.
This is exactly what we wanted, and it didn't break EAP.
I also checked the other formats that we wanted to allow, and they all
worked fine too. I'll do further testing tomorrow, but it looks good.
John.
--
John Horne, Plymouth University, UK
Tel: +44 (0)1752 587287Fax:
On Tue, 2013-03-26 at 15:35 +, Phil Mayers wrote:
> On 26/03/2013 15:12, John Horne wrote:
> >> What is the upstream proxy?
> >>
> > Microsoft domain controller (DC).
>
> As in, Microsoft NPS running on a DC?
>
As far as I know, yes. I don't deal wi
On Tue, 2013-03-26 at 14:13 +, Phil Mayers wrote:
> On 26/03/2013 12:50, John Horne wrote:
> > Hello,
> >
> > Using Freeradius 2.1.10 I have been trying to see if I can proxy a
> > request to a remote server but using a different User-Name attribute
> > based
bit seems to be working, but the realm is not being
stripped from the username.
The proxy.conf file simply has:
=
realm NULL {
auth_pool = local_proxies
}
=
So the realm should be stripped from the username.
Anyone any ideas about this?
Thanks,
John.
--
John
simpler just by using '/@.*@/' ?
John.
--
John Horne Tel: +44 (0)1752 587287
Plymouth University, UK Fax: +44 (0)1752 587001
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
eed modifying. It can add up to a
lot of work.
John.
--
John Horne Tel: +44 (0)1752 587287
Plymouth University, UK Fax: +44 (0)1752 587001
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Mon, 2012-09-03 at 12:57 +0200, Alan DeKok wrote:
> John Horne wrote:
> > Using FreeRadius 2.1.10, I am seeing a lot of logged 'Info' messages
> > about the socket command file. A snippet shows:
> >
> > ===
==
As can be seen this occurs for a few seconds, stops, then starts again
five minutes later. I am at a bit of a loss as to what is causing this.
My question is, is this something to be concerned about or is it normal
for these messages to appear so often?
Thanks,
John.
--
gt;/dev/null
endscript
postrotate
/sbin/service radiusd start >/dev/null
endscript
This occurs at around 4am. We have not had any problems with it.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Thu, 2010-09-23 at 12:05 +0200, Alan DeKok wrote:
> John Horne wrote:
> > So, I guess the question is why is freeradius reloading the post-proxy
> > filter a second time after the HUP?
>
> The question is why do you have two configurations for the same module?
>
On Wed, 2010-09-22 at 18:02 +0100, John Horne wrote:
>
> The failed login has no MS-CHAP2-Success attribute being sent back.
>
Okay. The problem is to do with attribute filtering, but that in turn
seems to be caused by freeradius doing something unexpected when it
receives the HUP.
On Wed, 2010-09-22 at 18:53 +0200, Alan DeKok wrote:
> John Horne wrote:
> > The problem seems to be that although the proxy server returns a 'Yes'
> > reply (meaning the user is authenticated)
>
> What does that mean? There is no standard attribute to transport
Response id=0xc8
,
name = "jhorne"]
Sep 22 16:45:00 jhvm1 pppd[27176]: sent [CHAP Success id=0xc8
"S=B18D5D0EC139ECCB0D17EBADF2DE818BCD7DF55B"]
========
Although this looks like a pppd problem, it only occurs after we have
issued
On Fri, 2010-09-10 at 14:17 +0200, Alan DeKok wrote:
> John Horne wrote:
> > Running Freeradius 2.1.10 on CentOS 5.5 I have been taking a quick look
> > at the radmin 'hup' command. However, I am having a problem getting it
> > to work:
> >
> > radmi
going on here?
John.
--
John Horne Tel: +44 (0)1752 587287
University of Plymouth, UK Fax: +44 (0)1752 587001
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Tue, 2010-09-07 at 22:26 +0200, Alan DeKok wrote:
> John Horne wrote:
> > We have been running 3 servers with 2.1.10 (taken from git a while ago)
>
> The proxy change went in August 4.
>
> > for some time with no problems. They act as a proxy, receiving reques
e' works, but skips over making anything in the rlm_python
directory. Python is python-2.2.3-6.11
For RHEL4 (update 8) running both 'configure' and 'make' works fine.
