Hi,
For those out there using decoupled accounting, especially in an
'eduroam' environment, might find the following helpful.
I receive a lot of random rubbish from the various NAS's deployed
internationally send to my FreeRADIUS installation. Such moments of fun
are accounting stop packets
So does the detail reader read the packet, find that its invalid and then retry
the same packet?
-Arran
On Mar 6, 2011, at 2:37 PM, Alexander Clouter wrote:
Hi,
For those out there using decoupled accounting, especially in an
'eduroam' environment, might find the following helpful.
I
Alexander Clouter wrote:
The unfortunate outcome means after a bad accounting packet, the
mountpoint I use for recording my journal fills up until FreeRADIUS
hangs with no warning (meanwhile FreeRADIUS works fine so it is not
something trivially monitored by NAGIOS or such).
2.1.10 has
Arran Cudbard-Bell a.cudba...@gmail.com wrote:
So does the detail reader read the packet, find that its invalid and
then retry the same packet?
Yes...after waiting 30 seconds then retrying.
For 'valid' packets, it is handy, as I get to fix my SQL, but there will
come a point where is
Hi Ivan
I had had followed the steps to create certitifactes for Win XP and
configured the AP.
Also copied the client.p12 and ca.der to XP machine
When i double click on the SSID palstaff it shows the windows was unable to
log you on to the palette network.
Regards
Devinder
-
List
HI Ivan
Thanks. Yes i have double click on the ca.der file and client.p12 both
were installed successfuly.
I also manaed to set up my SSID palstaff and when i click on the SSID
i see a pop up windows on my wireles LAN asking for my username on
certificate and i selected
devin...@palettemm.com
Ok i took your advise and yes its a diffeenrent error now
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 203.121.4.59 port 6001,
id=134,
Hi Ivan
I still get the same error now
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] eaptls_verify returned 7
[tls] Done initial handshake
[tls]
Hi Ivan,
ok could you let me know what do i need to alter in the Make File.
Just wanted to make sure i dont do something wrong here
What are the steps that i need to take to do this.
I can see a Makefile in /etc/raddb/certs
Thanks
Devinder
2009/8/4 Ivan Kalik t...@kalik.net:
OK, I think
Ok once i have made the changes shoud i repeat the steps in the
/etc/raddb/README to generate the certs , server and client once again?
2009/8/4 Ivan Kalik t...@kalik.net:
ok could you let me know what do i need to alter in the Make File.
Just wanted to make sure i dont do something wrong
Hi Ivan
Before i generate the certificates do i need to delete any files from
/etc/raddb/certs folder
Devinder
2009/8/4 Ivan Kalik t...@kalik.net:
Ok once i have made the changes shoud i repeat the steps in the
/etc/raddb/README to generate the certs , server and client once again?
Hi Ivan.
Ok i have reformetated my machine and installed Radius 2.1.1 from Yast
Open Suse 11.
I followed the instructions in /etc/raddb/certs/README
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
Hi Ivan,
these are the files in the /cert directory after i had ran the
instruction in RREADME
Could you let me know how to fix the errors
Thanks
linux-h9qt:/etc/raddb/certs # ls
01.pem ca.cnf client.cnf client.p12 index.txt
Makefile serial.old server.key
Hi Ivan
I did this
chown root:radiusd /etc/raddb/certs/server.pem
chown root:radiusd /etc/raddb/certs/ca.pem
and then i got the error
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
ok i set the password to devin123
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = /etc/raddb/certs/server.pem
HI Ivan,
These are the new error messages
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
Hi
I do have the random and dh file
linux-h9qt:/etc/raddb/certs #ls -al
-rw-r- 1 root root 245 2009-08-03 11:36 dh
-rw-r--r-- 1 root root 384 2009-08-03 12:11 index.txt
-rw-r--r-- 1 root root 21 2009-08-03 12:11 index.txt.attr
-rw-r--r-- 1 root root 21 2009-08-03 11:59
Hi
This is my directory listing which file should i copy to the XP machine
linux-h9qt:/etc/raddb/certs # ls
01.pem bootstrap ca.key client.crt client.p12
dh index.txt.attr.old random serial.old server.csr
server.pem
02.pem ca.cnf ca.pem client.csr client.pem
Hi Ivan
Ok i managed to install ca.der and client.p12 on my XP
