> And you are absolutely sure that you are supposed to send it an
> Accounting-Request and not proxy Access-Request? Considering that
> filtering policies are a part of the access setup that would make much
> more sense.
Yes I am. Actually, the appliance works like this, and is not the same
box as
> >During authentication process, I need to send an Accounting-Start to a
> >network equipment
>
> Just out of interest - what is "network equipment" going to do with the
> accounting request?
It's a network filtering appliance. The Accounting-Request ships
attributes that say which filtering pol
Hi all,
During authentication process, I need to send an Accounting-Start to a network
equipment when the authentication is successful (when processing the
Access-Request), before sending the Access-Accept back.
Is it possible to create the Accounting-Request from inside a module and "post
it"
Hi all,
I try to use FreeRADIUS to authenticate a wireless device using EAP-SIM.
Currently, my SIM card can be authenticated using a Cisco supplicant
(eap-sim-draft-v5) with a Cisco Access Registrar RADIUS server
(eap-sim-draft-v5) that gets SIM triplets from an ITP and a HLR simulator.
I extr
Hi all,
I have a question about EAP-SIM and EAP-AKA authentication.
Is fast-reauthentication supported (in eap or eap2 module)?
Thanks in advance for your answers.
Geoff.
_
Envoyez avec Yahoo! Mail. Une boite
Hi all,
First I apologize, because the question I am about to ask is not
directly linked to FreeRADIUS.
I am a FreeRADIUS user, and I am looking for feedback regarding the
NAS all of you use. Actually, I am looking for a NAS, able to manage
access for several Wifi hotspot (> 500 hotspots, > 5000
Hi all,
I have 2 questions regarding FreeRADIUS and SNMP:
1/ Is it possible to run 2 FreeRADIUS servers on the
same box, with SNMP support activated? I understand
it's possible, using distinct values for smux_password
parameter.
2/ Connecting FreeRADIUS to Net-SNMP using SMUX is
quite easy. Has
> > Another question is, does the wimax forum dictate
> what
> > to be done with these attributes in radius server
> ?
>
> Yes. The WiMAX NWG specification has detailed
> requirements. You need
> to be a member of the WiMAX forum to obtain the
> specifications, I believe.
>
Since v1, the spe
Ok, the first problem comes that there is no call to fflush.
The patch is:
210a211,213
> /* BEGIN_GAO */
> fflush(stdout);
> /* END_GAO */
336a340,342
> /* BEGIN_GAO */
> fflush(stdout);
> /* END_GAO */
Geoff.
Hello
I have 2 more problems (not necessarily bugs) with radsniff.
1- I can't enter a RADIUS attribute filter. I can't gifgure out what's the
syntax. I tried stuff like -r "User-Name = toto" and other types of operators,
but I still have the message
radsniff: Invalid RADIUS filter
2- I can't
I have a question on virtual servers: can the same instance of a module
(rlm_detail for example) be used in 2 different virtual servers?
How are managed NO_THREAD_SAFE modules in this case (rlm_detail for example)?
Thanks
Geoff.
__
> The request used is a Status-Server request. The
> content of the request is the following :
>
I have just tested sniffing a Status-Request
generated by radclient (v2.0.0-pre2), and radsniff
crashes the same way.
Regards,
Geoffroy
_
Hi all,
I am testing radsniff, and I have the following
behaviour:
When launching radsniff with the following input, the
program crashes (FreeRADIUS v2.0.0-pre2)
[EMAIL PROTECTED] bin]# ./radsniff -f udp
Device: [eth0]
PCAP filter: [udp]
RADIUS secret: [testing123]
*** glibc detected *** free()
> Brian Walters wrote:
> > With the new 2.0 release do we have to make 2
> entries for each home
> > server? 1 for auth packets and 1 for acct packets?
>
> Yes, because they are *different* servers. They
> may be different
> programs that share no memory or configuration.
>
> Or, you can con
Hi all,
I have a small question on FreeRADIUS behaviour when
acting as a synchronous proxy:
Are the modules re-executed on a retransmission
reception, or is the forwarded request re-sent using
the cache?
I also have a 2nd question - not regarding proxy:
While processing an Access-Request, if a mo
Hi All,
I have a quick question on the shortname attribute for
clients: must it be unique among all clients?
Thanks in advance for your answers
Geoff.
___
Découvrez une nouvelle façon d
> >
> > The database takes between 15ms and 40ms to answer
> to freeradius
>
> Sometimes it takes a LOT longer than that.
>
I don't konw how you measure the processing time. I
don't know what your request does, but if it does one
or several commit(s), is the commit time counted?
I have used Ora
> Hi Guys
>
> Is anyone actually using rlm_python in production?
We do. But with a home-made module, based on corrected
module stored in bugzilla.
We made adjustments in it to meet our customer needs,
and it is therefore not reusable.
Nevertheless, we did correct memory leaks, threading
issues a
FreeRADIUS 1.1.3 bug - Accounting requests reemission by FreeRADIUS
In file "main\request_list.c", function "refresh_request".
In the case of an accounting request (request->proxy->code ==
PW_ACCOUNTING_REQUEST), FreeRADIUS adds to the proxied packet the
attribute "Acct-Delay-Time" (or updates
> I am quite pleased to report I have, with minimal discomfort, version 1.1.3
> running on Solaris 10.
>
> The source actually compiles perfectly once OS dependencies etc. are met.
> I will share a few tips here for any who may be attempting the same.