Python is python-2.3.4-14.7.el4_8.2
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 5
On Tue, 2010-09-07 at 22:26 +0200, Alan DeKok wrote:
> John Horne wrote:
> > We have been running 3 servers with 2.1.10 (taken from git a while ago)
>
> The proxy change went in August 4.
>
Ah. Our versions date back to June. I'll see about upgrading them to a
later 2.1
ey act as a proxy, receiving requests
from wireless lan controllers and (mostly) proxying them on to MS IAS.
Is there any particular change that you wanted feedback on?
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
-
List info/subscribe/unsu
logs are monitored and if some part of it can be
provided to me, then I will try and correlate what I see on the proxy
server with the home server logs.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
-
List info/subscribe/unsubscribe?
On Thu, 2010-06-17 at 17:54 +0200, Alan DeKok wrote:
> John Horne wrote:
> > Why does it think it looks like it is dead?
>
> Because the home server didn't respond to *another* request.
>
> Each request has a timer. If the home server doesn't respond within
On Thu, 2010-06-17 at 14:09 +0100, Alan Buxey wrote:
> Hi,
> > On Thu, Jun 17, 2010 at 11:26:37AM +0100, John Horne wrote:
> > > So what is being seen is that backend server 141.163.66.101 has sent an
> > > accept accept packet (to the local proxy server 195.250) and th
On Thu, 2010-06-17 at 14:16 +0200, Josip Rodin wrote:
> On Thu, Jun 17, 2010 at 11:26:37AM +0100, John Horne wrote:
> > So what is being seen is that backend server 141.163.66.101 has sent an
> > accept accept packet (to the local proxy server 195.250) and the log
> > s
ed a packet from
it 10 seconds before.
Thanks,
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Mon, 2010-06-14 at 16:23 +0200, Alan DeKok wrote:
> John Horne wrote:
> > We are running FR 2.1.9 on CentOS 5, and are proxying requests to MS IAS
> > 2003 servers. However, it seems the IAS servers do not support
> > 'status-server' requests until a slightly
e 'status_check = status-server'
enabled, since it seems better to receive no reply at all rather than
having radiusd segfaulting.
Thanks,
John.
--
John Horne Tel: +44 (0)1752 587287
University of Plymouth, UK Fax: +44 (0)1752 587001
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Fri, 2010-06-11 at 13:34 +0200, Alan DeKok wrote:
> John Horne wrote:
> > Hello,
> >
> > We are running Freeradius 2.1.7 (on CentOS 5 - freeradius2-2.1.7-7.el5),
> > and are seeing many of these messages in our log files:
> >
> > Fri Jun 11 11:44:1
oblem. :)
>
Okay, I have added a comment. Can you change the 'priority' of the
bugzilla entry to something higher than 'low'? This is a serious problem
for us, and affecting our RADIUS service. It would be nice if RH could
update the provided freeradius package soon.
John.
going
on here?
Thanks,
John.
--
John Horne Tel: +44 (0)1752 587287
University of Plymouth, UK Fax: +44 (0)1752 587001
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
e/time or epoch time when using
> > '-X'?
>
> -xX
>
Hmm, well you are right that does print the date/time! :-)
I looked in the FAQ and the Wiki, and with Google, but just didn't think
to look in the man page. Oh well.
Thanks,
John.
--
---
ck down a
local problem, and have users telling me when the problem occurs, but
without the date/time being logged I am not getting too far.
Is it possible to get FR to log the date/time or epoch time when using
'-X'?
Thanks,
John.
--
-----
On Fri, 2008-09-26 at 17:31 +0100, John Horne wrote:
> Hi,
>
> I have installed FR2.1.1 onto a test server, built using the Fedora
> rawhide RPM source. No problems building and installing FR, but when I
> start FR it seems to immediately stop. The radius.log file just shows:
>
. Anyone any
ideas on this?
John.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 587001
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
by the 'random state' messages, or even if they
are important :-)
John.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 587001
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
27; all completed successfully on a
CentOS 5.2 (64-bit) system with no problems.
John.
--
-------
John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 587001
-
List info/sub
vel*
> to see the devel package.
