{
auth_pool = local_proxies
}
=
So the realm should be stripped from the username.
Anyone any ideas about this?
Thanks,
John.
--
John Horne Tel: +44 (0)1752 587287
Plymouth University, UK Fax: +44 (0)1752 587001
-
List info/subscribe
On Tue, 2013-03-26 at 14:13 +, Phil Mayers wrote:
On 26/03/2013 12:50, John Horne wrote:
Hello,
Using Freeradius 2.1.10 I have been trying to see if I can proxy a
request to a remote server but using a different User-Name attribute
based on the original request User-Name attribute
On Tue, 2013-03-26 at 15:35 +, Phil Mayers wrote:
On 26/03/2013 15:12, John Horne wrote:
What is the upstream proxy?
Microsoft domain controller (DC).
As in, Microsoft NPS running on a DC?
As far as I know, yes. I don't deal with the Microsoft side of this.
Just to check I
wanted, and it didn't break EAP.
I also checked the other formats that we wanted to allow, and they all
worked fine too. I'll do further testing tomorrow, but it looks good.
John.
--
John Horne, Plymouth University, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
-
List info/subscribe
by using '/@.*@/' ?
John.
--
John Horne Tel: +44 (0)1752 587287
Plymouth University, UK Fax: +44 (0)1752 587001
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
--
John Horne Tel: +44 (0)1752 587287
Plymouth University, UK Fax: +44 (0)1752 587001
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
be seen this occurs for a few seconds, stops, then starts again
five minutes later. I am at a bit of a loss as to what is causing this.
My question is, is this something to be concerned about or is it normal
for these messages to appear so often?
Thanks,
John.
--
John Horne
On Mon, 2012-09-03 at 12:57 +0200, Alan DeKok wrote:
John Horne wrote:
Using FreeRadius 2.1.10, I am seeing a lot of logged 'Info' messages
about the socket command file. A snippet shows:
Mon Sep 3 11:12:41 2012 : Info: ... adding new
not had any problems with it.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Thu, 2010-09-23 at 12:05 +0200, Alan DeKok wrote:
John Horne wrote:
So, I guess the question is why is freeradius reloading the post-proxy
filter a second time after the HUP?
The question is why do you have two configurations for the same module?
The only bug here
]
Although this looks like a pppd problem, it only occurs after we have
issued 'radmin -e hup'. If we don't use the control-socket, or just use
it without issuing a 'hup', then pppd works fine.
John.
--
John Horne Tel: +44 (0)1752 587287
University
On Wed, 2010-09-22 at 18:53 +0200, Alan DeKok wrote:
John Horne wrote:
The problem seems to be that although the proxy server returns a 'Yes'
reply (meaning the user is authenticated)
What does that mean? There is no standard attribute to transport a Yes.
Sorry, the 'Yes' is just
On Wed, 2010-09-22 at 18:02 +0100, John Horne wrote:
The failed login has no MS-CHAP2-Success attribute being sent back.
Okay. The problem is to do with attribute filtering, but that in turn
seems to be caused by freeradius doing something unexpected when it
receives the HUP.
We define
.
--
John Horne Tel: +44 (0)1752 587287
University of Plymouth, UK Fax: +44 (0)1752 587001
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Fri, 2010-09-10 at 14:17 +0200, Alan DeKok wrote:
John Horne wrote:
Running Freeradius 2.1.10 on CentOS 5.5 I have been taking a quick look
at the radmin 'hup' command. However, I am having a problem getting it
to work:
radmin -e hup
ERROR: You do not have write permission
On Tue, 2010-09-07 at 22:26 +0200, Alan DeKok wrote:
John Horne wrote:
We have been running 3 servers with 2.1.10 (taken from git a while ago)
The proxy change went in August 4.
for some time with no problems. They act as a proxy, receiving requests
from wireless lan controllers
requests
from wireless lan controllers and (mostly) proxying them on to MS IAS.
Is there any particular change that you wanted feedback on?
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
-
List info/subscribe/unsubscribe? See http
On Tue, 2010-09-07 at 22:26 +0200, Alan DeKok wrote:
John Horne wrote:
We have been running 3 servers with 2.1.10 (taken from git a while ago)
The proxy change went in August 4.
Ah. Our versions date back to June. I'll see about upgrading them to a
later 2.1.10 version. (Hopefully
directory. Python is python-2.2.3-6.11
For RHEL4 (update 8) running both 'configure' and 'make' works fine.
Python is python-2.3.4-14.7.el4_8.2
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
-
List info/subscribe/unsubscribe? See http
from
it 10 seconds before.
