No, you haven't stopped radius then. Only one service per port. man
lsof if you're not sure which process is holding on to the port.
Sent from my iPhone
On 24 Mar 2009, at 20:12, Bruno Noronha bhnoro...@gmail.com wrote:
Dawgs,
I received the following error when starting debug mode or
Thanks Alan.
That confirms my suspicions then. I'll have a dig through the unlang stuff
too there. If we do manage to figure out the magic wand waving required to
appropriately set a timeout for this, I'll pass on a patch.
Thanks again.
//anders
-
List info/subscribe/unsubscribe? See
There are other solutions around as well to distribute and manage client
side certificates. Not cheap, but they do exist.
//anders
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
pushpraj nimbalkar wrote:
On Wed, Dec 31, 2008 at 2:42 PM, Alan DeKok al...@deployingradius.com wrote:
pushpraj nimbalkar wrote:
You have not read full message. I am using rlm_sql and i already added
59.181.96.194 to my nas list. look at below error
rlm_sql (sql): Read entry nasname=
Anatoly S. Zimin wrote:
Greg Fuller wrote:
[snip]
$ cd /usr/local/src/freeradius-server-2.1.3/
$ rm -rf src/modules/rlm_perl
This is not solution.
I am know how resolve this problem.
If anyone need this. Please ask me.
May be this solution need for developers.
I am long time useing
Thanks Anatoly. Hopefully Alan will pick this up
Sent from my iPhone
On 25 Dec 2008, at 13:21, Anatoly S. Zimin anato...@team.co.ru
wrote:
On 10:32 Thu 25 Dec , Anders Holm wrote:
Anatoly S. Zimin wrote:
Greg Fuller wrote:
[snip]
$ cd /usr/local/src/freeradius-server-2.1.3/
$ rm -rf
to get into a huff about things, is there?
//anders
Alan DeKok wrote:
Anders Holm wrote:
Ah, the missing piece emerges. This is probably what I was missing.
My frustration is that I explained how it works. Rather than
believing that explanation, you started arguing about the rationale
Alan DeKok wrote:
Anders Holm wrote:
Looking a tad at the counters and how they get incremented I see the
following:
Sending Access-Accept of id 20 to 127.0.0.1 port 32772
FreeRADIUS-Total-Access-Requests = 0
FreeRADIUS-Total-Access-Accepts = 36
FreeRADIUS-Total
Alan DeKok wrote:
Anders Holm wrote:
So, for Access-Requests we ignore Status-Server packets, but
Status-Server packets do increment Access-Accept?
Perhaps you didn't see my message or read the names of the counters.
One counter counts Access-Requests, and another one counts Access
Hi folks.
Looking a tad at the counters and how they get incremented I see the
following:
Sending Access-Accept of id 20 to 127.0.0.1 port 32772
FreeRADIUS-Total-Access-Requests = 0
FreeRADIUS-Total-Access-Accepts = 36
FreeRADIUS-Total-Access-Rejects = 0
Of course, I'm silly enough to expect others know what versions I'm running
.. *doh*
This is with FreeRADIUS 2.1.1 compiled from source.
//anders
2008/12/19 Anders Holm anders.h...@sysadmin.ie
Hi folks.
Looking a tad at the counters and how they get incremented I see the
following
The \'s might be significant. You have those all through the query, up
to the point things break.
I also wouldn't have a comment in the middle of an SQL statement.
Clean it up and it is likely to work.
Sent from my iPhone
On 19 Dec 2008, at 03:29, Todd R. tjrl...@lightwavetech.com wrote:
Eric Geier wrote:
Thank you for the info, David.
I think the following is an example of how this could work, which I googled:
client 212.37.57.2 {
secret = %{sql:SELECT secret FROM accesspoints WHERE id =
%{raw:NAS-Identifier}}
shortname = just one of our example
t...@kalik.net wrote:
What could a hacker do to the server if he can't even get passed returning a
correct shared secret?
Get the usernames and passwords of your users and gain access to your
network at will. Publish them and let anybody use your network.
Internet for free. Sounds
What is your goal here? To have two different hosts with the same
accounting data on them? If so, use a data base backend instead of
trying to replicate data yourself. Let the system work for you, not
you for the system.
Sent from my iPhone
On 16 Dec 2008, at 16:07, lreeves
I'm fairly positive there are pointers in the documentation for your
specific LDAP server on how to add data into it.
//anders
hsuan wrote:
Dear ivan:
But the search results have shown # base dc=mydomain,dc=com,uid=ldapuser
with scope subtree.
If I don't have the new entry ldapuser, so how
ldappasswd is unlikely to use the encryption scheme that is expected by
PAP (or just about any other module).
Use an LDIF file, or some other means to set the data to be what you
want it to be, not something you're not sure what it might be.