>
Does something a bit more generic like 'yum list *td*' show you a list
of installed and available packages? It works for me on CentOS 5.2,
64-bit. The 'list *ltdl*' worked for me on CentOS 52, 32-bit.
John.
--
27; when checking for readline. Then if the test passes set
the libraries to include '-lreadline -lhistory -lcurses'. I did that and
then both configure and make worked okay.
John.
--
---
John Horne, University of Plym
t out the
'perl-devel' from the spec file, run 'rpmbuild -ba freeradius.spec',
then install the 'freeradius', 'freeradius-libs' and 'freeradius-utils'
RPMs. It works fine.
John.
--
--
ate reply {
> Session-Timeout := 1
> Filter-Id := "redirect"
> }
> }
> }
>
> }
>
>
Okay, thanks for this and for Alan DeKok's reply. I'll reconfigure the
server and retest when I g
as to how to
proceed with this (other than going back to 2.0.4), and it's late on a
Friday afternoon so I'm going home to think :-)
Thanks,
John.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 58728
On Tue, 2008-04-08 at 10:14 +0100, John Horne wrote:
> On Tue, 2008-04-08 at 08:18 +0200, Alan DeKok wrote:
> > John Horne wrote:
> > > It seems that radiusd doesn't like the NULL realm after the DEFAULT. I
> > > swapped these two around, and radiusd started up fi
On Tue, 2008-04-08 at 10:14 +0100, John Horne wrote:
> On Tue, 2008-04-08 at 08:18 +0200, Alan DeKok wrote:
> > John Horne wrote:
> > > It seems that radiusd doesn't like the NULL realm after the DEFAULT. I
> > > swapped these two around, and radiusd started up fi
On Tue, 2008-04-08 at 08:18 +0200, Alan DeKok wrote:
> John Horne wrote:
> > It seems that radiusd doesn't like the NULL realm after the DEFAULT. I
> > swapped these two around, and radiusd started up fine.
>
> ? I can start up the server fine with those realms,
On Mon, 2008-04-07 at 15:51 +0100, John Horne wrote:
>
> I have been running FR 2.0.2 (built from source) for a short while with
> no problems. I have now upgraded to 2.0.3 (built from Fedora 9 source
> RPM). When I try and start radiusd (using 'radiusd -X' I get
seen in proxy.conf, the very last line has
no comment attached to it.
Anyone any ideas about why radiusd is complaining about a duplicate NULL
realm?
Thanks,
John.
--
-------
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-m
rror:
/usr/local/etc/raddb/proxy.conf[87]: Unknown home_server "local_IAS".
Anyone any ideas how to mix round-robin servers with fail-over?
Thanks,
John.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 23
.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks,
John.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
es"
Service-Type = Framed-User
John.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
1K\0:\252Q\210\212\302\363?k\354\223z\347\20\376s\265"...,
4096, 0, {sa_family=AF_INET, sin_port=htons(33774),
sin_addr=inet_addr("127.0.0.1")}, [16]) = 58
time(NULL) = 1179245461
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
Process 18850 detached
On Mon, 2007-05-14 at 22:56 +0200, Alan DeKok wrote:
> John Horne wrote:
> ...
> > Mon May 14 13:38:54 2007 : Info: rlm_eap_tls: Loading the certificate
> > file as a chain
> > Mon May 14 13:38:54 2007 : Error: rlm_eap: SSL error error:0906D06C:PEM
> > routines:PEM_re
n't really start at all, but it does. The problem only occurs (as
far as I am aware) after a HUP.
John.
--
-------
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: [EMAIL PROTECTED] Fax: +44 (0)17
ssages, so I'm not sure why it should now complain about
the Auth-Type's or the certificate. Using the original radiusd.conf
produces the same error messages, with a couple of extras (for the
Auth-Types's system and CHAP).
Any ideas?
Thanks,
John.
--
--
On Fri, 2007-05-11 at 16:25 +0200, Alan DeKok wrote:
> John Horne wrote:
> >>> No, that doesn't work.
> >> Yes, it does.
> >>
> > No, it doesn't (even with 'pap' last in the authorize section)
>
> Then something else in your co
On Fri, 2007-05-11 at 14:24 +0200, Alan DeKok wrote:
> John Horne wrote:
> > No, that doesn't work.
