://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all
Hi,
is the firmware on that iPad particularly old? Or maybe your OpenSSL on
the server side?
Things like mismatching cipher requirements or force secure
renegotiation might cause some of these issues.
Greetings,
Stefan Winter
Am 19.09.13 06:27, schrieb val john:
hi guys
we are getting
to make make install ignore raddb used to work with
rc0 and numerous GIT snapshots.
Greetings,
Stefan Winter
Behaviour changes since release_3_0_0_rc0:
* Fixed many more compiler warnings.
* LDAP schemas to load dynamic clients from LDAP
* the control socket is now marked stable
* Added
with the configs lying in
raddb/modules-configuration-information/ and it would be very undue if
the stock build process bails out on failure then during a subsequent
installation.
Greetings,
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de
/raddb/mods-config, and
installed from raddb's own part of make install.
That way, if I move raddb out of the way, nothing bad will happen; both
the current content of raddb and all the script examples will be ignored.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation
Hi,
The fix still needs config changes with a bit of a hackish workaround -
read the thread til the end to get all the goodness.
I tested some of the hashes that were giving me trouble and they all
worked with the current branch version. I also read all the thread,
Glad to hear that :-)
The
Hi,
http://lists.freeradius.org/pipermail/freeradius-devel/2013-May/008046.html
http://lists.freeradius.org/pipermail/freeradius-users/2013-May/066440.html
I also did everything that Stefan Winter did - gdb live server,
valgrind, look at the source, compare with 3.0 - and got the same
`/usr/local/freeradius/config/raddb/mods-config', needed by
`/usr/local/freeradius/config/raddb/mods-config/perl'. Stop.
Do I need to mkdir and touch all subdirs as well?
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la
-localhost is in my /etc/hosts. I'd expect both of these to work...
no brackets also doesn't work, but that was just my last straw and
doesn't have to work anyway.
Does radtest not support IPv6? I could have sworn it did IPv6 earlier,
but not totally sure.
Greetings,
Stefan Winter
--
Stefan
, but as an IPv6 address. Both are unambiguous
and could be auto-detected.
That would add a little user-friendliness for users who didn't have
enough sleep :-)
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6
Hi,
I'd love to try.
looking at GITHUB's master branch, I see that the latest commit was 5
months ago, and the last tag is 3_0_0_beta1 ?
There's also no other branch name that suggests recent versions.
Anything wrong with github?
Stefan
On 16.07.2013 15:15, Alan DeKok wrote:
Stefan Winter
DeKok wrote:
Stefan Winter wrote:
(0) ERROR: %{#User-Password}
(0) ERROR: ^ Unknown attribute
(0) ERROR: Evaluation of condition failed for some reason.
(0)else else {
(0) - entering else else {...}
Earlier, this would yield the number of characters in the incoming
request's User
? Looks like a bug
to me...
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
signature.asc
Description
;
these days, it can mess with mods-available as it likes.
But still, the hygiene I could apply to my config previously was nice.
Any chance to get this back?
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
]: Configuration item
allow_core_dumps is deprecated
/usr/local/freeradius/config/raddb/radiusd.conf[0]: Replace
allow_core_dumps with (null)
Replace with null makes it look like the config parameter doesn't exist
any more; while it simply moved into security { }.
Stefan
--
Stefan WINTER
Ingenieur de
Hi,
On 15.07.2013 10:24, Alan DeKok wrote:
# mv raddb raddb-noinst
# mkdir raddb
# touch raddb/all.mk
# make install
that's easy enough, thanks!
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue
in the sql config is sqltracefile. Maybe that's
it, but with that parameter description, the semantics would be a rather
horrible mismatch.
NB: README.rst doesn't mention the death of sql_log nor that sql (null)
is its replacement.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
issuing actual requests for all my vservers.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
private CAs just as fine and automated as it does
commercial CAs.
Greetings,
Stefan Winter
Arran Cudbard-Bell a.cudba...@freeradius.org
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
with an interface
scope. So
fe80::215:17ff:fed0:d278
simply isn't an IPv6 address.
fe80::215:17ff:fed0:d278%eth0
is the valid address. I don't know if the FreeRADIUS address parser is
prepared to handle such interface-scoped addresses. There's not much use
case for this.
Greetings,
Stefan
/bugs, which tell us WHERE the problem occurred.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA
Hi,
RADSEC
These days, the more proper answer is: RFC6614
http://tools.ietf.org/html/rfc6614
:-)
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel
, which seems to be a no.
