[mailto:freeradius-users-bounces+difan.zhao=guest-tek@lists.freeradi
us.org] On Behalf Of Alan DeKok
Sent: Tuesday, March 30, 2010 5:47 PM
To: FreeRadius users mailing list
Subject: Re: Question: How do I forcibly accept all rest requests??
Difan Zhao wrote:
However if you can fool the NAS to let
On 03/25/2010 12:31 PM, Jeffrey Wang wrote:
I am using freeradius server against my ldap server for regular user
access and eap. I need the wireless user treated differently. So I
created a entry in users file and would like to set user-password for
these users in encrypted form. For the users
LDAP. However, once
cleartext-password set, user-password is ignored.
Jeff
-Original Message-
From: John Dennis [mailto:jden...@redhat.com]
Sent: Thursday, March 25, 2010 1:36 PM
To: FreeRadius users mailing list
Cc: Jeffrey Wang
Subject: Re: question on users file
On 03/25/2010 12:31 PM
Patric wrote:
As you can see, the above query will set acct_input_octets = 5 on server
B, so now server A has acct_input_octets = 7 and server B has
acct_input_octets = 5.
Yup.
Most people solve this problem by doing post-processing of the tables.
If a db entry exists, and the
Am Montag, 23. November 2009 11:19:41 schrieb Divya Shah:
How many radius accounting requests per second can free radius support?
I am using openser-1.1.1-1.1 .
I have tested up to around 400. But need it to support more than 600
requests per sec.
Please let me know the max rate it can
Sorry for the stupid question, but I'd want to get how many time
every
user is connected, please could you provide some kind of guideliness?
Using Version 2.1.1.
SELECT Count(*) FROM radacct WHERE UserName='some_username'
I guess that you're using database module, aren't you?
You
2009/11/3 Ivan Kalik t...@kalik.net:
Sorry for the stupid question, but I'd want to get how many time
every
user is connected, please could you provide some kind of guideliness?
Using Version 2.1.1.
SELECT Count(*) FROM radacct WHERE UserName='some_username'
I guess that you're using
We sell our time in Day, Week and Month
increments, and the users are free to used the system as much as they want
during their time. My Question is, do I really need to use
Max-All-Session
if all I really need is a hard expiration date for my users?
You don't need Max-All-Session then.
Add this line to the home server configuration of Server A (running 2.1.7):
no_response_fail = yes
Tim
-Original Message-
From: freeradius-users-
bounces+tim.sylvester=networkradius@lists.freeradius.org
[mailto:freeradius-users-
Tim Sylvester wrote:
Add this line to the home server configuration of Server A (running 2.1.7):
no_response_fail = yes
Hi Tim,
That worked perfectly! Thank you :)
Rejecting request 191 (proxy Id 218) due to lack of any response from
home server xxx.xxx.xxx.xxx port 1813
No response
Patric wrote:
And 30 seconds later the request is retried and succeeds :)
Is there any way for me to decrease the retry delay?
See the retry_interval configuration in the detail listener.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok wrote:
Patric wrote:
And 30 seconds later the request is retried and succeeds :)
Is there any way for me to decrease the retry delay?
See the retry_interval configuration in the detail listener.
Hi Alan,
Would I be correct in my understanding that I add that here:
Hi Alan,
Replace the ldap123 line in the authorize seciton with:
if (!EAP-Message) {
ldap123
}
works great and is logical indeed -- thanks!
Just for myself and others try to learn from examples:
I had thought that
eap {
ok = return
Martin Pauly wrote:
I have 2.1.6 and things basically work. But I just came across a
question about the processing of outer/inner identity:
As I understand it, in case of a non-EAP RADIUS request (eg from my old
modem servers), there is no tunnel and hence no inner identity.
== Autz and Auth
Hi,
I have 2.1.6 and things basically work. But I just came across a
question about the processing of outer/inner identity:
As I understand it, in case of a non-EAP RADIUS request (eg from my old
modem servers), there is no tunnel and hence no inner identity.
== Autz and Auth are done by
My question is how can i change the usergroup, radgroupcheck,
radgroupreply,
tables into Ldap to authorization-authentication step, with more options
to
check like Calling-Station-Id, Called-Station-Id, Hint, Groupnames, etc
etc???
Place user into a group in ldap and use Ldap-Group to check
ok i found this
http://freeradius.org/radiusd/doc/ldap_howto.txt
i guess to have many stuff to read and try my problem any way i can read more
solutions to can make my trouble in fast way and short time.