When i run radiusd -X i get
rad_recv: Access-Request packet from host 203.121.4.59 port 6001,
id=30, length=216
User-Name = devin...@palettemm.com
NAS-IP-Address = 203.121.4.59
Called-Station-Id =
Hi Ivan,
When i clik on my SSID palstaff it prompts for the certificate name
username on certificate so i selected
devin...@palettemm.com
Click OK then authentication failed on the SSID
2009/8/4 Devinder Singh devinbhul...@gmail.com:
Hi Ivan
Ok i managed to install ca.der and client.p12 on
++[unix] returns notfound
[files] users: Matched entry devin...@palettemm.com at line 94
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap]
Hi Ivan
Actually i followed the steps in Free Radius
http://wiki.freeradius.org/WPA_HOWTO. Could i use the steps here or
shoud i follow the Readme file
Regards
Devinder
2009/8/1 Ivan Kalik t...@kalik.net:
I refeer only to version 1.0.4 for the serial file as its not there in
Hi Ivan,
I refeer only to version 1.0.4 for the serial file as its not there in
/etc/raddb/certs/demoCA so i get the serial file from version 1.0.4
But i still get the errror message Bad Encrypt.
What shoud i do next. I have created the certificates alomoist 5 times already .
The massspord
On Thu, 2009-07-30 at 19:24 +0100, Ivan Kalik wrote:
Just in decoupled-accounting. But you need to divert accounting to
write-detail virtual server in listen section.
I'm not sure I've configured the write_detail virtual server in the
listen section properly. This is what I have at the moment
I'm not sure I've configured the write_detail virtual server in the
listen section properly. This is what I have at the moment:
listen {
ipaddr = 1.1.1.2
port = 0
interface = eth0
type = acct
virtual_server =
Hi Ivan
Ned you help here
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
I my certs /pass directord is empty
2009/7/31 Devinder Singh devinbhul...@gmail.com:
Hi Ivan
Ned you help here
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
Hi Ivan
This is how generetd the certs and radiusd -X gives error
linux-7v1x:/etc/raddb/certs # ./CA.root myettelap
Generating a 1024 bit RSA private key
..++
.++
writing new private key to 'pem/newreq.pem'
-
You are about to be asked to enter information that will be
On Fri, 2009-07-31 at 09:35 +0100, Ivan Kalik wrote:
It should, as long as the listen section in server blah isn't identical
(as it is in your examples).
This acct listen section is actually from the server blah config. The
one in the other email was the original config before I made my
On Wed, 2009-07-29 at 13:23 -0400, Kanwar Ranbir Sandhu wrote:
I'm using freeradius 2.1.6 and want to move to decoupled accounting. I
understand the example configs, but one question I still have is this:
do I have to have preacct and accounting sections in my
virtual.blah.com file (very
As you can see, decoupled-accounting has the same preacct and accounting
sections that virtual.blah.com has. So, would I need them in both, or
is it enough to just have preacct and accounting in the
decoupled-accounting file?
Just in decoupled-accounting. But you need to divert accounting
On Thu, 2009-07-30 at 19:24 +0100, Ivan Kalik wrote:
Just in decoupled-accounting. But you need to divert accounting to
write-detail virtual server in listen section.
Yes, I've done that. I actually copied up my old virtual.blah.com config
that didn't have the write-detail virtual server
Hi All,
I'm using freeradius 2.1.6 and want to move to decoupled accounting. I
understand the example configs, but one question I still have is this:
do I have to have preacct and accounting sections in my
virtual.blah.com file (very similar to the default file) which is in
the sites-enabled dir
to decoupled accounting. I
understand the example configs, but one question I still have is this:
do I have to have preacct and accounting sections in my
virtual.blah.com file (very similar to the default file) which is in
the sites-enabled dir, even though I will have preacct and accounting
On Wed, 2009-07-29 at 21:21 +0200, Rokkhan wrote:
No, the accounting will only work on the virtual serve who has a
listen section that has acct activated.
If you put a new virtual server without acct listen section will not work.
My virtual server does have an acct listen section. I'm talking
35 matches
Mail list logo
