}
}
mac-checks...
That should stop processing the request as soon as it's marked to be
proxied.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Srinu Bandari wrote:
Alan,
We had tried with latest build, now it sends Access-Challenge and there is a
segmentation fault.
Please find debug log for the latest ones as below.
Whoops. Please do a git pull. It should work now.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
it, and otherwise it
uses ntlm_auth to authenticate?
authorize {
...
if (control:Cleartext-Password) {
update control {
MS-CHAP-Use-NTLM-Auth := No
}
}
...
}
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
there is an undead child process
left behind:
Which version is this? There was one version (IIRC) which had this
issue. But recent ones don't.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
of a VSA and I'm
not seeing it.
Then the NAS isn't sending it.
Remember, this is RADIUS. If anything goes wrong, it's usually the
fault of the NAS.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the table.
If a particular session hasn't seen updates for a long time, the script
should send a fake accounting stop packet to the server. That lets
the server close the session.
It's probably more complicated than that, but that's the basic idea.
Alan DeKok.
-
List info/subscribe/unsubscribe
Igor Smitran wrote:
...
But, when i call exec script (phh for example) this array only contains
last key:
DHCP-Parameter-Request-List = DHCP-TFTP-Server-Name
It is logical that those values will be overwritten but...
Is there a way to work around this problem?
Use +=, not =
Alan
Johnson, Jeffrey wrote:
rlm_ldap: performing search in dc=cphc,dc=local, with filter
(sAMAccountName=jpjohnson)
rlm_ldap: ldap_search() failed: Operations error
Read the ldap module configuration. Look for operations error
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
policy.conf.
Well... the server can't use regex's from SQL.
What you can do instead is to have a script which reads SQL, and
writes a local policy.conf file. It's not perfect, but it will work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
] EAP NAK
[eap] NAK asked for bad type 0
[eap] Failed in EAP select
The client is broken.
Don't blame FreeRADIUS. Go fix the client.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
an external script. That's why the
server has plugin modules.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a FreeRADIUS problem.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
as the key in the users file:
0a:0b:0c:0d:0e:0f Foo-Bar = Baz
Reply-Message = wow
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
from the
original Access-Accept
Filter-Id := TestProfile
Session-Timeout := 86400
Segmentation fault (core dumped)
See doc/bugs
What's the best way to bind to a particular IP address?
Set the IP address in the listen section.
Alan DeKok.
-
List info/subscribe
the bug that caused the early
reject.
What could have gone wrong??
Another bug.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
catch the weird formats, and standardize
them. Then, insert the standardized form into the database.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jaap Winius wrote:
Can anyone say what I should be doing differently? E.g. are *.cer
certificates mandatory (if so, how can I make them?), or can I not use
my self-signed certificates?
I'm always use pem or crt files, not *.cer. It works on my Mac.
Alan DeKok.
-
List info/subscribe
instead, hoping
that by doing so there may be some performance improvements?
In git master there's an rlm_rest module. That *might* be higher
performance.
But if it works, don't touch it until there are issues.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
Srinu Bandari wrote:
I am trying to make 2.x.x branch, I see following error.. Can anyone help??
Whoops. That's an error. The fix is simple:
$ git pull
Thanks for the testing.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
for the help.
The DHCP code *should* work. But having more documentation, examples,
and real-world tests will help a lot.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
in.
The Wiki could also be updated to add DHCP howto's
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
15:54:17 2013 : Error: type -1220981894 not supported yet
It looks like you're trying to use a master branch config with the
version 2.x binary. Don't do that.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Attribute
Type 102) part of Access-Accept message.
That's not clear to me from the above description. But if it works...
We'll be releasing 2.2.1 shortly. I think this change can go into it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Phil Mayers wrote:
Does anyone know if there's known-good test data we can compare against,
or a client/application that validates it? Does eapol_test
implement/check it?
It doesn't seem to.
If someone has a packet trace from ACS, that should be enough.
Alan DeKok.
-
List info
ahmed.sa...@stfc.ac.uk wrote:
Anybody got any idea about the following?
Read the rlm_passwd documentation. It seems you haven't done that.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
'. Stop.
Hmm... Version 2.x doesn't have the EAP-PWD module. It looks like
your source tree is screwed up somehow.
I'd suggest just deleting the rlm_eap_pwd directory.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
reasons, it's not put
into the reply. You need to do that step manually. That requires a
3-line addition to the post-auth section.
Let me know if it works. If so, it's a nice feature to have.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Бен Томпсон wrote:
One thing I still don't understand though is how best to use ippool
for DHCP.
As Phil said, don't. Use the SQL IP pool module.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
saying how to implement EAP-Key-Name, we can
do it. Or, send a patch.
Until then, it's a mystery.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_passwd to map a key to another value.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
packets in parallel, you would see a higher latency for
each packet, but the ability to process more packets per second.