Regards again.
Tony
Tony P. escribió:
hi, i have freeradius server over Debian Etch
Hi,
Or maybe ntlm_auth isnt the way to do this? Maybe I'm looking at this
the wrong way? Any ideas to get this to work or any other better ideas?
there are samba issues to dea with - binding credentials etc
with regards to ntlm_auth, you can put an unlang wrapper around it
to choose what
Problem was solved thanks to Ivan assistance,
Main problem was on switch side and its configuration,
Second problem was - proper certificate to proper certificate store
And third - in my head :).
Thank you again
Bartosz.
-
List info/subscribe/unsubscribe? See
Problem was solved thanks to Ivan assistance,
Main problem was on switch side and its configuration,
Second problem was - proper certificate to proper certificate store
And third - in my head :).
OK. Now that you have established that client certificates signed by CA
work with XP SP3, can you
On Fri, May 29, 2009 at 10:32 AM, Ivan Kalik t...@kalik.net wrote:
Problem was solved thanks to Ivan assistance,
Main problem was on switch side and its configuration,
Second problem was - proper certificate to proper certificate store
And third - in my head :).
OK. Now that you have
On 21/5/09 15:05, Alan DeKok wrote:
Arran Cudbard-Bell wrote:
Yes, so have it tell the outer server... Insert the (attached) snippet
into the authorize section of the inner server.
$ git format-patch
?
It's on my to do list. You may find things getting jiggled around to a
more sane
Thanks a lot guys, it's working properly now
Best regards
Anatoli
Arran Cudbard-Bell wrote:
Hi,
No. You should be running through your authorisation policies on
session resumption. All policies should be moved to the post-auth
section of the outer server.
but only the inner
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Anatoli Logvinski wrote:
Hi
We are using dynamic VLAN assignment with freeradius 2.1.6 and
tried to test session resumption. It looks like that freeradius
doesn't cache all reply attributes and upon session resumption the
VLAN assignment
Hi,
No. You should be running through your authorisation policies on
session resumption. All policies should be moved to the post-auth
section of the outer server.
but only the inner server knows the real id etc ?
alan
-
List info/subscribe/unsubscribe? See
Hi,
No. You should be running through your authorisation policies on
session resumption. All policies should be moved to the post-auth
section of the outer server.
but only the inner server knows the real id etc ?
Yes, so have it tell the outer server... Insert the (attached)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arran Cudbard-Bell wrote:
Hi,
No. You should be running through your authorisation policies
on session resumption. All policies should be moved to the
post-auth section of the outer server.
but only the inner server knows the real id etc ?
Arran Cudbard-Bell wrote:
Yes, so have it tell the outer server... Insert the (attached) snippet
into the authorize section of the inner server.
$ git format-patch
?
I believe the User-Name attribute in outer.reply is cached, and
available for use on session resumption.
Yes.
Once
Don't strip the username. Why do you proxy this anyway? Create it as a
local realm:
I am using basic configuration without changes in config cause:
so..somewhere along the line you are playing with the User-Name
attribute...something
which you cannot do with EAP - if you take a standard 2.1.6
Bartosz Chodzinski wrote:
make the basic changes to your eap.conf and client.conf it will work
it wont.
You can believe that, which means that everyone else is lying. They
just download the software, follow the guides, and it just works.
But... because it doesn't work for you, they must be
could you give me good freeradius guide for dummies - I think I need it :)
On Wed, May 20, 2009 at 9:30 AM, Alan DeKok al...@deployingradius.comwrote:
Bartosz Chodzinski wrote:
make the basic changes to your eap.conf and client.conf it will work
it wont.
You can believe that, which
Hi,
realm example.com {
}
realm LOCAL {
}
realm NULL {
}
/etc/freeradius/proxy.conf[498]: home_server localhost does not exist
thats very interesting - because in the default proxy.conf there IS an
entry for home_server localhost.
so, I'll repeat once again, do not just randomly
Bartosz Chodzinski wrote:
could you give me good freeradius guide for dummies - I think I need it :)
$ man radiusd
It contains a section describing how to make changes to the
configuration files.
For EAP, see http://deployingradius.com
The front page contains 4 steps to get EAP working.
