On 2009-Apr-27, at 12:44, Ivan Kalik wrote:
On 2009-Apr-27, at 11:27, Alan DeKok wrote:
Guy Fraser wrote:
I am obviously missing something.
Ahem, did you read what sql_log does?
Yes it says :
modules {
...
sql_log {
path
Guy Fraser wrote:
I have installed :
radiusd: FreeRADIUS Version 2.1.3, for host i386-portbld-freebsd7.1,
built on Feb 26 2009 at 15:47:46
I have not been able figure out how to get it to log failed
authentication attempts
into the radpostauth sql table, like I had it working in Version 1.
On 2009-Apr-17, at 03:08, Alan DeKok wrote:
Guy Fraser wrote:
I have installed :
radiusd: FreeRADIUS Version 2.1.3, for host i386-portbld-freebsd7.1,
built on Feb 26 2009 at 15:47:46
I have not been able figure out how to get it to log failed
authentication attempts
into the radpostauth sql
You could put SQL logging here, too.
The configuration has changed significantly since I last contributed to
this project.
The main changes are moving text from one file to another. e.g. the
large chunks of authorize, etc. in radiusd.conf have moved to separate
files.
But the main
I have installed :
radiusd: FreeRADIUS Version 2.1.3, for host i386-portbld-freebsd7.1,
built on Feb 26 2009 at 15:47:46
I have not been able figure out how to get it to log failed
authentication attempts
into the radpostauth sql table, like I had it working in Version 1.
--
Guy Fraser
Alan DeKok al...@deployingradius.com wrote:
Augusto G. Andreollo wrote:
Hmm.. thing is, the post-auth sql query is already being processed, to
log the Access-Reject..
Yes.. I know. But the return code from the LDAP module in the
*authorize* section is lost by then.
Is there any other
Augusto G. Andreollo wrote:
I must've been doing something wrong.. When I erased everything and
retyped it again, it's now returning OK as given.
Weird... OK
My problem now is that it only returns correctly when the module returns
OK. If the LDAP returns anything else (fail, rejected,
On Tue, 2009-03-17 at 10:11 +0100, Alan DeKok wrote:
My problem now is that it only returns correctly when the module returns
OK. If the LDAP returns anything else (fail, rejected, notfound), it
just completely skips over the IFs block and goes straight to Post-Auth.
Is that expected?
Augusto G. Andreollo wrote:
Hmm.. thing is, the post-auth sql query is already being processed, to
log the Access-Reject..
Yes.. I know. But the return code from the LDAP module in the
*authorize* section is lost by then.
Is there any other way I could extract the
rejection reason from
Augusto G. Andreollo wrote:
I have the need to log the return code from the LDAP authentication to
our database (I'm adding it to the postauth table scheme).
I wouldn't suggest doing that for EVERY packet. Why do you think it's
necessary?
I've already modified the database scheme (ok), the
Hi,
if (rejected) {
are you sure sucha return code is available and
comparable in such a way? looks like 'rejected'
got matched...possibly because the check went okay -
a value of 0 - rejected isnt defined...has a value of
0 too? just a guess!
On Mon, 2009-03-16 at 16:13 +0100, Alan DeKok wrote:
Augusto G. Andreollo wrote:
My problem now is getting the return code into the variable, according
to the LDAP module results.
It looks like it's working. What's the problem?
(and then it goes on to successfuly add the string
Ok, updating on my progress:
On Mon, 2009-03-16 at 14:28 -0300, Augusto G. Andreollo wrote:
On Mon, 2009-03-16 at 16:13 +0100, Alan DeKok wrote:
Augusto G. Andreollo wrote:
My problem now is getting the return code into the variable, according
to the LDAP module results.
It
Hi,
I am trying to parse accounting logs of cablelabs format. Some of the
attributes are octet strings which in itself contain
detailed information that is printed as a octet string by freeradius.
e.g.:
CableLabs-Event-Message = 0x484153482830783833326632306329
Hi Folks,
Trying to look at the problem in another way.
I am inclined to think that I may have to write a module to parse the
octet string and populate the attributes into the AVP list. Assuming that
this is feasible, I would like to parse before the logging happens (via the
detail module
I am inclined to think that I may have to write a module to parse the
octet string and populate the attributes into the AVP list. Assuming that
this is feasible, I would like to parse before the logging happens (via the
detail module).
Run perl before detail. Put new attributes on the $RAD_REPLY
that
this is feasible, I would like to parse before the logging happens (via
the
detail module).
