DB up - and/or add more handles - or move to putting
the details in in 'after real time' - eg with SQL-Relay - putting
them into a file then using the
hi,
we need to see the output of the radiusd -X - the config file
looks fine(!) we also need to know HOW you are trying to use
MSCHAPv2 - where is your authentication done? users file?
DB, ntlm_auth etc etc
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi,
a 2.0 beta (latest CVS head) install server locked up on us today
in its early test deployment
case secnario
a request was proxied off to another RADIUS server. no response
came back. server totally fails to respond to anything else.
the only entry in the 'radiusd -X' is the last 2 lines
F
hi,
ummm, lets get this right - you are using FreeRADIUS 1.1.0 ?
I'm sorry - cannot give any support until you are using 1.1.7
(which has many old and obsolete bugs and issues removed)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> [/udir/delivery_a0028/wacsim_trunk/scripts/services/freeradius-1.1.0//etc/raddb/users]:1
> WARNING! Check item "EAP-Sim-Rand1" ?found in reply item list for user
> "123242010015". ?This attribute MUST go on the first line with the other
> check items
..and many more - this is an obvi
Hi,
> > a 2.0 beta (latest CVS head) install server locked up on us today
> > in its early test deployment
>
> Ugh.
>
> > case secnario
> >
> > a request was proxied off to another RADIUS server. no response
> > came back. server totally fails to respond to anything else.
> > the only entry i
hi,
okay - got it to do the same with a straight radtest.
here is the radiusd -X - several attempts that get proxied
away..and never answered. remote site marked as zombie
but then any valid requests just dont get serviced.
Sending Access-Request of id 14 to 10.1.2.3 port 1812
User-Name
Hi,
> Is the HUP issues fixed? Just noticed it wasn't working, but didn't try
> CVS.
the latest CVS handles HUP a lot better - various modules are now
HUP friendly. why are you HUP'ing? what will HUP achieve that
a service restart wont? how are you testing the config is sane
before restarting th
Hi,
> A lot has changed since -pre2.
>
> Hmm... it *should* be configurable in radiusd.conf. See the "log"
> section in radiusd.conf. Some configuration items have moved, because
> it was dumb to have "log_foo", "log_bar", "log_baz", etc.
ha! a lot HAS been changing. damn. you are right. h
hi,
okay - updated to latest CVS after I saw the CVS log messages
regarding this proxying issue. things look a little better
but at the end the server is dead - unable to respond to
any legitimate requests - (ie even simple local non proxy ones)
latest output:
Sending Access-Request of id 108 t
Hi,
> Everything work OK, Ovislink send request to FreeRadius server, FreeRadius
> send Access-Request to IAS (mschapv2) IAS send Access-Accept, but Ovislink
> received Access-Challenge from FreeRadius, one two, three ... and on the end
> authetication failed.
proxied connection - by default you
Hi,
> 'The maximum number of threads (32) are active, cannot spawn new thread to
> handle request'
FreeRADIUS is getting many many requests but cannot handle them in
real time - usually due to the authentication or accounting being
too slow - you use SQL or AD for authentication? SQL for account
Hi,
> Thanks Alan,
> We are using SQL for authentication and accounting - do you think this could
> be the issue?
>
> I could potentially have thousands of requests coming in almost
> simultaneously, is this going to be too much for the process to handle?
i dont know how good your SQL database
501 - 600 of 1429 matches
Mail list logo