Hey People!,
I am not saying that you are lying, I even didnt think like that, I never
intend to insult you,
for god sake, I am asking for help - that mean that you are the masters and
I am the student
yes, it annyoing me - I start to do something with radius cause I felt that
is good idea to know
Bartosz Chodzinski wrote:
I am not saying that you are lying, I even didnt think like that, I
never intend to insult you,
You're not insulting us. I am asking you to *think* about what you are
saying.
yes, it annyoing me - I start to do something with radius cause I felt
that is good idea
could you give me good freeradius guide for dummies - I think I need it :)
Guide: don't make any changes to the default configuration unless you know
what you are doing. That's it.
Server is configured by default to handle EAP-TLS. There is nothing that
you need to do to make it happen.
Now,
back to the begining
and using the most simple conf.
to be sure that I have clear configuration
#apt-get remove freeradius
#dpkg -P freeradius
#dpkg -i freeradius_2.1.6-0_i386.deb
server is Debian etchnhalf, it is virtual server on VMware ESX Server 3i,
3.5.0
now I have clear configuration and
Bartosz Chodzinski wrote:
back to the begining
and using the most simple conf.
...
now I have clear configuration and make simply changes
changes:
radiusd.conf
proxy_requests = no #was yes, set to no cause I dont need it
The guide didn't say to do that.
...
I still have a problem -
next I made client certificate (using standard scripts)
#cd /etc/freeradius/certs
#make client
and install certificates client.p12, ca.der on Win Xp Prof Sp3 OEM, Acer
Travel Mate 380
certificates installed in Trusted Root CA and Personal storages (I deleted
all previous certs on that
The steps you took show that you are NOT following the guide.
Good luck. You clearly are *not* interested in solving the problem.
the guide in radiusd.conf says:
#The server has proxying turned on by default. If your system is NOT
# set up to proxy requests to another server, then you can
The steps you took show that you are NOT following the guide.
Good luck. You clearly are *not* interested in solving the problem.
the guide in radiusd.conf says:
#The server has proxying turned on by default. If your system is NOT
# set up to proxy requests to another server, then you
ok I changed it to default
proxy_requests = yes
$INCLUDE proxy.conf
/etc/freeradius/certs/Makefile
was
#client.crt: client.csr server.crt server.key index.txt serial
# openssl ca -batch -keyfile server.key -cert server.crt -in
client.csr -key $(PASSWORD_SERVER) -out client.crt -extensions
I am using a standard settings of eap.conf
when I change eap.conf to:
# default_eap_type = md5
default_eap_type = peap
I have similar communicate
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.5.206 port 1812, id=242,
length=147
Check connection settings on Windows machine.
Ivan Kalik
Kalik Informatika ISP
I am using a standard settings of eap.conf
when I change eap.conf to:
# default_eap_type = md5
default_eap_type = peap
That's not Windows machine - that's on your radius server.
so..somewhere along the line you are playing with the User-Name
attribute...something
which you cannot do with EAP - if you take a standard 2.1.6 install and
make the basic changes
to your eap.conf and clients.conf it will work.
which Linux distribution should I use? So far I tryied
Hi,
which Linux distribution should I use? So far I tryied debian-etchnhalf, or
CentOS, and in every How to its written that I have to compile it by mysefl.
This how to didnt work anyway... so I will try what you will suggest.
Bartosz.
theres nothing wrong with compiling it yourself - so
Ok, I downloaded 2.1.6
# unp freeradius-server-2.1.6.tar.gz
# cd /usr/src/freeradius-server-2.1.6
# dpkg-buildpackage -rfakeroot -uc -us
# dpkg -i freeradius_2.1.6-0_i386.deb
- instalator create ca and server certs in /etc/freeradius/certs directory
# cd /etc/freeradius/certs
# make client
next
# make client
next I made a copy of ca.der and client.p12 to xp directory,
next I opened mmc and install both of them to Trusted Root Certificate
Authorities and to Personal
exclamation mark on client certificate:
windows does not have enough information to verify this certificate
you
So in other words this script is for all clients exept microsofts-like ?
You should try altering make client command in Makefile so that client
certificates are signed by ca and not server certificate.
do you have such altered makefile?