Run perl before detail. Put new attributes on the $RAD_REPLY list.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe
inclined to think that I may have to write a module to parse the
octet string and populate the attributes into the AVP list. Assuming that
this is feasible, I would like to parse before the logging happens (via
the
detail module).
Run perl before detail. Put new attributes on the $RAD_REPLY
behavior?
The server hasn't been updated to log the cached user name.
It would seem that logging authentication attempts
would be more useful if the real username was provided in addition to
the anonymous identity.
Yes.
As always, patches are welcome.
Alan DeKok.
-
List info
that
the user is not actually sending the real ID and password through the
tunnel; rather the saved session is being used. However, being that the
tunneled username is still available, and obtained from the cache, it should
be available to log. Is this the intended behavior? It would seem that
logging
).
My question is: is there a way to completely disable accounting logging?
I’ve tried commenting out the entire contents of the accounting section
in radiusd.conf (including the ‘detail’ and ‘daily’ entries), but this
results in accounting responses not being sent by the server
is: is there a way to completely disable accounting logging?
I've tried commenting out the entire contents of the accounting section
in radiusd.conf (including the 'detail' and 'daily' entries), but this
results in accounting responses not being sent by the server (as if an
empty accounting section disables
Sorry for my previous email;)
I was meaning: %{control:Auth-Type}
In my configuration, I use two different auth-type, one for PAP, one
for MS-CHAP.
Regards,
Vincent
Vincent Magnin [EMAIL PROTECTED] a écrit :
Bonjour,
Avez-vous essayé d'utiliser %{Auth-Type} ?
Salutations,
Vincent
Hello,
i am using a Freeradius 2.1.1.
I need logging authentication method by User-Name.
I am trying using linelog module for this... but i don't know how to
retrieve the information.
Does anyone has a clue ?
Thanks.
--
Richard Timsit [EMAIL PROTECTED]
EPFL DIT-TI
-
List
Richard Timsit wrote:
Hello,
i am using a Freeradius 2.1.1.
I need logging authentication method by User-Name.
I am trying using linelog module for this... but i don't know how to
retrieve the information.
You can use %{EAP-Type} to log the EAP type. It would best be done
Alan DeKok a écrit :
You can use %{EAP-Type} to log the EAP type. It would best be done as
part of a post-auth section.
Ok, this works perfectly, thanks a lot !
Is it conseivable to retreive more info for EAP-TTLS or for some others
authentications methods, like PAP or CHAP for example
Info like?
Ivan Kalik
Kalik Informatika ISP
Dana 3/12/2008, Richard Timsit [EMAIL PROTECTED] piše:
Alan DeKok a écrit :
You can use %{EAP-Type} to log the EAP type. It would best be done as
part of a post-auth section.
Ok, this works perfectly, thanks a lot !
Is it conseivable to
Bonjour,
Avez-vous essayé d'utiliser %{Auth-Type} ?
Salutations,
Vincent Magnin
Richard Timsit [EMAIL PROTECTED] a écrit :
Alan DeKok a écrit :
You can use %{EAP-Type} to log the EAP type. It would best be done as
part of a post-auth section.
Ok, this works perfectly, thanks a lot !
I have already asked this question a few years ago, but it still seems
to be impossible to log to stdout using Ubuntu's Freeradius-1.1.7 (I
have worked around it by using a fifo)
Am I overlooking something or is logging to stdout still an issue with
1.1.7? (for several reasons I'd like to stay
richard lucassen wrote:
I have already asked this question a few years ago, but it still seems
to be impossible to log to stdout using Ubuntu's Freeradius-1.1.7 (I
have worked around it by using a fifo)
Am I overlooking something or is logging to stdout still an issue with
1.1.7
or is logging to stdout still an issue
with 1.1.7? (for several reasons I'd like to stay with the original
Ubuntu version)
There have been no changes to 1.1.7 since 1.1.7 was released. It's
still the same version of software: 1.1.7.