Of course I'm fixing my config by making the yes explicit - but maybe adapting
the defaults in realms.c might be a little more consistent behaviour.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de
this (admittedly not totally
clean), please see my message to -devel on 12 Oct 2012, titled SIGTERM
- SIGSEGV.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359
of the realms list.
Sure. Just do exactly that.
Stefan
Is there a better way of doing this?
Thank you,
Bertalan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de
i send request to server using EAP-TLS
authentication method.
Either by using a real EAP supplicant (Windows machine, Mac OS, ...) or
for a command-line test use eapol_test, which is part of wpa_supplicant.
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau
at cru.fr. As an
intermediate party, this is all you will get.
Why are you interested in other users' passwords?
Greetings,
Stefan Winter
Thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
Fondation
providers may use to make
their lives easier, and then maybe we could generate numbers from that.
Don't hold your breath though.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard
and updating original attribute value* by regex, unlang before output of
logging? just for logging purpose. Or it's necessary to use Perl?
See modules/linelog.
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6
Nagios testing).
In 2.2.0 against the old openSSL version, everything works fine -
Access-Accept. Any hints?
Greetings,
Stefan winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
.
If it now works, it was picking up OpenSSL X, and linking against
OpenSSL Y.
Hm, okay... will do.
Stefan
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique
/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
signature.asc
of non-EAP requests and accounting stuff, too.
Works like a charm.
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
Hi,
Anyway, adding an example would still be nice :-)
Submit a patch, or edit the wiki? :D
Here goes a unified diff - took the statement from sql/mysql/dialup.conf.
Greetings,
Stefan Winter
--- sql_log.orig2012-08-10 11:05:49.690247808 +0200
+++ sql_log 2012-08-10 11:08
how to send stuff to sql_log when an On/Off arrives... guessing
that I'm simply overlooking something.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359
be cute; but it's hard to find - one has to go into the code.
So if I'm right with that, could the documentation in modules/sql_log be
updated for 2.2.0? At least adding it as an example like the others
would be nice.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation
, adding an example would still be nice :-)
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
signature.asc
Description
se
responsabilizam pela transmissão destes.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove
to make a long-term
prediction, but at least there's no immediate problem in sight.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352
the iPhone nor the server; primary and backup run the
same configuration - synced via SVN.
I can revert back to 2.1.12 on the backup to verify that that fixes it to be
sure...
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
something that never worked, also not with 2.1.12.
Now working fine with 2.2.0-pre.
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352
there is no EAP-SHA1, it does not make sense to add a sha1 { }
section in eap.conf.
The replacements for MD5 in EAP are things like TTLS, PEAP, TLS, and
others. They are mentioned in eap.conf. If you want to get rid of
EAP-MD5, configure one of those.
Greetings,
Stefan Winter
On 11.07.2012 21:17, Si St
write, you have a working FreeRADIUS, working openLDAP backend, and have
configured it to do IEEE 802.1X on a WiFi access point.
That is 99% of what eduroam needs. So, what's missing?
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de
one.
This should also explain your subsequent queries below.
Greetings,
Stefan Winter
Staying with the Client IP Address, my next point surrounds the Accounting.
The cui.conf shows that accounting updates the table using Client IP Address
in the search:
accounting_start_query = UPDATE
://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel
Hello,
noone with a hint?
Stefan
On 07.05.2012 11:13, Stefan Winter wrote:
Hi,
at a client's site, I have to some chopping off parts of User-Name,
pretty straightforward, but for some reason it doesn't work (2.1.12):
In inner-tunnel, authenticate, MSCHAPv2 for PEAP:
authenticate
,
Stefan
On 09.05.2012 09:56, Alan DeKok wrote:
Stefan Winter wrote:
noone with a hint?
Hmm... the default return code for things in the authenticate
section is reject. And the update sections just pass through the
*previous* return code.
You might try this as a hack:
Auth-Type MS
Hi,
both methods worked: moving into authorize (but after calling the suffix
module, which sets Stripped-User-Name), and also the ok hack in
authenticate.
We chose to move to authorize, as it's more easily understandable.
Thanks for the help!
Greetings,
Stefan Winter
On 09.05.2012 11:17
instead, which fails too, and used a non-internal
attribute for that name as well. It just won't work.
Is that maybe one of the known quirks in 2.1.12? Would using the current stable
branch work better?
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau
for SHA-1.
Can I get a quick confirmation that the SHA-2 family is not supported
for password hashes? Anything coming up in that regard in 3.0?
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la
if the CA is shipped.
I.e. you don't gain a lot, and spend more money when using a trusted
CA, so in the vast majority of cases, it is the wiser way to use a
self-signed CA.
Greetings,
Stefan Winter
Kind Regards
Uwe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
Please don't write private mail to me with FreeRADIUS questions.