//anders
hsuan wrote:
Dear all:
I have install
Talk to the folks who created it perhaps?
Sent from my iPhone
On 24 Nov 2008, at 08:18, john li [EMAIL PROTECTED] wrote:
Hi,
I'm trying to enable MediaProxy to close expired calls but got an
error
Does anyone have any suggestions?
Thanks a lot
John
here is the log:
Your config says you are using Oracle as backend. However the Oracle
driver has not been compiled/installed.
Sent from my iPhone
On 24 Nov 2008, at 03:39, Ilya [EMAIL PROTECTED] wrote:
hello,
i've got Linux 2.6.9-22 and freeRADIUS server v.2.1.1.
after installing and configured FreeRADIUS
Answers before questions? Novel idea.
limited to 4GB
Sent from my iPhone
On 9 Nov 2008, at 14:00, liran tal [EMAIL PROTECTED] wrote:
On Sun, Nov 9, 2008 at 6:00 AM, Venkatesh K [EMAIL PROTECTED] wrote:
Hi Liran,
On Sun, Nov 9, 2008 at 4:16 AM, liran tal [EMAIL PROTECTED]
wrote:
Hey
You have two errors to fix...
This;
/usr/local/etc/raddb/users[1]: Parse error (check) for entry
DEFAULT:
Unknown value ntlm_auth for attribute Auth-Type
And this:
Errors reading /usr/local/etc/raddb/users
/usr/local/etc/raddb/modules/files[7]: Instantiation failed for
module
files
Young-Whan Kim wrote:
Hi~~ Happy to meet you.
I'm trying to compile for PPC. The version is 1.1.7.
Why 1.1.7? Use 2.1.1 if you're going through the trouble of compiling
anyway.
/opt/mvl4/pro/devkit/ppc/7xx/bin/../lib/gcc/powerpc-montavista-linux/3.4.3/.
This is likely to have been fixed in a newer version. Do you see this
with a 2.1.1 installation?
//anders
Prasad Parab wrote:
Hi,
Am using freeradius-1.0.5 for PEAP authentication with EAP-MD5.
Attached is the log of auth failure wirg the same.
Attached also are the configuration files.
Huh?
Ivan gave you the answer already. Read it again and then look into
what accounting packets are.
Sent from my iPhone
On 4 Nov 2008, at 02:06, Alexandre J. Correa - Onda Internet [EMAIL PROTECTED]
wrote:
auth are working fine... but i need execute one script after auth OK
to get
The PPC machine has no native compiler?
You want to ensure you are dynamically linking you binaries.
./configure --help
Sent from my iPhone
On 4 Nov 2008, at 04:45, Young-Whan Kim [EMAIL PROTECTED] wrote:
Hi~
I did compile freeradius-1.1.7 and 2.1.1.
My build machine is : intel debian 3.1
Talk to the vendor?
Sent from my iPhone
On 31 Oct 2008, at 01:20, Luke [EMAIL PROTECTED] wrote:
Hi :)
I'm trying to get dynamic VLAN assignment to work with my Dell 6248,
which they officially support as of firmware revision 2.1.0.13.
I'm using freeradius version 2.1.1
I think I'm sending
Did you rebuild from source obtained from freeradius.org or a src.rpm?
The RPMs are maintained by Suse.
Sent from my iPhone
On 29 Oct 2008, at 07:01, Hubert Kupper [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] schrieb:
Hi,
I have build the rpm's without errors. Before I had to edit the
We really didn't need to know what the secret *was*...
Retype and check for whitespace issues.
Sent from my iPhone
On 28 Oct 2008, at 10:46, lolo [EMAIL PROTECTED] wrote:
Le mardi 28 octobre 2008 11:37, [EMAIL PROTECTED] a écrit :
Chances are: 99.9% - shared secret is different (retype it
This a 64 bit system that also has 32 bit libs?
Sent from my iPhone
On 29 Oct 2008, at 08:09, Hubert Kupper [EMAIL PROTECTED] wrote:
Anders Holm schrieb:
Did you rebuild from source obtained from freeradius.org or a
src.rpm? The RPMs are maintained by Suse.
Sent from my iPhone
On 29 Oct
Would a customers billing plan be determined if they sucessfully
authenticate?
Wouldn't they all then be in the same plan? Sorry, I just don't see
your point.
Sent from my iPhone
On 25 Oct 2008, at 03:26, Bishal [EMAIL PROTECTED] wrote:
Hi all,
I am using freeradius for AAA of
Do you have a need for the Perl module? If not, disable it.