>
> Yes, it does.
>
No, it doesn't (even with 'pap' last in the authorize section).
> Did you read "man rlm_pap" as I suggested?
>
On Fri, 2007-05-11 at 13:47 +0200, Alan DeKok wrote:
> John Horne wrote:
> > bob Auth-Type = Local,User-Password := "abc",Proxy-To-Realm := LOCAL
>
> Don't set Auth-Type. Use "Cleartext-Password", not "User-Password".
> The entry sh
===
So my question is, does anyone have an explanation for this behaviour?
Obviously it is great that our 'users' files entries work under
FreeRadius 1.1.6 with only a minor change. However, since generally
Auth-Type should not be required, it is a worry th
ng.
>
Or use the 'truss' command to see what is going on.
John.
--
-------
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839
-
List info/subscribe/un
,
John.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Fri, 2006-06-16 at 09:16 -0400, Alan DeKok wrote:
> John Horne <[EMAIL PROTECTED]> wrote:
> > A minor question really. I have just upgraded a server from Fedora Core
> > 3 (freeradius 1.0.1) to FC5 (freeradius 1.0.5). I notice that when I
> > start freeradius on
On Fri, 2006-06-16 at 09:16 -0400, Alan DeKok wrote:
> John Horne <[EMAIL PROTECTED]> wrote:
> > A minor question really. I have just upgraded a server from Fedora Core
> > 3 (freeradius 1.0.1) to FC5 (freeradius 1.0.5). I notice that when I
> > start freeradius on
out this.
Thanks,
John.
--
-------
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
values).
Anyone know why this is happening, suggestions?
Thanks,
John.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839
-
List info/subscribe/unsubscribe? See
On Fri, 2004-12-03 at 15:53 -0500, Alan DeKok wrote:
> John Horne <[EMAIL PROTECTED]> wrote:
> > The problem is that if the first server fails and the local server
> > receives a request then it tries to talk to the first DEFAULT server and
> > fails, eventually marking
is still sent.
Is this a bug?
Thanks,
John.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Fri, 2004-10-29 at 12:40, John Horne wrote:
>
> We have a Fedora Core 2 linux server which unfortunately automatically
> upgraded, using yum, from freeradius 0.9.3 to 1.0.1 last night. (I did
> not intend that to happen so that I could check out the changes with
> 1.0.1 to ensur
.1) so I'm not sure what is going on there.
Thanks,
John.
--
-------
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Thu, 2004-01-08 at 18:39, Alan DeKok wrote:
> John Horne <[EMAIL PROTECTED]> wrote:
> > As can be seen it says 'Login OK' but seems to be missing the:
> >
> > Sending Access-Accept of id 209 to 127.0.0
On Thu, 2004-01-08 at 17:08, Alan DeKok wrote:
> John Horne <[EMAIL PROTECTED]> wrote:
> > > Will allow the user through, without password checking.
> > >
> > No it doesn't - I tried that after reading the FAQ. If I use just:
> >
> > jh
On Thu, 2004-01-08 at 16:48, Alan DeKok wrote:
> John Horne <[EMAIL PROTECTED]> wrote:
> > Given that, I assume then that it is then not possible to create a
> > default 'users' file entry which will allow *any* user through if we
> > insist on using M
On Thu, 2004-01-08 at 16:19, Alan DeKok wrote:
> John Horne <[EMAIL PROTECTED]> wrote:
> > This seemed to make no difference. However I did notice, before and
> > after the change, that if the user file entry has something like:
> >
> > User-Password !=
On Wed, 2004-01-07 at 15:54, Alan DeKok wrote:
> John Horne <[EMAIL PROTECTED]> wrote:
> > However, if I simply change the users file entry to:
> >
> > fred Auth-Type := Local, User-Password != "anything"
> >
> > Specifying that the
e list below.
#
# The default Auth-Type is Local. That is, whatever is not included
inside
# an authtype section will be called only if Auth-Type is set to Local.
#
# So you should do the following:
# - Set Auth-Type to an appropriate value in the authorize modules
above.
# For example, the cha
73 matches
Mail list logo