On Tue, May 19, 2009 at 1:35 PM, Ivan Kalik t...@kalik.net
I created once again certs by myself, giving common name for user cert the
same like in example
u...@example.com, I place them on xp client - both of them looks ok,
now something is happening (anyway like Aragorn said: still not king):
Ready to process requests.
rad_recv: Access-Request packet
I created once again certs by myself, giving common name for user cert the
same like in example
u...@example.com, I place them on xp client - both of them looks ok,
now something is happening (anyway like Aragorn said: still not king):
Ready to process requests.
rad_recv: Access-Request
Bartosz Chodzinski wrote:
/etc/freeradius/certs/README
I've never understood why people think it's useful to post
documentation from the server on this list. Do you think we haven't
seen it?
and something happend:
( I think key information is
TLS_accept:error in SSLv3 read client
ok (you guys propably hate me :) but please could you still give me the
answers as you did before)
but back to the subject:
I did like you said,
I installed 2.0.4 version (compiled using suggestions from:
http://www.fatofthelan.com/articles/articles.php?pid=27
I installed 2.0.4 version (compiled using suggestions from:
http://www.fatofthelan.com/articles/articles.php?pid=27
http://www.linuxinsight.com/building-debian-freeradius-package-with-eap-tls-ttls-peap-support.html)
If you downloaded current version, you wouldn't need to ask. You have to
Hi,
ok (you guys propably hate me :) but please could you still give me the
answers as you did before)
but back to the subject:
I did like you said,
I installed 2.0.4 version (compiled using suggestions from:
http://www.fatofthelan.com/articles/articles.php?pid=27
I tryied yesterday many times using diferent options but it doesnt work, any
idea what can be wrong?
Bartosz.
On Thu, May 14, 2009 at 3:45 PM, Bartosz Chodzinski bartos...@gmail.comwrote:
ok full information:
jpg with all setting on the not working client
I tryied yesterday many times using diferent options but it doesnt work,
any
idea what can be wrong?
Looking at this:
http://w573.wrzuta.pl/obraz/powieksz/ag0ldvKR8Zj
you have put ca (ca_auth), not client certificate in the personal store.
Ivan Kalik
Kalik Informatika ISP
-
List
Thank you for answer.
I put this to personal store, I think it is a client certificate, I gave a
commonName ca_auth
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
99:61:67:27:8b:7d:0a:b1
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=PL,
Thank you for answer.
I put this to personal store, I think it is a client certificate, I gave a
commonName ca_auth
..
Issuer: C=PL, ST=dolnoslaskie, O=firma, OU=firma,
CN=ca_auth/emailaddress=em...@address.pl
...
Subject: C=PL, ST=dolnoslaskie, O=firma, OU=firma,
tls {
private_key_file = /etc/freeradius/eap/newkey.pem
certificate_file = /etc/freeradius/eap/newcert.pem
CA_file = /etc/freeradius/eap/eapCA/cacert.pem
dh_file = /etc/freeradius/eap/dh
random_file = /etc/freeradius/eap/random
fragment_size = 1024
tls {
private_key_file = /etc/freeradius/eap/newkey.pem
certificate_file = /etc/freeradius/eap/newcert.pem
CA_file = /etc/freeradius/eap/eapCA/cacert.pem
dh_file = /etc/freeradius/eap/dh
random_file = /etc/freeradius/eap/random
fragment_size = 1024
Thanks,
I created certificate
openssl req -new -keyout /etc/freeradius/eap/client_key.pem -out
/etc/freeradius/eap/client_req.pem -days 730 -passin pass:password -passout
pass:password
openssl ca -config /etc/ssl/openssl.cnf -policy policy_anything -out
/etc/freeradius/eap/client_cert.pem
And I put cliet_cert.pem to both certificate stores Trusted CA and
Personal
You should import .p12 version onto the client.
Are you sure that I should not change anything in my server config files
Any particular reason you are creating certificates yourself? Why aren't
you using scripts
I have freeradius with eap support on debian etch, radius v1.1.3
2.0.4 should be available for Debian. Upgrade. Vista doesn't work with
1.1.3. And you will have problems with XP SP3.
everthing working fine but I'd like to have much more simple
configuration
only by certificate and nothing
2.0.4 should be available for Debian.
I know, 2.0.4 freeradius is available for debian lenny but not etch
unfortunately.
2. Use EAP-TLS to connect (Smart card or certificate in Windows speak).
Could you write me where in config put that? I tried described below but it
doesnt work
eap.conf:
2.0.4 should be available for Debian.
I know, 2.0.4 freeradius is available for debian lenny but not etch
unfortunately.
http://packages.debian.org/search?keywords=freeradius
2. Use EAP-TLS to connect (Smart card or certificate in Windows speak).
Could you write me where in config put that?