Uhhh, a few years ago I was using 1.0.2 or 0.9 or something like
Ivan,
Thanks for your response. FreeRadisu is able to connect to the MySQL database
and write into the radacct table. However I am not ablle to set things up for
logging the VSA attributes into the database. How to edit the dialup.conf for
the VSA value logging. I edited
Hi,
I am facing difficulties in integrating MySQL and FreeRadius for the
accounting. I have setup the mysql with a database named 'radius'. I have also
defined a table 'rt_cdr1' which is to be used to store the CDRs that come in
the accounting request. I add the following statements in
I am facing difficulties in integrating MySQL and FreeRadius for the
accounting. I have setup the mysql with a database named 'radius'. I have also
defined a table 'rt_cdr1' which is to be used to store the CDRs that come in
the accounting request. I add the following statements in
mailing list
Oggetto: Re: R: R: Logging level
Arrigo Savio wrote:
I read all comments, and tried to give some permission on the files, but I
still receive the error pasted...
I read in docs that:
# If not set, then ANYONE can connect to the control socket,
# and have complete
Arrigo Savio wrote:
radmin set
ERROR: You do not have write permission.
Where can I specify this permission?
Read the example configuration file in
raddb/sites-available/control-socket.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
I tried to comment out the parameters, but it doesn't work anyway.
Arrigo.
-Messaggio originale-
Da: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Per
conto di Alan DeKok
Inviato: martedì 30 settembre 2008 8.43
A: FreeRadius users mailing list
Oggetto: Re: R: Logging level
Arrigo Savio
Arrigo Savio wrote:
I read all comments, and tried to give some permission on the files, but I
still receive the error pasted...
I read in docs that:
# If not set, then ANYONE can connect to the control socket,
# and have complete control over the server. This is likely
Hi everybody. I installed Freeradius 2.1.0 on a Fedora 9 server.
I'm trying to understand if is it possible to set the logging level in
radius.log log file. Where can I set up a radius -X like level also in
radius.log file?
Is it eventually possible to change this level on the fly? I mean without
Arrigo Savio wrote:
Hi everybody. I installed Freeradius 2.1.0 on a Fedora 9 server.
I suggest using 2.1.1, which was released last week.
I'm trying to understand if is it possible to set the logging level in
radius.log log file. Where can I set up a radius -X like level also in
radius.log
-
Da: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Per
conto di Alan DeKok
Inviato: lunedì 29 settembre 2008 11.48
A: FreeRadius users mailing list
Oggetto: Re: Logging level
Arrigo Savio wrote:
Hi everybody. I installed Freeradius 2.1.0 on a Fedora 9 server.
I suggest using 2.1.1, which
Hello Alan,
I want logging information, if a client shows up with an expired
certificate.
Therefor in authorize I have:
...
eap
if ( invalid ) {
update reply {
Tmp-String-5=INVALID Certificate
}
}
in post-auth
Norbert Wegener wrote:
It seems, if (invalid) is not entered and I don't see why.
The default behavior for invalid is to stop processing the request.
This can be changed by:
eap {
invalid = 1
}
if ( invalid ) {
...
I'm not sure the
If fear not...
eap {
invalid = 1
}
if (invalid) {
update reply {
Tmp-String-5=INVALID Certificate
}
...
Norbert Wegener wrote:
If fear not...
Hmm... if this is in the authenticate section, then the rules are
different. The authenticate section is processed by selecting *one*
module / section from the list. That *one* module is processed.
So if you have:
authenticate {
eap
Thanks, that works.
Norbert Wegener
Alan DeKok schrieb:
Norbert Wegener wrote:
If fear not...
Hmm... if this is in the authenticate section, then the rules are
different. The authenticate section is processed by selecting *one*
module / section from the list. That *one* module
the logging capabilities are more fully documented that I just
haven't been able to find?
Thanks,
--Greg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
requests coming
from unknown clients? As far as I can tell, these are just silently
discarded. I have read through all the comments on the log section in
radiusd.conf but I don't see anything about this. Is there anywhere else
where the logging capabilities are more fully documented that I just
Greg Woods wrote:
Is there any way to get the freeradius 2.1 server to log requests coming
from unknown clients? As far as I can tell, these are just silently
discarded.
Yes. Attackers can send packets much more quickly than the server can
log them. Logging unknown client could quickly
On Sat, 23 Aug 2008 07:04:11 +0200
Alan DeKok [EMAIL PROTECTED] wrote:
Aaron Spanik wrote:
*snip*
I suggest getting access. Sorry... but it's the simplest way to debug
things when something is going wrong.
Always. But sometimes one is forced to prove something is wrong before
the
Aaron Spanik wrote:
As you no doubt know, once I used
%{proxy-request:Packet-Dst-Ip-Address} I started seeing exactly what I
wanted to see in my logs.
Yup.
That sounds excellent; I will check out the GIT version. Can you
comment on how long it is likely to take before those features make
I apologize in advance if this question is answered in the
documentation, but if it is, I haven't been able to find it.