Forwarding to freeradius-users.
Original Message
Subject:ldap-radius integration
Date: Fri, 30 Mar 2012 12:35:53 -0700
From: exu...@gmail.com
To: stefan.win...@restena.lu
could you give me some
server is radius.example.com.
I believe these are the default (shipped) values that come with
FreeRADIUS. Replace them with the *real* login details of your LDAP
admin account.
In general: *read* the debug output and *apply common sense*.
Greetings,
Stefan Winter
P.S.: your Operating System
with unlang. Is there some {%rand} or
anything like that?
Currently I do it embedded in the INSERT:
INSERT ... SHA1(RAND())... INTO someplace
but our MySQL admins don't like me doing that. So I'd prefer to do this
on FreeRADIUS and send a simple string to the DB.
Greetings,
Stefan Winter
-
List info
it operates within a EAP context
and tries to warn of too big data chunks, while there is actually
nothing to warn about.
Greetings,
Stefan Winter
So we applied the below as a test and it works, but I was wondering as to the
wisdom of it...
interestinga RADSEC packet can be much bigger
ftp://ftp.freeradius.org/pub/freeradius/old/
On 11.02.12 03:32, Charles H. Fisher wrote:
I have heavily patched version of freeradius-server-2.0.4 That I
would like to migrate forward to the current version. This requires
that I know what changes were made to the standard 2.0.4. I have not
at all with a self-signed CA.
For Android 4.0 for example, pushing a new CA into the trust store is
hard. Doing it in a non-interactive autoconfig way is to my knowledge
impossible.
So, BYOD is a factor to consider.
Greetings,
Stefan Winter
McNutt, Justin M. wrote:
So I'm getting some pushback
leads to many people asking
the kind of can I upgrade questions we've just gone through.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
)
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
signature.asc
Description: OpenPGP digital
.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax
, or visit a course about RADIUS. The mailing list is about
configuring FreeRADIUS.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel
Hi,
Question is: When Freeradius receive user certificate how daemon find
correct CRL list in certs directory?
The CRL needs to be in the same directory as the CAs, and needs to be
hashed with c_rehash just like the CA certs. CRLs automatically get the
hash suffix .r0 instead of .0.
You will
,
do yourself a favour and grab a copy.
Greetings,
Stefan Winter
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
scripts any more (I guess I could
with some systemd-to-INIT legacy support, but I like eating fresh dogfood).
Is there already someone working on systemd description files for
FreeRADIUS? If not, I'll (have to :-) ) give it a go myself...
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de
real credentials or had
a typo/intentionally put in something different.
The patch is a few sample clients, nothing more.
A nice exercise, for sure, but calling this Pwnage Edition is somewhat
exaggerated. As I read the headline, I expected more bang for the buck :-)
Greetings,
Stefan Winter
a common
schema. You need to configure both sides regarding database hostname,
username, password. Setting it in raddb/* is NOT doing any good.
So, if your dialup admin throws an error - look at the web server's
error log. It will help you much more.
Greetings,
Stefan Winter
Am 19.09.2011 05:14
under surveillance for the rest of the week. By next Monday,
I'll speak up again and let you know if my setup (still) works fine.
Keeps on running like Forest Gump.
Stefan
Greetings,
Stefan Winter
Am 29.08.2011 16:13, schrieb Alan DeKok:
I've put some pre releases of 2.1.12 on the web site
surveillance for the rest of the week. By next Monday,
I'll speak up again and let you know if my setup (still) works fine.
Greetings,
Stefan Winter
Am 29.08.2011 16:13, schrieb Alan DeKok:
I've put some pre releases of 2.1.12 on the web site:
http://git.freeradius.org/pre/
Please let me
Hello,
while you marked lots of stuff in yellow, you missed the REALLY helpful
part:
WARNING: Unprintable characters in the password.Double-check
the shared secret on the server and the NAS!
How about doing exactly that...?
Stefan Winter
Am 05.08.2011 06:14, schrieb fieldpeak:
Hello
Regards,
Charles
2011/8/5 Stefan Winter stefan.win...@restena.lu
mailto:stefan.win...@restena.lu
Hello,
while you marked lots of stuff in yellow, you missed the REALLY
helpful
part:
WARNING: Unprintable characters in the password. Double-check
the shared secret
:
Hi Stefan,
Attached is the fully log from FreeRadius start, i tried to identify
it myself however i'm new comer to FR, can you please advise, thanks a
lot!
Regards,
Charles
2011/8/5 Stefan Winter stefan.win...@restena.lu
mailto:stefan.win...@restena.lu
Hi,
if the password
immediately. Is that unreasonable?
