about an unrelated
product.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
-
List info/subscribe
of
the dhcp-server, but I would like to do it as easy as possible.
Can anyone tell me why the Framed-IP-Address is only shown for some clients
and what I would have to do that it is show for all clients which are connected
to local network?
Best regards and thanks in advance
Stefan Puch
-
List
send it.
Kind regards
Stefan Puch
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
can you send a sample of one such Start and Stop ticket? I suspect the
Stop may be more like an update. There's some Cisco feature to send a
new Accounting ticket as soon as the client's IP address has been
determined...
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation
'
literally stops my service...
Even that the log entry is marked as 'info', I'd like to understand, what's
going on.
Thank You.
Stefan
-Original Message-
From:
[EMAIL PROTECTED]
us.org
[mailto:[EMAIL PROTECTED]
freeradius.org] On Behalf Of Alan DeKok
Sent: Wednesday, September
if the state
machine was violated, right? So if the NAS gets and sends on a
EAPoL-Success out of order, client gear will yell. Or did I get you wrong?
Stefan
In any case, the solution is much more complicated than just changing
the FreeRADIUS configuration (which won't do anything
suggest a
bucket of cold water into the face of the guy's management. An
authentication server is used to authenticate users, not to
non-authenticate users.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
availability as a component of
security here. There is nothing wrong with a documented, tested plan for an
emergency situation.
As you wish.
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue
? Vista? Nokia N95? iPhone 3G? Make a list of stuff to test...
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
-
List
2008/10/10 Alan DeKok [EMAIL PROTECTED]
Stefan Eck (gmail) wrote:
running successfull freeradius in 1.x version, i'm looking for some free
radius documentation to the NAS-Identifier. Couldn't find anything in
the doc or wiki.
http://freeradius.org/rfc/attributes.html
Anyone who can
Hi,
running successfull freeradius in 1.x version, i'm looking for some free
radius documentation to the NAS-Identifier. Couldn't find anything in the
doc or wiki.
Anyone who can point me to some docs?
I do have now an additional NAS which sends an different NAS-Identifier, but
I do currently not
to add it.
And I did exactly that. :-) Anyway, it would be a small change to the
schema and queries... I also wouldn't mind having it in by default. But
I don't care enough to submit a patch.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau
Hi,
I set up the fields in the mysql-table but they do not get filled with data.
http://wiki.freeradius.org/FAQ#Why_do_Acct-Input-Octets_and_Acct-Output-Octets_wrap_at_4_GB.3F
(you need to modify the SQL queries as well, updating the database
schema alone isn't enough)
Greetings,
Stefan
this.
Do I really need the sqltrace-file? How my I unconfigure it? Just deleting
the config line
My system runs FR 2.0.5 on Solaris 10 using MySQL 5.0.51a
Any Ideas?
Thank You.
Regards Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
-
List info/subscribe/unsubscribe? See http
know how this is possible?
Best regards
Stefan Puch
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks, Alan, but I'm using /etc/hosts for this boxes...
And my nsswich has
'hosts: files dns '
So, I'd sys no DNS at all...
Ad it worked immediately after starting the mysql server
Anything els to check?
Regards Stefan
-Original Message-
From:
[EMAIL PROTECTED]
us.org
{
sql_accounting
detail
}
Are there any reconnect options beside
connect_failure_retry_delay = 60
?
Thaks Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
The client asked for an EAP type which is not configured in your server.
Check eap.conf and uncomment the tls { } section for doing EAP-TLS. If
you also want to enable PEAP, also uncomment the peap { } and maschapv2
{ } sections.
Greetings,
Stefan
--
Stefan WINTER
Ingenieur de Recherche
server. So:
1) turn on Accounting on your NAS
2) configure the outer server to store accounting records to your liking
(e.g.: in MySQL)
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard
to
your server?
Check if you see his failed attempt on your own server at all. If it
isn't there, the request was rejected earlier in the proxy chain.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
the other guy to do the test again and at the
same time, observe your own debug log. You'll see the request coming in
(I'm going to assume you have sorted out firewall issues in both
directions) and why it gets rejected.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Thank you, Phil,
But the class will be expanded to something like %{Class} -
0x4631323334, which does not match ^DDF.*
The Class attribute is defined in the RFCs and the dictionary
files as
type octets, which are coerced to their 0xaabbcc
representation before
string
you.
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
three checkboxes near the bottom.
The relevant one is labelled Enable Quarantine Checks.
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax
pairs defined in the global dictionary file using an ID 3000
and using them as %{My-Attribute} later on?
Thank you.