I have the following setup:
- Client daemon running on host A
- FreeRADIUS 2.0.4 server running on host A proxying auth requests
- Two Remote RADIUS servers serving
Aaron Spanik wrote:
Recently, however, there has been reason to suspect that the two remote
RADIUS servers are behaving inconsistently with each other (i.e. auth
fails on one and then immediately succeeds on the other).
Unfortunately, I have zero access to the remote RADIUS servers and
Hi all,
I have just recently migrated from 1.1.7 to 2.0.5. In 1.1.7 I had the
postauth sql logging turned on to log successful and failed auth attempts.
I not able to find where I would add it in 2.0.5 to enable this feature. I
see the sql statement in the dialup.conf config file but I am
Jeff Crowe wrote:
I have just recently migrated from 1.1.7 to 2.0.5. In 1.1.7 I had the
postauth sql logging turned on to log successful and failed auth attempts.
I not able to find where I would add it in 2.0.5 to enable this feature.
Read radiusd.conf, especially the last few lines
Frank Bulk - iNAME wrote:
I'll do my best to ignore the abrasive comments.
Since you make a point of talking about them, I can explain. Very few
people CC me on posts to the list, and every time they get told that I
still read the list. Almost no one sets return receipt requested,
because
I have just committed updates to the linelog module (including
documentation) that significantly increase it's usability. The goal is
to move most of the hard-coded log messages to this module. Once these
log messages are added to the configuration, the existing hard-coded
messages can be
messages can be deleted.
Ok, so you're talking about removing all DEBUG() and other logging
function calls from the source and replacing it all with soft
configuration based logging ? Or just specific ones ?
Are you no longer committing to CVS btw ?
We're looking for volunteers to examine
Arran Cudbard-Bell wrote:
Ok, so you're talking about removing all DEBUG() and other logging
function calls from the source and replacing it all with soft
configuration based logging ? Or just specific ones ?
No! The DEBUG logs will still be there. I'm talking about the
hard-coded logs
Frank Bulk wrote:
I scoured online and in the archives but I haven't found a solution to my
question: is there a way to log additional attributes, not unlike what's
done in ISC's DHCP logging?
What do you mean by that?
I know that 'detail' logging is possible, but
those are stored
Alan:
I'll do my best to explain.
Currently our NAS is returning the NAS-Port and FreeRADIUS is logging it
like this:
Fri Jul 18 13:09:52 2008 : Auth: Login OK: [khj] (from client dslam
port 1073873726)
Fri Jul 18 13:09:55 2008 : Auth: Login OK: [dfsands6] (from client
dslam port
Don't CC me on posts to the list. I *do* read the list, if you hadn'
already noticed. And DON'T set return receipt requested. It's
annoying. I generally delete all email which has that set.
Frank Bulk - iNAME wrote:
...
According to my NAS' documentation, that longish number is a
PROTECTED]
Sent: Saturday, July 19, 2008 12:23 PM
To: [EMAIL PROTECTED]; FreeRadius users mailing list
Subject: Re: Logging attributes to the regular log
snip
Frank Bulk - iNAME wrote:
...
According to my NAS' documentation, that longish number is a
bit-representation of an interface. Rather than
I scoured online and in the archives but I haven't found a solution to my
question: is there a way to log additional attributes, not unlike what's
done in ISC's DHCP logging? I know that 'detail' logging is possible, but
those are stored in a separate file for each connection. I just want to add
Hi, I'm running freeradius-1.1.7.1 and have switched to using a subnet
for my NAS devices in clients.conf.
Unfortunately, my logs no longer tell me which NAS device a request
came from and show only the MAC address of the user's laptop.
Is there a way to get the NAS IP address as well in the
It's already logged in detail logs.
Ivan Kalik
Kalik Informatika ISP
Dana 15/7/2008, [EMAIL PROTECTED] [EMAIL PROTECTED] piše:
Hi, I'm running freeradius-1.1.7.1 and have switched to using a subnet
for my NAS devices in clients.conf.
Unfortunately, my logs no longer tell me which NAS device a
So, how can I get in logs exactly common names?
As I understand, only way to do it is
check_cert_cn = %{User-Name}
in eap.conf?