You've admitted to not knowing much about RADIUS. If the test doesn't
do what you expect, the obvious conclusion is to blame the test, not
FreeRADIUS.
Alan DeKok.
-
List
not have an accounting section. Does this mean that IP addresses
can never be deallocated from the pool?
No. The addresses should have a lifetime.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
in DHCP packets.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
You can always use commercial traffic generators.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
pushed some changes to the v2.x.x branch on github. It should
print out more information about the DHCP packet it's sending. If you
could try that, it would be a big help.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
people.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
and its sub functions.
Please lemme know what might have gone wrong.
Please read doc/bugs. That file contains instructions on getting the
information we need.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
. No,
that's not going to work. It's impossible. RADIUS doesn't work that way.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
. You've given a bunch of hex numbers which are useless
to everyone here. And rad_decode.
Please lemme know what could have gone wrong.
Read doc/bugs and follow the instructions there.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
of you. You're thinking you
may need to replace it. All the time we're trying to tell you PUT MORE
PETROL IN THE TANK.
Start paying attention to the responses on this list. It's the only
way you'll get the problem solved.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
the docs, so be it.
If you want a friend, go somewhere else.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
also reload individual modules. That will be less likely to
have issues. i.e.
$ radmin -e hup passwd
Anyone else seen serve crashes on a reload?
Unfortunately I've seen this before. I haven't seen enough
information to track it down and fix it, though.
Alan DeKok.
-
List info/subscribe
the
server isn't working. That's a mistake.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
experienced any funnies that needed a specific set of tweaking for Aruba? I
really can't imaging that it would be the case, but just thought I'd check.
I haven't heard of any issues
If it requires tweaking for Aruba, then Aruba has failed to implement
the standards correctly.
Alan DeKok
, they are *intentionally*
breaking inter-operability. So you're forced to buy their crappy RADIUS
server.
All of the other WiFi vendors can get EAP to work. If Aruba can't,
it's because (a) they're incompetent, or (b) being rude about it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
but not at the detriment to any security type issues
There are no security issues with using the control socket.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Deepti kulkarni wrote:
Sorry about the incomplete previous email,
Try by adding
jwinius Auth-Type = pam
Cleartext-Password := xxx
That won't work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jaap Winius wrote:
...
[eap] processing type md5
rlm_eap_md5: Cleartext-Password is required for EAP-MD5 authentication
You can't use PAM and EAP-MD5 together. It's impossible.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
need to change the client. And likely you can't, because it
*needs* to do EAP.
Unfortunately, the result is
still the same, but freeradius' debug output has changed significantly:
Read it. If the messages aren't clear, I really don't know what to do.
Alan DeKok.
-
List info/subscribe
think about it, and follow instructions.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Bill Isaacs wrote:
Again Alan, read between the lines. I've been scanning these emails
from this group for about year through google searches.
What I've learned from this mailing list is that you routinely castigate
people who ask questions on here. That's rude. Your tone is arrogant.
here is you. Fix your attitude, or you will be
unsubscribed and banned. There are hundreds of people a month who post
questions and get answers without any problem. Choose to be one of them.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
on the Nodes are configured well.
What could i be missing
RADIUS doesn't do FTP.
You've shown by your previous messages that you need to spend a LOT
more time understanding RADIUS before you ask questions here. People
have tried to help you, and you've ignored them.
Alan DeKok.
-
List
made FreeRADIUS depend on MySQL, and then made MySQL slow. So
when FreeRADIUS can't do it's job, don't blame FreeRADIUS.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Suresh Kumar Subramanian wrote:
I am newbie and I have couple of questions in the free radius.
Your questions were already answered. See the list archives.
If you're going to post questions here, it helps to read the replies.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
servers.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
of text*. That is,
strings. It is *not* intended to write carefully formatted CSV files.
It cannot be made to that, as CSV files are not simple text strings.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
for adding test accounts to the users
file. Follow the FAQ.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
no idea how to fix this.
I suggest asking the PAM people.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the accounting section of raddb/sites-available/default
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
is sending you the message because
PAM is broken, and PAM is *not* sending any messages.
If your car says the gas tank is empty, you don't fix it by changing
the gas display on the car dashboard. You go to the root of the
problem, and fill the gas tank.
Alan DeKok.
-
List info/subscribe
Deepti kulkarni wrote:
Thanks. PAM doesnt support authorization either right?
What radius client do you prefer that can support authentication,
authorization and accounting for linux machines?
There is nothing else.
Alan DeKok
-
List info/subscribe/unsubscribe? See http
. It's not necessary.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
in the FAQ, man page,
web pages, and daily on this list. Only that will tell you what's
really going on.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
Read the eap.conf file, and the raddb/sites-available/default. This
is documented.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
this backend, use ldap2.REALM-2.ca-LDAP-Group == ...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Deepti kulkarni wrote:
No, my production client is not sending any accounting packets. I am
completely not sure how that can be set.