Regards
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
are appended to this error file?
Thank You.
Regards
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
processing.
How would I put such a decoding into a DEFAULT area, possibly in the hints
file?
Regards
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
!
~#
~##
~#
~# If you see the server send an Access-Challenge,
~# and the client never sends another Access-Request,
~# then
~#
~# STOP!
?
Greetings,
Stefan Winter
, and that the
linker can find the libraries.
What else did you do?
I've installed Solaris 10 and Coolstack (the Sun Apache/MySQL/PHP/Perl pack)
Then GCC from sunfreeware incl. Libiconv
The FR 2.0.4 having the above trouble
Any further ideas?
Thank you.
Stefan
-Original Message
.
~ This *should* have been fixed in 2.0.4. But the underlying solution
is to get rid of request-password altogether.
Greetings,
Stefan Winter
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFITNdd
or to disable
features, which are not required, like oracle, but there must be a more
simple way... I bet.
Any hints? How did you do this on Solaris 10? (Solaris 9 with FR 1.0.2
installs fine...)
Thank you.
Stefan
What I did:
Solaris 10 Sparc
Sun Coolstack (incl MySQL and Perl)
gcc 3.4.6 from
,
the problem only occurs with this one static user. I'm sort of lost here.
Greetings,
Stefan Winter
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFIPUL5+jm90f8eFWYRAoCNAJ43yoK3MUsTaBGyVjPkgwF0WYJyBgCdFvnO
from the server's request list.
Strange indeed.
Stefan
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFIPVQq+jm90f8eFWYRAgJYAJ4vMqxaWXgZCQxmMcSPirgD50WsWACghC/L
P1Aio8JkPM6FEr9i0dSUvWc=
=gZhY
-END PGP
}} = 3417153537)(\
~ %{expr: %{1} * 16777216 + %{2} *
~ 65536 + %{3} * 256 + %{4}} = 3417153790 )) \
~ ) {
Just a guess though, I'm not a pro in unlang myself (yet).
Stefan
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.4-svn0 (GNU/Linux
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alan DeKok schrieb:
| Stefan Winter wrote:
| Don't know if this is an issue for you, but: Cisco equipment does not
| support command authorization via RADIUS (*any* RADIUS...) [for pure
| business greed reasons]. So if you really need per-command
know if this is an issue for you, but: Cisco equipment does not
support command authorization via RADIUS (*any* RADIUS...) [for pure
business greed reasons]. So if you really need per-command
authorization, you'll have to stick with TACACS+ which, sadly, is well
catered by ACS.
Stefan
-BEGIN PGP
-Off !(Acct-Session-Id =~
restena.*)) update control {
~ Proxy-To-Realm := testrealm.lu
~ }
(first and second line wrapped)
I'm sort of lost...
Greetings,
Stefan Winter
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG
== Accounting-Off !(Acct-Session-Id =~
/restena.*/)) update control {
~ Proxy-To-Realm := testrealm.lu
~ }
resulted in
Parse error in condition at: Acct-Status-Type == Accounting-Off
!(Acct-Session-Id =~ /restena.*/)) update control {
Greetings,
Stefan
Hi,
your accounting packets don't include the Gigawords attributes. Try adding
aaa accounting gigawords
to your IOS config. This may require a NAS reboot on some IOS versions(!!!).
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education
documentation. I'm not a Cisco employee
and will not do their work.
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED
might as well, you just have to try it.
Again. Thanks for your great and helpful suggestions.
Sometimes I'm tempted to kick my butt because I give free consultancy. I
accept Ferraris as gratuity gifts, you know? ;-)
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de
attributes ?
It should. See RFC2865 section 5.26 and RFC5080 section 2.5 for details. But,
to be honest, the pragmatically best approach is: TRY IT. Define a VSA, send
it, and look what happens.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education
to use SLIP, I will be disconnected after
about 22s.
What is the expected differnece or the advantage of using
Login-Service=Telnet?
Thank You.
Regards
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
not correlatable, except
for the timestamp and a possibly different port (both seem whacky ways of
doing it).
Was this change advertantly? Can I get the old behaviour back? Or at least,
add -inner to the client name for inner requests?
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA
be transported to the client device?
Certainly out of RADIUS and 802.1X, right?
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL
Hi,
I'm trying to emulate the edunet network wireless roaming network,
which primarily uses (in this order):
what exactly is edunet? The only wireless roaming network in the educational
sector I know of is * eduroam *. Are you speaking of that or something
completely different?
