Re: Need to change response type to Access-Challenge from rlm_perl

messages with me before I finally trigger the Access-Accept message. On Mon, Feb 18, 2013 at 9:00 AM, Walter Goulet wrote: > Hi, > > Looking through archives for this exact question, I see a post from 2008 ( > http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg47423.h

Need to change response type to Access-Challenge from rlm_perl

Hi, Looking through archives for this exact question, I see a post from 2008 ( http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg47423.html) where this exact question was previously asked. Here is my server version info: radiusd: FreeRADIUS Version 2.2.0, for host x86_64-unknow

Re: Design question - proxying RADIUS auth request to a backend webservice

time. On Sun, Feb 17, 2013 at 5:35 PM, Alexandr Kovalenko < alexandr.kovale...@gmail.com> wrote: > On Sun, Feb 17, 2013 at 11:05 PM, Walter Goulet wrote: > > I'm looking for some input from the experts to help validate a solution > > approach that I've come up with

Re: Design question - proxying RADIUS auth request to a backend webservice

Oh wow; that's even cooler! I'll give that module a shot. Thanks! On Sun, Feb 17, 2013 at 4:12 PM, wrote: > Hi, > > >The question to the list, are there other solution approaches that > might > >be better? Any significant disadvantages to using rlm_perl as I've > >described? Would

Design question - proxying RADIUS auth request to a backend webservice

y input is greatly appreciated. Walter Goulet - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

[no subject]

Ssee ee - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Patch to update the default CA certificates to use SHA1 instead of MD5

tion files to specify the use +of SHA1/RSA for the certificates. To do this, change the 'default_md' +entry in the ca.cnf/server.cnf/client.cnf files from 'md5' to 'sha1'. + On Sun, Aug 9, 2009 at 8:47 AM, Alan T DeKok wrote: > Walter Goulet wrote: > > While

Patch to update the default CA certificates to use SHA1 instead of MD5

Hi, While I was building a version of FreeRADIUS 2.1.6 from source I was testing the certificates that are created using the certs makefile. I noticed that the CA certs (as well as server and client certs) use the default OpenSSL md5rsa signature algorithm. From the recently announced vulnerabilit

Re: Support for WiMAX VSA

Hi Nitin, Question on your planned contribution to FreeRADIUS: Does your module support the key generation algorithms for the WiMAX mobility keys? Specifically, is your module able to correctly generate the MN-HA-MIP4-KEY and related key material from the EMSK derived as part of the EAP exchange?

Re: Algorithm used by FreeRADIUS to choose cipher suite used with EAP-TLS/TTLS

Alan DeKok wrote: >Walter Goulet wrote: > > >>How does FreeRADIUS's rlm_eap module choose the cipher suite used for >>EAP-TLS/TTLS sessions? >> >> > > It relies on OpenSSL to do the negotiation. > > > >>RFC 2246 for TLS states th

Algorithm used by FreeRADIUS to choose cipher suite used with EAP-TLS/TTLS

Hi, How does FreeRADIUS's rlm_eap module choose the cipher suite used for EAP-TLS/TTLS sessions? RFC 2246 for TLS states that the client presents the list of ciphersuites supported to the server and the server picks one that it supports. Is there a way to configure FreeRADIUS to only use a speci

Re: When EAP-AKA can be supported by FreeRADIUS?

On 2/2/07, Jeffrey Sewell <[EMAIL PROTECTED]> wrote: > > > > > (2). How does FreeRADIUS support WiMAX? > > > > No idea. What does the server have to do in order to support WiMAX? > > Please be specific. :) > > > > So far (since WiMAX isn't fully defined yet) all it has to do is > support EAP

Re: parsing certificate fields ?

Done; submitted patch as bug 300. Thanks, Walter On 12/10/05, Alan DeKok <[EMAIL PROTECTED]> wrote: > Walter Goulet <[EMAIL PROTECTED]> wrote: > > I wonder about this actually; I submitted a patch to pam_radius_auth and > > didn't get any comments or feedback of

Re: parsing certificate fields ?

Alan DeKok wrote: Riccardo Veraldi <[EMAIL PROTECTED]> wrote: I would like to parse for Locality L field. the new version 1.0.5 support this ? No. As always, patches are welcome. I wonder about this actually; I submitted a patch to pam_radius_auth and didn't get any comments or feed

Re: RadZap

You're not typing in the IP address of the server; 1645 is not the IP address of the server! -N 63.215.26.177 is the IP address of the NAS. On 12/1/05, Radius <[EMAIL PROTECTED]> wrote: > Your man says this. > > radzap [-d raddb_directory] [-N nas_ip_address] [-P nas_port] [-u user] [-U > user]

Re: Adding a realm to username with pam_radius_auth

Alan DeKok wrote: Walter Goulet <[EMAIL PROTECTED]> wrote: Quick question regarding pam_radius_auth. Since you have to have a local account on the client machine using pam_radius_auth to authenticate ssh sessions, how would you go about adding a realm to the username portion

Adding a realm to username with pam_radius_auth

Hi, Quick question regarding pam_radius_auth. Since you have to have a local account on the client machine using pam_radius_auth to authenticate ssh sessions, how would you go about adding a realm to the username portion of the authentication request? Reason I'm asking is because I'd like to use