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
signature.asc
to do that, you couldn't be sure that the end device is actually
using that supplicant.
Greetings,
Stefan Winter
on a Ubiquiti PicoStation 2 firmware 5.3.2 (I believe it includes some
form of hostapd, but I'm not sure which version)
Freeradius Version 2.1.9
Clients running Windows 7 or Windows
- and then the process is gone.
Would this behaviour fit to this problem cause?
Worth trying the usec fix in GIT?
Greetings,
Stefan Winter
The server does decoupled accounting, one site has only one module in
accounting, rlm_detail and the other listens on the detail logs with
only one module
in that authorize block.
Stefan Winter
Am 20.06.2011 16:47, schrieb Alan Buxey:
Hi,
It's been a long time since 2.1.10. We're happy to release version
2.1.11, which has many of useful new features, and a number of minor
bugs fixed.
yay! :-) virtual champagne cork released
however, a nice
logged into a different directory than expected.
Thanks again,
Stefan
Am 21.06.2011 11:53, schrieb Alan DeKok:
Stefan Winter wrote:
a similar issue with the config parser here...
The following worked nicely in 2.1.10, but barks with Unexpected text
else (and with the obvious change to elsif
Hi,
The github Facebook logins will work, so it should be *much* easier
for people to contribute to the Wiki.
Ah! Federated login! Any plans to add OpenID? I have this nice OpenID
provider hanging around here...
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau
.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352
doesn't see it, and there's no auth happening.
As soon as I change the proxy pool definition back to the v4 variant,
things start working again.
That's a bit strange...
Greetings,
Stefan Winter
[1] IPv4 proxy definition:
home_server radius-int-1-v4 {
type = auth+acct
ipaddr = 158.64.X.Y
port
Hi,
That's a bit strange...
Bug #143, fixed in the v2.1.x branch.
Cool! Looking forward to 2.1.11...
Stefan
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau
.
Greetings,
Stefan
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel
will then not
touch raddb.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
signature.asc
Description
, but this is beyond character set badnesses. I'll run the same
test case with sql module debug on - maybe that sheds more light into
what's going wrong.
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue
and things work just fine now. But: how about a
sanity check for SQL along with a more adequate error message?
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove
... any known badnesses in MySQL/radreply? Anything I should do
(besides updating mysql client libs, which has right now popped near the
top of my TODO list)?
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
, and/or EAP methods, and *then*
ask a well-informed question.
Greetings,
Stefan Winter
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Help-me-with-Access-Challenge-configuration-tp4296727p4297493.html
Sent from the FreeRadius - User mailing list archive at Nabble.com
that the certificate change was the
problem, you could, if your CA's policy allows, install the old server's
certificate on the new instance. For IEEE 802.1X, there is no
requirement that DNS names and CN/subjectAltNames match.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation
with your other edit, at least :-)
Greetings,
Stefan Winter
Message-Authenticator = 0xe5b0ffbed84243bf27ac1ac9c9fcd0b5
server eduroam {
# Executing section authorize from file
/etc/freeradius/sites-enabled/eduroam
+- entering group authorize {...}
[suffix] No '@' in User-Name = xy
/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
signature.asc
far enough to send certificate data at all.
In any case, I don't think the FreeRADIUS server process is to be blamed
- it sends a well-formed response to a reasonable request. Something's
wrong between the server OS and the supplicant.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de
talk to the new
one...
Greetings,
Stefan Winter
eap.conf:
eap {
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
md5 {
}
tls {
certdir= /etc
). If you change the Subject in the cert... the supplicant won't
like it any more.
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax
Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
signature.asc
Description: OpenPGP digital signature
-
List info
the User-Password attribute though.
That is very odd. My strong guess is a shared secret mismatch instead.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L
the sender by
return email and delete this email from your system.
/font
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue
, I think there should be two attributes: one to contain the
instance name, one with the string. Using unlang is of course possible,
but clumsy - it worked without before.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education
' as people who
compile FreeRADIUS for the first time.
Not all these first-timers have previously attended my course, so
changing my course material doesn't solve the general problem.
Greetings,
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education
do it per Service Provider to prevent tracking - and the require
option allows you to make just that happen.
Greetings,
Stefan Winter
My approach is a bit more softly-softly (although I will admit it has
not had any field testing), most of the brains is here in policy.conf:
cui
; which
is much more cumbersome than having it in SQL.
Any thoughts here?
Greetings,
Stefan
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education
than running a whacky script, of course!
Greetings,
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
-
List info/subscribe
1 - 100 of 495 matches
Mail list logo