Stefan
Hi,
rlm_eap: No such sub-type for default EAP type peap
looks like you didn't configure the peap { } stanza in eap.conf, but listed
peap as default eap-type near the beginning of the eap.conf file. That is a
quite obvious contradiction, you should fix that.
Stefan Winter
--
Stefan WINTER
.
What would be a good start to read about how to configure it.
Thanks
Regards Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
and failed. It seems to encrypt passwords with its
VeryOwnProprietary (tm) algorithm in a one-way fashion, and of course
incompatible to MS-CHAPv2.
If you manage to get a clear text password out of it, please enlighten me.
Good luck.
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau
the mssql queries so that they
match your custom schema.
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED] Tel.: +352
ntlm_auth - user authentication is done with
an LDAP bind() operation with the user credentials.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L
= := - FIXED in query
value = password - fetched in query
This means something like
SELECT UserName,Cleartext-Password as attribute, := as op, Value FROM
checking WHERE Username = 'John'
Something like that. I use MySQL, but you should get the idea...
Stefan
--
Stefan WINTER
Stiftung RESTENA
you get. Chances are that that was all and it works :-)
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED] Tel.: +352
will hopefully reveal the names and values of the attributes that you have to
send.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E
in proxying, not any IP node underway as is current with RADIUS alone.
Concerning RadSec, you might like to read the current Internet-Draft:
http://www.ietf.org/internet-drafts/draft-winter-radsec-01.txt
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de
.
... that would be *PAM* source code edits? Yuck. It's not that important.
Thanks anyway,
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL
authentication, i.e.
EAP. For some reason your server does not want to process EAP. Did you by any
chance comment out the mentions of eap in authorize and authenticate? If so,
why? EAP will only work if EAP is enabled.
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education
-to-Virtual-Server := someserver, and then the packet gets
handed to that other virtual server automatically.
Does that make any sense? How do I do that?
Greetings,
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung
would the
stanza go? authorize { } of default server?
Greetings,
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED
. Something like
[EMAIL PROTECTED] as an
option to pam_radius_auth?
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL
the server cert? When I
looked around in Web previous to find some god HOWTO's about setting up
Freeradius using EAP-TLS I always found it that way, that the ca cert signs all
other certs and by the way, the HOWTO in the freeradius Wiki (EAPTLS.pdf)
explains it that way, too ;-)
Best regards
Stefan Puch
).
Thanks for the clarification, this is a good argument! In my case there is (and
will be) only one server with uses the CA so it makes no difference, but in many
other cases, you are right, signing with the CA is not what you really want.
Thanks again and best wishes
Stefan Puch
-
List info
@Arran Cudbard-Bell
Write a regular expression to strip off the proceeding \
Heres one I did earlier If I remember correctly it's to escape to
one \ in the username ... \\ To escape it in the RegExp string, \\ to make \
literal in the regular expression...
I'm not so familiar with
the realm ntdomain is set in radiusd.conf
(I have also set ntdomain in authorize and preacct section)
Best regards and thanks in advance
Stefan Puch
PS: When I've got a working configuration for the Windows Mobile devices, I'm
going to write a little HOWTO like the one EAP/TLS Setup
or the server
certificate?
The second question is: Are there any further suggestions or do I have to make
an ethereal trace? Perhaps you can send me some test certs that should really
work, so that I can exclude the certs when debugging/analyzing the rest?
Best regards
Stefan Puch
-
List info/subscribe
Microsoft Smartcard Logon should not be set in both variants. Or do you mean
that the extendedKeyUsage Microsoft Smartcard Logon must be disabled on the
PDA?
Best regards and thanks in advance
Stefan Puch
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Stefan Puch wrote:
Then some people came with their mobile devices which are running Windows
Mobile 2003, Windows Mobile 5 (WM5) or Windows Mobile6 (WM6) and the
problems began. The same EAP-TLS certificate which worked fine on a Windows
XP machine doesn't work on e.g. Windows Mobile 6 PDA
informations.
Best regards and thanks in advance
Stefan Puch
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
is getting more weird by the hour...
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1
http
. commercial CAs.
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1
http://www.restena.lu
haven't tested if that's really
practical. If you can find a student to code on that API, please go ahead :-)
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359
Is there any patch to make pppd use this radius client instead of it's
own copy of the old radiusclient?
No comments on this???
Maybe if you ask this question on a pppd mailing list, chances of getting a
response are higher.
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de
me get connected to my ISP -
I'm sorry, but I simply do not have the time to answer all the
questions like this that I get.
I wonder if that really still exists... usenet... I already feel old just
because I'm old enough to know what usenet and newsgroups *are*.
--
Stefan WINTER
Stiftung
a manager or an operator.