What doesn't work? Post the debug.
server:
I dont change in my config file, is the same like in first message,
client (win xp):
I have local connection-authentication-method-eap(peap)-properties:
validate server cert (marked checkbox),
marked cacert.pem,
secured password eap-mschapv2 -
I am sorry, I gave you wrong debug,
whatever is marked or unmarked on checkbox
local connection-authentication-keep in memory information about users for
aditional network connection
server does not have any new lines in debug, like nothing happend at all.
On Thu, May 14, 2009 at 2:24 PM,
What doesn't work? Post the debug.
server:
I dont change in my config file, is the same like in first message,
client (win xp):
I have local connection-authentication-method-eap(peap)-properties:
validate server cert (marked checkbox),
marked cacert.pem,
secured password
I am sorry, I gave you wrong debug,
whatever is marked or unmarked on checkbox
local connection-authentication-keep in memory information about users
for
aditional network connection
server does not have any new lines in debug, like nothing happend at all.
It can't find client
ok full information:
jpg with all setting on the not working client
http://w573.wrzuta.pl/obraz/powieksz/ag0ldvKR8Zj
I think it is properly, cause it work during eap (peap), am I wrong?
Bartosz.
On Thu, May 14, 2009 at 3:16 PM, Ivan Kalik t...@kalik.net wrote:
I am sorry, I gave you wrong
I know that date may be weird, but it doesnt matter
debian-etch:~# date
Sat May 14 15:46:10 CEST 2005
windows date may 2005, as well
and switch as well,
I forgot to check date when I created certificates, but afrer changing date
in server and clietn it is not a problem
Bartosz.
On Thu, May 14,
Ivan,
Hello
Thanks for your reply. I have got some questions to ask. We have different
types of clients (Or, connections) in our system; Dial-Up, ADSL, VoIP, CHAP,
MS-CHAP, MS-CHAPv2 and ... . Each of these clients need different
authorization method. Now, where should our authorization code
Thanks for your reply. I have got some questions to ask. We have different
types of clients (Or, connections) in our system; Dial-Up, ADSL, VoIP, CHAP,
MS-CHAP, MS-CHAPv2 and ... . Each of these clients need different
authorization method. Now, where should our authorization code reside? Shall
we
Ivan,
Hello
Thanks for your reply. Sorry if my question is elementary, but this is the
last one. What is the difference between creating a customized module to do
Authorization/Post-Authentication and using external programs as instances
of rlm_exec module to the so-called functionalities?
Kind
Thanks for your reply. Sorry if my question is elementary, but this is the
last one. What is the difference between creating a customized module to do
Authorization/Post-Authentication and using external programs as instances
of rlm_exec module to the so-called functionalities?
Module is much
Ivan,
Thanks for your reply. I think I should start writing my own module, because
the AAA system itself is in C. In other words, all of our external programs
are C programs. Thanks again for your patience and guidance.
Kind Regards
Ali Majdzadeh Kohbanani
-
List info/subscribe/unsubscribe? See
Ivan,
Hello
Thanks for your attention, but I have tested what you had suggested. The
result is the same, with both attributes the CHAP module throws the same
error. Any ideas?
Kind Regards
Ali Majdzadeh Kohbanani
2009/2/24 t...@kalik.net
I am using freeradius-1.1.7. In order to authenticate
The
result is the same, with both attributes the CHAP module throws the same
error. Any ideas?
Post the debug.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ivan,
Hello
Problem solved. I have mentioned my solution below, but now comes another
question, sorry :)
How is it possible to authenticate CHAP clients using an external program
and not the rlm_chap module?
I made two instances of the rlm_exec module. One as the authorization
external program and
By the way, the authorization external program sets my customized Auth-Type
so that in the authentication section, I can use it to authenticate clients
using my authentication external program which is another instance of the
rlm_exec module (the second one).
Why?
The main problem is the way
Ivan,
Hello
Thanks for your reply. You are right and I do know that this is not the
right way to get things done, but what we have got here is a sophisticated
and feature-balloted AAA system which is totally based on external programs.
As a mid-term solution we should try to respond to our
Thanks for your reply. You are right and I do know that this is not the
right way to get things done, but what we have got here is a sophisticated
and feature-balloted AAA system which is totally based on external programs.
So what would be the problem in sorting out your features in
Ivan,
Thanks for your reply. The problem is time. We should find an immediate
solution. Anyway, thanks again.
