Hi,
After reading the Radiator documentation and code, it's not completely
clear to me how Radiator determines if a request should is accepted or
rejected by a "AuthBy REST".
This is the relevant Radiator configuration:
RestAuthRequestDef mac, %{Calling-Station-Id}
RestAuthRequestDef ip, %{NAS-IP
Thank you, Heikki! I will try it out. It looks very flexible. Updating
the documentation will certainly facilitate the usage of this rather
new functionality (the authby being async is a huge win).
CR
Le lun. 20 déc. 2021 à 15:59, Heikki Vatiainen a écrit :
>
> On 18.12.2021 16.05, C R
;,
"psk_fallback": false,
"vlan": "x-dyn-ipskinfra",
"reply":
"Tunnel-Type=VLAN,Tunnel-Medium-Type=802,Tunnel-Private-Group-ID=x-dyn-ipskinfra,cisco-avpair=psk-mode=ascii,cisco-avpair=psk=foopassword"
}
NOK:
{
"type": "auth"
Hi,
The AuthBy REST works wonderfully (async!), thank you again. I wonder,
however, is there is a way to force the use of IPv6 on a host (docker
container) with a dual stack.
The host where my REST auth service run is reachable through IPv6 and
IPv4 and has associated A and records. The usua
Thank you, Heikki.
Le lun. 10 janv. 2022 à 11:00, Heikki Vatiainen a écrit :
>
> On 7.1.2022 19.13, C R wrote:
>
> > The AuthBy REST works wonderfully (async!), thank you again. I wonder,
> > however, is there is a way to force the use of IPv6 on a host (docker
> > c
tiainen a écrit :
>
> On 10.1.2022 15.11, C R wrote:
>
> >> If you prefix the name with 'ipv6:', it could do the trick.
> >
> > I will check this, but ipv6:https://$myservice/v1/foo looks a little
> > weird with the protocol part. (I need to work with DNS
Hi Stefan,
The experience I had in the past was that an the kernel of an
overloaded Linux server will drop UTP packages before Radiator has any
chance to see them. This happened when a CPU reached +80% cpu usage.
In order to be able to scale horizontally, I think RADIUS proxying is
the way to go (
HI,
I am using AuthBy REST and the REST server resolves to an IPv4 and a
IPv6 address. Our infra is IPv6 first, so I would like to connect
through IPv6. However, Radiator prefers the IPv4 address consistently,
probably because it's returned first.
I used this in to force IPv6:
LocalAddress %{Glo
Just a confirmation that I use this setup in Docker packaging
radiator, rsyslog and supervisord. The works very well. rsystlog is
configured to cache up to 10GB and sends everything to the remote
syslog through TCP. Radiator connects locally through .
Config and pointers available if desired.
Reg
Hi,
If you're not using a file for the user information. I suggest adding
this to the authby:
Filename /dev/null
Regards,
C.
Le mar. 13 sept. 2022 à 21:17, Ullfig, Roberto Alfredo
a écrit :
>
> We've been seeing these for a while but it's not causing any issues. How can
> we get rid of the er
Le ven. 21 oct. 2022 à 21:39, Cassidy B. Larson via radiator
a écrit :
>
> We're spinning up a new EAP-TTLS source. Installed latest dev of 4.26-24.
> When I force EAP_TLS_Protocols to TLSv1.3 alone, I see the TLSv1.3 handshake
> request come in, but outbound handshake is TLSv1.2. Apparently ou
Hi,
Another question about AuthBy REST. I wonder if the logged TraceId can
be sent to the remote REST service doing the actual authentication. I
am refactoring the service and I see I can easily retrieve a traceid
from the call if it's added to the request's header, eg:
curl -H "X-Request-ID: 3"
Thank you, Heikki.
Great explanation!
C.
Le mer. 14 déc. 2022 à 18:02, Heikki Vatiainen via radiator
a écrit :
>
> On 28.11.2022 18.43, C R via radiator wrote:
>
> > Another question about AuthBy REST. I wonder if the logged TraceId can
> > be sent to the remote REST ser
Hi,
Just an addition to the thread on
https://www.mail-archive.com/radiator@lists.open.com.au/msg01126.html.
When running Radiator on Ubuntu 20.04, there is a slow memory leak
when this package is installed: libengine-pkcs11-openssl.
In a few weeks my containers grew from 100-200 MB RAM to 4096M
Indeed, but, don't forget to strip the attribute from the request first.
C.
Le mar. 10 oct. 2023 à 12:18, Dubravko Penezic via radiator
a écrit :
>
> Hi Jan,
>
> thanks I will try.
>
> However, I discover that wouldn't fit well in my authentication process
> :) ... I remember that in some previo
15 matches
Mail list logo