HP Claim to support a few VSA's for setting command lists and priv
levels, but on most of their switches they don't actually work !
Amazing. I would have thought TACACS+ is totally dead and only Cisco holds up
their flag.
Stefan
--
Stefan WINTER
Stiftung RESTENA
handle. So something like defining it by hand but only
including it if it was asked for would be needed. Is that logic present in
FR?
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung
.
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1
http://www.restena.lu Fax
,
function rfc_clean(). If you want to change the behaviour, and break
conformity with the RADIUS protocol, that's the place to go to.
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard
was only barely readable in plain-text.
2) Don't hijack other people's threads with an only mildly related subject.
3) forget about the realm table in SQL. AFAIK, it's not used in 1.1.x. realms
go into proxy.conf.
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de
Hi,
I don't really want to create a custom module for it, as I like to keep
this kind of thing config based and not modular.
Any Ideas?
at least in the users file, Proxy-To-Realm := realmname as a reply item works.
No idea if it will also do in SQL radcheck, but it's worth a try.
Stefan
Am Mi, 21.11.2007, 11:09, schrieb Alan DeKok:
Stefan Kohler wrote:
Looking for header files I tried
--with-oracle-home-dir=/usr/include/oracle/11.1.0.1/client , due to the
*.h files in that directory. That does not work. Any more hints?
$ CFLAGS=-I/usr/include/oracle/11.1.0.1/client
Am Mi, 21.11.2007, 12:18, schrieb Alan DeKok:
Stefan Kohler wrote:
Thanks for the quick response. Now, how do I configure that to happen
during the RPMbuild, as I put the whole .tar.bz2 file in the SOURCES
folder?
Edit the RPM spec file.
Tried to do so, put the needed line here
it in the
SOURCE-folder and extracted the specs file and enabled the oracle-
line there.
Maybe on of you could help me? Thank you very much for all comments.
Kind regards
- Stefan
--
stef [at] internetchefs [dot] de
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
users way of adding
entries with the user name at the beginning of the line doesn't work.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L
format = *User-Name:Crypt-Password
}
You don't use Crypt-Passwords, so saying that the file contains
Crypt-Passwords seems not so wise.
What you are looking for is
format = *User-Name:MD5-Password
I believe.
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education
any upcoming impl problems that have nothing to do with EAP frag size,
rather than yield with my frag size.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard
that behaves like that - is
there a reason for the EAP-Message and something wrong with 3579, or is that
SHOULD NOT just ignored by most?
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung
- only that it
is not possible without code modification.
I read through the changelogs, finding nothing like that - has there
been a change? Is it possible to convert PAP to CHAP? Howto?
Thanks in advance,
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
it, there you go.
If not: I'll put a Post-It on my computer :-)
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL
by their shortname...
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1
http://www.restena.lu
it matches 158.64.14.236 and sets proxying
accordingly. BTW, the same problem shows up when trying to make a similar
match in hints.
The line isn't matched in -X though. Anything special to think about when
trying to match an IP address range?
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau
.
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1
http://www.restena.lu Fax
switch port 0 cli PCName)
Instead of:
Login OK: [username] (from client switch port 0 cli 00-11-22-33-44-55)
Thanks!
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, which the rest of the server needs.
Wonderful!! That's obviously better...! :)
Which encryption_scheme do I use?
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the '0x'. What about
making it a configuration parameter? I'm sure others would like to be
able to skip the whole redundant *NTPassword thing, too.
Comments encouraged. Thanks!!
Stefan
# cat /tmp/0x.patch
diff -urN freeradius-1.1.7/src/modules/rlm_ldap/rlm_ldap.c
freeradius-1.1.7-0x/src/modules
in the various RFCs about
RADIUS. Which ones to use depends on what you want to do.
Nice to see someone from Perl on this list here (I'm from Besch) :-)
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung
The parameters are RADIUS attributes, as defined in the various RFCs
about RADIUS. Which ones to use depends on what you want to do.
BTW, a list is on
http://www.freeradius.org/rfc/attributes.html
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale
root -p radius mysql.sql
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1
query when it encounters a request from a new, unknown IP
address,
- RATE-LIMITED to once per minute or so.
That would make re-reading event-driven, and not make the server be DoS'ed
when a wave of fake requests comes in.
Not sure how difficult to implement this though...
Stefan
--
Stefan WINTER
to configure the user's password in the server, for example in the
users file. In 1.16 and later, you will want to use the
name Cleartext-Password instead of User-Password for that - it reduces
confusion.
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education
201 - 300 of 706 matches
Mail list logo