Thanks,
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Thu, 2010-06-17 at 14:16 +0200, Josip Rodin wrote:
On Thu, Jun 17, 2010 at 11:26:37AM +0100, John Horne wrote:
So what is being seen is that backend server 141.163.66.101 has sent an
accept accept packet (to the local proxy server 195.250) and the log
shows a user as having authenticated
On Thu, 2010-06-17 at 14:09 +0100, Alan Buxey wrote:
Hi,
On Thu, Jun 17, 2010 at 11:26:37AM +0100, John Horne wrote:
So what is being seen is that backend server 141.163.66.101 has sent an
accept accept packet (to the local proxy server 195.250) and the log
shows a user as having
On Thu, 2010-06-17 at 17:54 +0200, Alan DeKok wrote:
John Horne wrote:
Why does it think it looks like it is dead?
Because the home server didn't respond to *another* request.
Each request has a timer. If the home server doesn't respond within
that time, then it is marked zombie
are monitored and if some part of it can be
provided to me, then I will try and correlate what I see on the proxy
server with the home server logs.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
-
List info/subscribe/unsubscribe? See http
radiusd segfaulting.
Thanks,
John.
--
John Horne Tel: +44 (0)1752 587287
University of Plymouth, UK Fax: +44 (0)1752 587001
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Mon, 2010-06-14 at 16:23 +0200, Alan DeKok wrote:
John Horne wrote:
We are running FR 2.1.9 on CentOS 5, and are proxying requests to MS IAS
2003 servers. However, it seems the IAS servers do not support
'status-server' requests until a slightly later version. As such, I have
going
on here?
Thanks,
John.
--
John Horne Tel: +44 (0)1752 587287
University of Plymouth, UK Fax: +44 (0)1752 587001
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
higher than 'low'? This is a serious problem
for us, and affecting our RADIUS service. It would be nice if RH could
update the provided freeradius package soon.
John.
--
John Horne Tel: +44 (0)1752 587287
University of Plymouth, UK Fax: +44 (0)1752 587001
-
List info/subscribe
On Fri, 2010-06-11 at 13:34 +0200, Alan DeKok wrote:
John Horne wrote:
Hello,
We are running Freeradius 2.1.7 (on CentOS 5 - freeradius2-2.1.7-7.el5),
and are seeing many of these messages in our log files:
Fri Jun 11 11:44:19 2010 : Error: Failed binding to proxy address
problem, and have users telling me when the problem occurs, but
without the date/time being logged I am not getting too far.
Is it possible to get FR to log the date/time or epoch time when using
'-X'?
Thanks,
John.
--
---
John Horne
that does print the date/time! :-)
I looked in the FAQ and the Wiki, and with Google, but just didn't think
to look in the man page. Oh well.
Thanks,
John.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287
E-mail
On Fri, 2008-09-26 at 17:31 +0100, John Horne wrote:
Hi,
I have installed FR2.1.1 onto a test server, built using the Fedora
rawhide RPM source. No problems building and installing FR, but when I
start FR it seems to immediately stop. The radius.log file just shows:
Fri Sep 26 17:20:58
.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 587001
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
with no problems.
John.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 587001
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
*' show you a list
of installed and available packages? It works for me on CentOS 5.2,
64-bit. The 'list *ltdl*' worked for me on CentOS 52, 32-bit.
John.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287
E-mail: [EMAIL
that and
then both configure and make worked okay.
John.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 587001
-
List info/subscribe/unsubscribe? See http
', 'freeradius-libs' and 'freeradius-utils'
RPMs. It works fine.
John.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 587001
-
List info/subscribe/unsubscribe? See
:= redirect
}
}
}
}
Okay, thanks for this and for Alan DeKok's reply. I'll reconfigure the
server and retest when I get back to work.
Thanks,
John.
--
---
John Horne, University of Plymouth, UK Tel
to 2.0.4), and it's late on a
Friday afternoon so I'm going home to think :-)
Thanks,
John.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 587001
-
List info/subscribe
On Tue, 2008-04-08 at 10:14 +0100, John Horne wrote:
On Tue, 2008-04-08 at 08:18 +0200, Alan DeKok wrote:
John Horne wrote:
It seems that radiusd doesn't like the NULL realm after the DEFAULT. I
swapped these two around, and radiusd started up fine.
? I can start up the server
On Tue, 2008-04-08 at 08:18 +0200, Alan DeKok wrote:
John Horne wrote:
It seems that radiusd doesn't like the NULL realm after the DEFAULT. I
swapped these two around, and radiusd started up fine.