Sent from my iPhone
On 22 Oct 2008, at 23:19, Saurabh Bhasin [EMAIL PROTECTED] wrote:
Folks,
I've been trying to compile (using MacPorts 1.600) freeradius on
Leopard (10.5.5) and continue to get the following error. I've been
The MySQL module died, the connections dropped, got detected and the
module restarted to restore connectivity. Which is just what the log
says.
grep -ri oom /var/log*
Any matches finding the Out Of Memory killer and you then have your
root cause...
Sent from my iPhone
On 22 Oct 2008,
I'm slightly curoous here. What happens when Script Kiddie then spoofs
an appropriate MAC address? You have other mitigating measures in place?
Sent from my iPhone
On 22 Oct 2008, at 12:12, Arran Cudbard-Bell [EMAIL PROTECTED]
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Eating humble pie for a day would reset the admins expectations on how
to handle customer expectations to a reasonable level I'd think...
Sent from my iPhone
On 19 Oct 2008, at 18:49, Danny Paul [EMAIL PROTECTED] wrote:
This is impossible. It is *designed* to be impossible. If it was
If you want to help develop FreeRADIUS, that's the spot. Otherwise, I'd
personally recommend using the .tar.bz2 file that is linked on the front
page of http://freeradius.org ... That's the actual release.
CVS is probably whatever the folks are working on, which may or may not
work. Have some
Again, what's the debug output? Does the client manage to send a RADIUS
packet that actually arrives at the server?
//anders
2008/10/1 Martin Silvero [EMAIL PROTECTED]
sorry
what they say is ...
The access point has an IP 10.0.31.x and is included within
raddb/client.conf, forget
Que? No Habla Espanol. Habla Ingles??
That, and how to order a beer is roughly the extent of my Spanish.
//anders
On 26/09/2008 15:53, Martin Silvero [EMAIL PROTECTED] wrote:
el access point tiena la IP 10.0.31.40 http://10.0.31.40 y esta incluida
dentro de raddb/client.conf, olvidemos la
You say 10.0.32.x is on a different network than 10.0.42.x?
What's your netmasks and your routing table like? What network is your
client on and what network is your server on? Can you ping the server (or
access it in any way) from the client?
This is really more a basic networking question than
An SQL server isn't too hard to set up and get going. Plus any decent
scripting language has modules making it dirt simple to manage the
user base ... Try it...
//Anders
Sent from my iPhone
On 22 Aug 2008, at 22:23, Greg Woods [EMAIL PROTECTED] wrote:
On Fri, 2008-08-22 at 22:48 +0200,
.
- Original Message
From: Anders Holm [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Wednesday, August 20, 2008 12:52:20 PM
Subject: Re: performance report?
I still do ...
I've had 10 multi core boxes hammering one server, still
It is not likely your actually putting too much strain on the server side.
You¹ll need quite a lot of machines hammering the RADIUS server before it¹ll
break into a sweat. The client side would have higher CPU utilization then
the server side, per request.
Comparing one program to another is not
.
- Original Message
From: Anders Holm [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Wednesday, August 20, 2008 12:25:19 PM
Subject: Re: performance report?
Re: performance report? It is not likely your actually putting too much strain
I'm unsure here why syslog would be a bad idea in the case of FreeRADIUS.
However, there is also another option, the SQL logging options... Perhaps
those may be handy as well?
//anders
On 30/07/2008 13:39, Alan DeKok [EMAIL PROTECTED] wrote:
Mustapha Bouikhif wrote:
I want to send acct logs
Adding additional IP ranges, which are non-contiguous, and at the same time
not adding a new ippool, seems to me to be really impossible. Either you
have static ranges in-between, or, worse still, you do not own/operate the
IPs in-between but someone else does. . .
Either you should have a larger
[snip]
rlm_pap: WARNING! No known good password found for the user. Authentication
may fail because of this.//Normal, i am not willing to do
PAP but mschapv2
me If you¹re not using a module, disable it. All it¹ll do is add latency,
delays and unnecessary log
Sorry for my extremely belated reply (been on vacation so deliberately
stayed away from email.. :) )
Yes, connecting to a different port using mysql command line tools did work.
Used the exact same settings for host and port etc. so ...
I should get the source tree checked out at some stage so I
You haven't installed the MySQL headers. If you're on Linux, you're likely
to need to install a package called something along the lines of
mysql-devel.
If this isn't an FAQ listed query, it should be .. :)
//anders
2008/6/12 Ivan Kalik [EMAIL PROTECTED]:
Have you tried reading the FAQ?
[EMAIL PROTECTED]:
Anders Holm wrote:
Hitting Reply All in most MUAs would do this. The list should be smart
enough to only forward on one copy per recipient ...
It's not. We get 2 copies of every mail you send to the list.
ALL mails I receive for this list has the list in *both* TO and CC
seen this on any more mails
after I responded to the initial request to ask me to stop sending dupes?