--
Vladimir Vassiliev [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I have such entries in my radius.log
Fri Jun 6 18:52:31 2008 : Auth: Login OK: [asus_large] (from client wifi port
2 cli 00-19-7D-4A-B7-F4)
asus_large - in this example is a common name of SSL certificate and I thought
it cannot be forged and I can identify which
certificate was used. But
[EMAIL PROTECTED] wrote:
a further question on this one - as the detail relay virtual
server buffered-sql is only supposed to run when the main thread
isnt busy...and is only supposed to read detail file, log to SQL
then 'be quiet' why, when it encounters such an issue does the
main
is reporting the value. in
our SQL logging we look for the Acct-Session-Id, and the Timestamp
and then use those to create the session time due to wierdnesses
(see the example UPDATE comand in sql/postgresl/dialup.conf to get
what I mean) so hope we dont actually care about what the kit tells
us(!)
alan
[EMAIL PROTECTED] wrote:
further to last email, heres example packet:
...
Acct-Session-Time = 0
unlang. :)
accounting {
...
if (Acct-Sesion-Time != 0) {
sql
}
else {
ok
}
...
}
i.e. bypass the module
Hi,
unlang. :)
yes - i was pondering that one. okay.
and even better, use eg sql_log for the
ones that are session-time = 0 so that i can
capture them, know them, and see when the
issue is fixed etc...
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS Version 1.1.6 Rhel3
I hope it's an easy one
I've my server setup authentication is working fine but I have no log in this
directory
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
The Client-IP-Address directory exist (automatic) but I've no detail-xxx files
in
J-P Raymond wrote:
I've my server setup authentication is working fine but I have no log in
this directory
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
The NAS isn't sending accounting packets.
any clues ?
This is in the FAQ, too.
Alan DeKok.
-
List
hello,
you for the page web of freeradius, i look it befor i ask this question.
can anyone give me the right configuration of the swith cisco3560 to
authenticate a windows XP on lan network. i use TLS ou PEAP.
thanks
_
-
Well, look again. Same question was asked and answered today. Different
Cisco device but that doesn't change a thing.
Ivan Kalik
Kalik Informatika ISP
Dana 5/2/2008, hamid benane [EMAIL PROTECTED] piše:
hello,
you for the page web of freeradius, i look it befor i ask this question.
can
Hi,
Hello,
I have successfully configured freeradius 2.x to do AAA for my Cisco
Catalyst 3560. Using modules rlm_detail I am able to log when the session
starts and ends, however I am also interested in logging exactly what
commands were issued by the user. Does anyone know how I can
http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ#It_still_doesn.27t_work.21
Ivan Kalik
Kalik Informatika ISP
Dana 5/2/2008, hamid benane [EMAIL PROTECTED] piše:
Hello,i have the same configuration like you freeradius-1.1.1, cisco 3560 but
when i try to autheticate my windows xp its
Hello,i have the same configuration like you freeradius-1.1.1, cisco 3560 but
when i try to autheticate my windows xp its failed. i want to know how you
configure your freeradius and cisco to work well. my configuration on wireless
work fine.
For your question that you ask, i dont undesrstand.
the session
starts and ends, however I am also interested in logging exactly what
commands were issued by the user. Does anyone know how I can accomplish
this?
Thank you,
Vijay Avarachen
--
Knowledge is the only wealth that grows as you spend it, and diminishes as
you save it.
-
List info/subscribe
Hello,
I have successfully configured freeradius 2.x to do AAA for my Cisco
Catalyst 3560. Using modules rlm_detail I am able to log when the session
starts and ends, however I am also interested in logging exactly what
commands were issued by the user. Does anyone know how I can accomplish
Ok I accomplished this outside of FreeRadius. Requires IOS vers 12.3(4)T
and 12.2(25)S. Here are the important sections from the config:
archive
log config
logging enable
logging size 1000
notify syslog
hidekeys
logging xxx.xxx.xxx.xxx
Reference:
1.
http://www.cisco.com/en
Hmm. That sounds great. I have Port-based VLANs on the switches but still
no affects. Am I using wrong type VLANs? Port-based authentication, could
you explain some?
Thanks.
Yes. Use VLANs and port based authentication and they won't be able to
do that. If they manually change IP address to a
1. Switch has to support dynamic VLAN assignment by radius. Then you pass
Tunnel set of attributes (type, medium and id) to it and place a user
in a desired VLAN. If you can only configure VLANs manually, than this
is not going to work.
2. How does someone change his IP address to a different
Yes. Use VLANs and port based authentication and they won't be able to
do that. If they manually change IP address to a different VLAN
connection will become unusable.