Kind Regards
Ali Majdzadeh Kohbanani
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks for your reply. The problem is time. We should find an immediate
solution. Anyway, thanks again.
Immediate solution is *not* trying to invent a new kind of hole on the
flower pot. Don't use custom authentication script - use existing
server modules. Whatever additional checks you think
Ivan,
Thanks for your attention. Yes, you are right, we should organize our system
regarding the structure of freeradius. I have lots of questions to ask. I am
going to coherently form them; would you please trace this thread?
Kind Regards
Ali Majdzadeh Kohbanani
-
List
Thanks for your attention. Yes, you are right, we should organize our system
regarding the structure of freeradius. I have lots of questions to ask. I am
going to coherently form them; would you please trace this thread?
I do hang around. This is what you should plan for:
- checks that need to
I am using freeradius-1.1.7. In order to authenticate users using an
external program, I have created an instance of the rlm_exec module which
contains the properties of the external program. In the radiusd.conf, I have
called the instance in the authentication section. Now, as I want to
John Baldwin wrote:
I’m trying to configure freeradius on a Centos server to authenticate my
logins on Cisco devices. I can see in the log file that my request is
hitting the server. I’m advised to just add a username and password in
the users file so I’ve done that, I’ve used the steve
Jason Wittlin-Cohen wrote:
I'm currently using EAP-TLS with 3072 bit RSA certificates and a 3072
bit DH paramters. Currently I'm using the random file produced by the
bootstrap script which appears to take 10 bytes of data from
/dev/urandom. Is this sufficient with the larger keysize I am
Jackson Jerry-NPC637 wrote:
Hi -
Summary - I want/need to configure free radius to allow a TLS user on to
the system; without having
To authenticate the certs? I am not sure if this is possible, but
wanted to ask if there was a way to bypass
TLS cert authentication.
It's not possible
, November 24, 2008 10:36 AM
To: FreeRadius users mailing list
Subject: Re: question
Jackson Jerry-NPC637 wrote:
Hi -
Summary - I want/need to configure free radius to allow a TLS user on
to the system; without having To authenticate the certs? I am not
sure if this is possible, but wanted
Hi,
Hi Alan -
This is a wireless network. If you have a minute could you explain why
this is
different between `wireless' `wired' system?
for wireless 802.1X the cert is used as part of the securing system
to create keyed content to ensure the encryption of the data
for wired 802.1X
On Mon, Oct 20, 2008 at 12:09 AM, A BlueCoder [EMAIL PROTECTED]wrote:
Hi,
I have a need to implement Vendor-Specific Attributes using a FreeRadius
approach (version 0.9.3 on Solaris).
I understand probably rewriting a rml module would solve this problem and
probably the most effective
A BlueCoder wrote:
Actually there are two attributes, and the values of attributes are not
static - they vary based on the NAS-IDentifider attribute values.
$ man unlang
You can create attributes based on the value of other attributes.
(I can set up VSA to send static values - just the
On Sat, 23 Aug 2008 07:04:11 +0200
Alan DeKok [EMAIL PROTECTED] wrote:
Aaron Spanik wrote:
*snip*
I suggest getting access. Sorry... but it's the simplest way to debug
things when something is going wrong.
Always. But sometimes one is forced to prove something is wrong before
the
Aaron Spanik wrote:
As you no doubt know, once I used
%{proxy-request:Packet-Dst-Ip-Address} I started seeing exactly what I
wanted to see in my logs.
Yup.
That sounds excellent; I will check out the GIT version. Can you
comment on how long it is likely to take before those features make
Aaron Spanik wrote:
Recently, however, there has been reason to suspect that the two remote
RADIUS servers are behaving inconsistently with each other (i.e. auth
fails on one and then immediately succeeds on the other).
Unfortunately, I have zero access to the remote RADIUS servers and
Harry J Walsh wrote:
I want to develop some test cases for a radius client I am developing
and I would like to be able to use rlm_perl to simulate various
scenarios. The one I am having major problems with is
Access-Challenge. I really like rlm_perl and the flexibility it
provides and I
Thanks for the swift reply Dekok. I tried what you suggested and it
doesn't work. Looking at dictionary.freeradius.internal and double
checking the values in the pair everything looks okay.I'm going to
play about with this a bit, but in the mean time here's some more
details and I would
101 - 200 of 346 matches
Mail list logo