Yes, this is getting quite off topic .. :)
//anders
2008/6/12 Alan DeKok [EMAIL PROTECTED]:
This is getting off-topic, but...
Anders Holm wrote:
quote
From: you
Sender: freeradius-users
2008/6/12 Nicolas Goutte [EMAIL PROTECTED]:
[snip]
For me it has worked since then. I have seen only one of each of your
messages.
Have a nice day!
Excellent! One problem solved, and on to the next one.
To get back on topic a tad then so, and to describe my experience with the
SSL side of
Indeed, stunnel is one way to go, another might be SSH tunnels, or as another
poster mentioned IPSec tunnels.
Yes, data integrity and security of the data is vital, along the whole path
from backend storage to end device, so this is just one piece of that puzzle ...
What I'll do short term is
, 2008 5:57:48 PM GMT +00:00 GMT Britain, Ireland, Portugal
Subject: Re: MySQL connection over SSL possible?
Anders Holm wrote:
So, that's a yes .. :)
Yes.
rlm_sql_mysql is the driver, and I'd rather not have my own version running,
but would love to see that rolled in, if possible. My only
) get your messages always twice.)
Have a nice day!
Am 11.06.2008 um 11:31 schrieb Anders Holm:
There are other options.
Yes, I've come up with a few. Would you have others as well?
Suggestions are welcome in all cases ..
//anders
- Original Message -
From: Alan DeKok [EMAIL
Hi folks.
I'm wondering, would it be possible to encrypt the connection to the backend
data store (it being MySQL) using SSL? MySQL would have support for this, but I
sppear to not find any documentation for Freeradius on how to set that side up
for it .. Any pointers appreciated ..
connection over SSL possible?
You will probably need to adapt the driver with mysql_ssl_set():
http://dev.mysql.com/doc/refman/5.0/en/mysql-ssl-set.html
Ivan Kalik
Kalik Informatika ISP
Dana 9/6/2008, Anders Holm [EMAIL PROTECTED] piše:
Hi folks.
I'm wondering, would it be possible to encrypt
So, I'm getting closer to my end goal. I have a few questions though regarding
SQL statements and what impacts there may be if I go about changing them..
My lovely DBA is telling me the expected traffic figures I have given them may
put some interesting load on the DB backend. They'd love for
You don't have a realm that matches the domain name you're using to
authenticate for : dfn.de
//anders
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
g] On Behalf Of Hans Bornemann
Sent: 02 June 2008 14:31
To: FreeRadius users mailing list
Subject: Re: looking into
No, you've missed out letting the RADIUS server be allowed to talk to your
LDAP server ... Or starting it at least .. :)
rlm_ldap: bind to localhost:389 failed: Can't contact LDAP server
If they can't talk, I don't think it'll matter much about anything else ..
Now, don't take my word for it
Curious... It's a fairly beefy Linux box with GigE NIC .. Hmm.. Time to dig
into sysctl, and playing with the forking script, as the speedup I'd need would
be client side it seems to me. Server has taken what I've thrown at it so far,
without batting an eyelid..
//anders
- Original
: Load testing tool recommendation
Wireless could be the problem if you have some wireless links between
radius server and your NAS.
Alan DeKok wrote:
Anders Holm wrote:
In my tests, radclient has been /slower/ the radtest processes forked from a
Perl script.
100 requests using my forking
Hmm.. I *am* referencing the radius server with FQDN ... Lemme flip that switch
and see what I get to play with ...
Good catch .. It's letting me ship some more packets through per second.. no
final figures yet, but starting to hit 5k pkts/sec, though the radius server is
still not sweating
://wiki.freeradius.org/Radclient
Ivan Kalik
Kalik Informatika ISP
Dana 9/5/2008, Anders Holm [EMAIL PROTECTED] piše:
So, I'm building a complete solution, from scratch.
As such, the business owners have some requirements on how many requests it
should be handle today per second and some point
:07 PM GMT +00:00 GMT Britain, Ireland,
Portugal
Subject: Re: rlm_sql_oracle compilation woes
Anders Holm wrote:
I'm trying to compile the rlm_sql_oracle module for FreeRadius 2.0.3
using Oracle 10.2 client. Now, I've tried every suggestion the configure
scripts has thrown at me, and none seem
So, I'm building a complete solution, from scratch.
As such, the business owners have some requirements on how many requests it
should be handle today per second and some point in the future as well.
Would there be any good load testing tools, or some handy way to figure out how
many tps my
Hi Folks.
This is a potential newbie question, though I seem unable to find any answers
in the FAQ or in the archives, so ...
I'm trying to compile the rlm_sql_oracle module for FreeRadius 2.0.3 using
Oracle 10.2 client. Now, I've tried every suggestion the configure scripts has
thrown at
65 matches
Mail list logo