If the NAS documentation doesn't say how to configure accounting, then
it doesn't do accounting.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
that it is sent in response to.
This is what FreeRADIUS does. See src/modules/rlm_eap/eap.c,
eap_compose() function. Success and Failure send the same ID. Other
EAP packet types increment the ID.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
* run the suffix module then. In the
sites-enabled/default, do:
authorize {
...
if (!EAP-Message) {
suffix
}
...
}
That should solve the problem quite nicely.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
to www.freeradius.org,
and click on the FAQ link.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
that the client is responsible for sending accounting
requests to the server, I am new to radius server and PAM, so not sure
how this is done (apart from using radclient)?
The PAM module doesn't do accounting.
If you're using another NAS (switch, etc.) it should do accounting.
Alan DeKok.
-
List
is updating the
User-Name to be web-portal-ssid.
There are no other options.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
that.
Is it possibe that the start accounting request is sent to another
radius server?
I have no idea. It's your NAS. Go look at the NAS configuration.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-User-Name, if it exists.
#
DEFAULT
User-Name := %{Stripped-User-Name:-%{User-Name}}
No, that doesn't do what you want.
Delete that. It's not necessary. The server already does the right
thing.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
it by poking FreeRADIUS.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
be writing code and shipping it as
soon as it compiles. They're incompetent, and uncaring.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
. See the rlm_ldap documentation.
You can put users into groups, and apply profiles to each group.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, and the people on this list. You don't need any help to
solve this problem, as you already know all of the answers.
You're wasting everyones time by being rude. Stop it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
and argue about the answers. If you're so damned smart, go fix
the problem yourself.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
stack or
any other way provided by stack?
It cannot be done with FreeRADIUS. The entire point of sending
disconnect messages is for the server to send them.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
Sorry if this is a FAQ, of course I've not changed anything within my conf
since 2009 !
FreeRADIUS is pretty darned stable.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
?
No.
3) op needs to be =~ and := for the first to settings and == for
all the following?
Read the documentation. Please. I'm not going to cut paste it here.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
idea?
Use the v2.x.x branch from git.
We should release 2.2.1 soon.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
David Peterson wrote:
Any release notes or is it primarily a bug fix release?
Mostly a bug fix release.
https://github.com/FreeRADIUS/freeradius-server/blob/v2.x.x/doc/ChangeLog
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
it.
What can I check, in order to find the problem?
Use tcpdump to see where the packets go.
The code *should* work...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
. You can edit them to add any attribute you want
2) yes, you can use AD to do groups. Configure AD as an LDAP server,
and use LDAP-Group for comparisons. There are examples.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
attribute to check groups in SQL.
I.e. setting Max-Daily-Session in radgroupcheck? Or should it be radcheck?
See the group configurations schema in SQL.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
. Or, you can put
patches on top of patches, which are fragile, complicated, and tend to
break.
The choice is yours.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Nasser Heidari wrote:
Can Anybody help me with this issue?
To send CoA packets, read raddb/sites-available/originate-coa
You choose the attributes to send like you choose any attributes to
send. Use unlang, or a module...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
files.
No.
We don't care about the configuration. The FAQ, man page, and web
pages says to post the output of radiusd -X.
It also helps for you to *read* the output of radiusd -X. A little
bit of thought goes a long ways.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
in
to the NAS at ip 87.24.AA.BB the user doesn't get any special property.
You defined the huntgroup. You didn't *use* it to limit sessions.
In the users file:
DEFAULT Huntgroup-Name == maxxer, Max-Daily-Session := 60
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
. If you didn't use the Makefiles to
create the certs, then don't blame FreeRADIUS. If you did use them,
then blame OpenSSL for creating certificates it can't read.
FreeRADIUS doesn't implement SSL. OpenSSL does. FreeRADIUS doesn't
parse certs. OpenSSL does.
Is that clear enough?
Alan DeKok
.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Stephan Manske wrote:
Does this work with specific make commands only? So you cannot use it in
freeradius to be compatible?
It only works with GNU Make. Version 3 has a new build system, which
requires GNU Make. It could be done there.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
is a reject.
There is no way to over-ride it.
Maybe in 3.0.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
if/then/else
programming.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I'm missing something obvious?
Nope. It should work. It looks like the mac2ip module is crashing
for some unknown reason.
Can you follow doc/bugs? It will tell you how to post more debugging
information so we can see exactly where it's going wrong.
Thanks.
Alan DeKok.
-
List info
provide.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Leo Combes wrote:
Hello.
I successfully run ISC-DHCP server for provisioning modems in an ISP's
network, but what I wanted to try is something more modern and with
database support.
I want to try using Freeradius as DHCP server, but first I want to know
if it is possible with these
501 - 600 of 14295 matches
Mail list logo