> My main goal was LDAP functionality.
Hi all,
Maybe my mail will be out of the discussion, but we plan in middle term to
migrate an existing AAA system from a commercial software to FreeRADIUS.
We already made a prototype to check the feasability (existing system performs
authentication against Oracle database sotred procedures).
T
Hi,
I have observed the following behaviour with FreeRADIUS 1.0.2, working in proxy
mode, with synchronous set to YES:
If the realm server is not responding, after max_request_time has expired, the
request is rejected, and the realm is marked to dead. I tried to add a backup
server to the realm
Hi all,
I have question for those who use rlm_detail module. I saw in source code that
this module is thread unsafe. My understanding is that will not avoid
FreeRADIUS to run multi-thread, but that only one thread will be able to log
details at a time. Am I right?
Second question: does anybody
Hi,
I just get the last CVS update, and I discovered a "hidden" attribute in
mainconfig.c, name "proxy_fail_type".
By reading the source code, my understanding is that setting this attribute to
"fail" (for example) in proxy.conf, and setting the value "fail" for
Post-Proxy-Type in dictionary.fr
Hi,
I am going to configure a FreeRADIUS as a RADIUS proxy. My proxy will have to
listen on a couple of ports on 2 interfaces, so I set the following
configuration in radiusd.conf:
listen {
ipaddr = IP1
port = 1812
type = auth
}
listen {
ipaddr = IP1
port = 1813
type = a
> It's USR's old format. 4 bytes of attribute type, and no length.
>The VSA length is used for the length instead.
Thank you for the info.
> Ugh. What the heck is the "project type"?
Actually, the vendor has several "projects", each one owning potentially 256
attributes.
> If the server
> I receive for instance "Framed-MTU" = 1500 in Access-Request and now I have
> to put in the Access-Accept Class = "05DC" (the hex value of the framed-MTU)
> and sent it back to the NAS.
Maybe you can do it by developing a simple module by your own?
Geof.
-
List info/subscribe/unsubscribe? See
Hi all,
I have a question regarding Vendor-specific attribute encoding: What type of
"smart" encoding are supported by radclient (and thus FreeRADIUS). I mean, I
know I can use TLV encoded VSA - as described in the RFC, for example:
WISPr-Redirection-URL=http://www.google.fr
or
Cisco-Account-Info
Thank you for your answer.
I mean EAP-SIM has been described in 16 successive drafts, and finally
became a RFC.
I don't know the content of the RFC itself, but I know that other AAA
server (Cisco Access Registrar for example), performing EAP-SIM against
SS7 network and HLR do need to upgrade i
Hi all,
I have a question regarding EAP-SIM authentication, in the case where
authentication is performed by an external AAA system.
We already perform LEAP and EAP-TLS authentication against an external AAA
system authentication through FreeRADIUS (FreeRADIUS acts as a proxy for EAP
authenticati
Hello all,
Would it be possible to have some information about FreeRADIUS SNMP capacities.
Which version of snmp are supported?
What can be done?
Which types of trap can be sent to the manager?
Which type of info can the manager ask?
What are the other features?
Is it stable?
Any peice of infor
Hello,
I'm working with Nicolas - who sent the first mail.
The module failing is not the one showed in the
request (its cod eis too big). When we saw that
something was going wrong, we quickly wrote a very
simple module to stress the failure, and we built it
with release 1.0.1.
Geoffroy
--- Al
Hello,
I currently use FreeRADIUS on Solaris 8/32 bits, and
we plan to upgrade to Solaris 9 / 64 bits.
I wonder if FreeRADIUS sources are safe for 64 bits
compilation?
Does anyone run FreeRADIUS on a 64 bits environement?
Thanks for your answers.
Best Regards,
Geoffroy
Hello,
I know I can send VSA using radclient, by putting the
following line in my request file:
Cisco-AVPair=Hello!
What I want to know, is if I can send VSA which
content is not formatted like mentionned in RFC2865
(§5.26). I mean that I want to send:
+++++
|
Hello,
I think there is a bug in radclient (since v1.63?).
I currently use radclient v1.60, and it works fine.
I saw that new functionalities appeared, and I
downloaded V1.72. Reading the radclient.c source file,
I became a little plerplex about the '-i' feature,
which allows to set the ID of th
Hello,
I am using radclient fom FreeRADIUS in CVS version
1.60. It works fine.
I saw that radclient evolved to deal with several
files / several requests per file. That's an
interesting feature for what I need.
Nevertheless, reading radclient.c (I haven't tested it
yet), I think that a regressio
See Attribute Calling-Station-ID. I use CISCO 7200
router, and it sends us the user's MAC address into
this attribute.
Look at your FreeRADIUS logs to see if it is enclosed
into AccessRequest.
Geoffroy
--- Burak Sarrafi <[EMAIL PROTECTED]> a écrit :
> Hi all,
>
> I've a single and simple quest
> On Wednesday 25 February 2004 18:05, Clinton J Wooton wrote:
> > I believe that the [1636] refers to the actual line in the file. I looked
> > at this exact spot using gedit and found that it is the last line of the
> > file and it has nothing in it.
Ensure that all opening bracket '{' have a
Hello,
I am training at FreeRADIUS, and I'm writting my own module to make different
stuff on request. It works well.
I use FreeRADIUS snapshot-20040102.
I think I've found an error in the libradius, in the file valuepair.c, into the
function pairreplace.
My valuepair.c is in version 1.74, but it
39 matches
Mail list logo