Ivan Kalik
Kaliki Informatika ISP
Dana 29/1/2008, [EMAIL PROTECTED]
[EMAIL PROTECTED] piše:
Hi,
I have a question.
When the
Hey,
On Jan 29, 2008 9:45 AM, [EMAIL PROTECTED] wrote:
Hi,
I have a question.
When the user logs using own username and password into Radius server (ie,
using 192.168.160.5), it is OK. When someone change IP address statically
into logged IP (to 192.168.160.5), he can use the logged
Peter Nixon wrote:
On Mon 28 Jan 2008, Mother wrote:
1. Install screen (not by default installed in FreeBSD).
2. Run a new screen, name it something convenient (# screen -S radiusd)
3. Hit Ctrl+A-H, this will log all console output to file.
4. Start radiusd with -X or -x
5. Detach from the
Hi all,
Since I hate when people write No problem, I fixed it and then
disappear into the ether without giving details that could be useful to
others, here is what I did:
1. Install screen (not by default installed in FreeBSD).
2. Run a new screen, name it something convenient (# screen -S
On Mon 28 Jan 2008, Mother wrote:
1. Install screen (not by default installed in FreeBSD).
2. Run a new screen, name it something convenient (# screen -S radiusd)
3. Hit Ctrl+A-H, this will log all console output to file.
4. Start radiusd with -X or -x
5. Detach from the screen with
Hi,
I have a question.
When the user logs using own username and password into Radius server (ie,
using 192.168.160.5), it is OK. When someone change IP address statically
into logged IP (to 192.168.160.5), he can use the logged account. I mean
he can use another one's account. How can I block
Hi all,
After searching around the docs, I cannot find a way to control the
debug log level (to radius.log), and since I am having problems where
the server seems to freeze every now and then, I really need to find a
cause. All I could see in the last batch of logs is:
Wed Jan 23 09:15:51
http://www.digipedia.pl/man/radiusd.8.html
Ivan Kalik
Kalik Informatika ISP
Dana 23/1/2008, Mother [EMAIL PROTECTED] piše:
Hi all,
After searching around the docs, I cannot find a way to control the
debug log level (to radius.log), and since I am having problems where
the server seems to
Ivan,
[EMAIL PROTECTED] wrote:
http://www.digipedia.pl/man/radiusd.8.html
Yes, deja-vu :) One question, -x (not -X), provides debug output to
radius.log??? I tried this before, but did not seem to get anything
other than what is already normally ouput.
Best regards,
Mike
-
List
Mother wrote:
Ivan,
[EMAIL PROTECTED] wrote:
http://www.digipedia.pl/man/radiusd.8.html
Yes, deja-vu :) One question, -x (not -X), provides debug output to
radius.log??? I tried this before, but did not seem to get anything
other than what is already normally ouput.
Best regards,
Mike
-
Hi,
A lot has changed since -pre2.
Hmm... it *should* be configurable in radiusd.conf. See the log
section in radiusd.conf. Some configuration items have moved, because
it was dumb to have log_foo, log_bar, log_baz, etc.
ha! a lot HAS been changing. damn. you are right. how did
i
[EMAIL PROTECTED] wrote:
ha! a lot HAS been changing. damn. you are right. how did
i miss that fundamental change to the log {} section. ???
It got changed fairly recently.
there was another post by someone else on this list a while back
about latest CVS being more quiet than the old.
I am using a recent pre-2, authentication via a mysql database.
In post-auth I have a sql module, that reports accept/reject to a
another mysql database.
When this database is not available, the user is rejected, although I
get Auth-Type = Accept before.
Is this a desired behaviour, bug or
Norbert Wegener wrote:
I am using a recent pre-2, authentication via a mysql database.
In post-auth I have a sql module, that reports accept/reject to a
another mysql database.
When this database is not available, the user is rejected, although I
get Auth-Type = Accept before.
Is this a
Arran Cudbard-Bell wrote:
Norbert Wegener wrote:
I am using a recent pre-2, authentication via a mysql database.
In post-auth I have a sql module, that reports accept/reject to a
another mysql database.
When this database is not available, the user is rejected, although I
get Auth-Type =
Arran Cudbard-Bell wrote:
Whats slightly worrying about using rlm_sql is if for any reason a table
is locked,
the SQL request will block until the table is unlocked. In blocking it
appears to block the entire FR server !
Everything just stops until the table is unlocked, and the request is
301 - 400 of 651 matches
Mail list logo