? I can start up the server fine with those realms, in any order.
Yes, with 2.0.2 I had
On Tue, 2008-04-08 at 10:14 +0100, John Horne wrote:
On Tue, 2008-04-08 at 08:18 +0200, Alan DeKok wrote:
John Horne wrote:
It seems that radiusd doesn't like the NULL realm after the DEFAULT. I
swapped these two around, and radiusd started up fine.
? I can start up the server
attached to it.
Anyone any ideas about why radiusd is complaining about a duplicate NULL
realm?
Thanks,
John.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752
On Mon, 2008-04-07 at 15:51 +0100, John Horne wrote:
I have been running FR 2.0.2 (built from source) for a short while with
no problems. I have now upgraded to 2.0.3 (built from Fedora 9 source
RPM). When I try and start radiusd (using 'radiusd -X' I get the
following error:
realm
/proxy.conf[87]: Unknown home_server local_IAS.
Anyone any ideas how to mix round-robin servers with fail-over?
Thanks,
John.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: [EMAIL PROTECTED] Fax
.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Mon, 2007-05-14 at 22:56 +0200, Alan DeKok wrote:
John Horne wrote:
...
Mon May 14 13:38:54 2007 : Info: rlm_eap_tls: Loading the certificate
file as a chain
Mon May 14 13:38:54 2007 : Error: rlm_eap: SSL error error:0906D06C:PEM
routines:PEM_read_bio:no start line
Ah I think
the original radiusd.conf
produces the same error messages, with a couple of extras (for the
Auth-Types's system and CHAP).
Any ideas?
Thanks,
John.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: [EMAIL
(as
far as I am aware) after a HUP.
John.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
it correctly.
It doesn't, but instead treats it as a 'Local' type request.
Thanks,
John.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839
-
List info/subscribe
On Fri, 2007-05-11 at 13:47 +0200, Alan DeKok wrote:
John Horne wrote:
bob Auth-Type = Local,User-Password := abc,Proxy-To-Realm := LOCAL
Don't set Auth-Type. Use Cleartext-Password, not User-Password.
The entry should look like:
bob Cleartext-Password := abc, Proxy-To-Realm
On Fri, 2007-05-11 at 14:24 +0200, Alan DeKok wrote:
John Horne wrote:
No, that doesn't work.
Yes, it does.
No, it doesn't (even with 'pap' last in the authorize section).
Did you read man rlm_pap as I suggested?
Yes, but this is an MS-CHAP request, not PAP.
John
is going on.
John.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
,
John.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Fri, 2006-06-16 at 09:16 -0400, Alan DeKok wrote:
John Horne [EMAIL PROTECTED] wrote:
A minor question really. I have just upgraded a server from Fedora Core
3 (freeradius 1.0.1) to FC5 (freeradius 1.0.5). I notice that when I
start freeradius on FC5 (using 'service radiusd start
On Fri, 2006-06-16 at 09:16 -0400, Alan DeKok wrote:
John Horne [EMAIL PROTECTED] wrote:
A minor question really. I have just upgraded a server from Fedora Core
3 (freeradius 1.0.1) to FC5 (freeradius 1.0.5). I notice that when I
start freeradius on FC5 (using 'service radiusd start
On Fri, 2004-12-03 at 15:53 -0500, Alan DeKok wrote:
John Horne [EMAIL PROTECTED] wrote:
The problem is that if the first server fails and the local server
receives a request then it tries to talk to the first DEFAULT server and
fails, eventually marking it as 'dead'. This is fine
On Fri, 2004-10-29 at 12:40, John Horne wrote:
We have a Fedora Core 2 linux server which unfortunately automatically
upgraded, using yum, from freeradius 0.9.3 to 1.0.1 last night. (I did
not intend that to happen so that I could check out the changes with
1.0.1 to ensure that it would work
On Thu, 2004-01-08 at 16:19, Alan DeKok wrote:
John Horne [EMAIL PROTECTED] wrote:
This seemed to make no difference. However I did notice, before and
after the change, that if the user file entry has something like:
User-Password != something
Then if the user enters
On Thu, 2004-01-08 at 16:48, Alan DeKok wrote:
John Horne [EMAIL PROTECTED] wrote:
Given that, I assume then that it is then not possible to create a
default 'users' file entry which will allow *any* user through if we
insist on using MS-CHAPv2?
Auth-Type := Accept
Will allow
the appropriate modules.
authenticate {
mschap
}
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: [EMAIL PROTECTED] Fax
64 matches
Mail list logo