and there are two main issues: first, Net-SSLeay does not have
OCSP support. The second issue is the negative effect the latency and
performance are likely to cause. This of course is site specific, but
there's still the issue of missing support in the underlying modules.
Thanks,
Heikki
--
He
m Radmin page and functionality,
please consider our consulting services. This is likely to be the
fastest way to implement the functionality you need.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LD
table
RADPROFILEPERMISSIONS. Also see the Radmin FAQ for other related
information:
http://www.open.com.au/radmin/faq.html
What comes to your other message about customising Radmin, you may want
to consider our consulting services.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most po
ng' does not have 'View Group Auth
table entries' option enabled. You can change this by listing the
permission profiles and then editing the profile you are using.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. S
etc., and how to tell
Radiator how the password has been hashed or encrypted. You may need to
prefix the hashes with e.g. {md5} and make sure the rest is lowercase.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy,
What if you point the StatsLog's LogFile to a named pipe?
You would not need to prune any files and could have a program
processing the results immediately when they are logged.
http://en.wikipedia.org/wiki/Named_pipe
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible
On 12/04/2012 09:43 PM, Michael Hulko wrote:
> Just wondering if there is a way to execute the Monitor command language
> local to the Radiator server?
Does section 25 "Monitor command language" in doc/ref.pdf describe what
you are looking for?
--
Heikki Vatiainen
Radiator: t
tor needs to talk to. You
would need to use that information to configure e.g., Radmin to return
the desired attributes during the authentication.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP,
-
> From: Murat Bilal
> Sent: 03 Aralık 2012 Pazartesi 22:52
> To: 'Heikki Vatiainen'; radiator@open.com.au
> Subject: RE: [RADIATOR] Radmin Web interface
>
> Hi
>
> Thıs ıs my Acess*Accept reply as you said:
> Code: Access-Accept
> Identifier: UNDE
na.TACACSGROUPID=ga.USERGROUP
>
>
> AuthColumnDef 0, OSC-Group-Identifier, reply
> AuthColumnDef 2,OSC-Authorize-Group,reply
>
> I also try GENERIC but no luck
>
> Thanks
> -Original Message-
> From: radiator-boun...@open
ess/controller/7.2/configuration/guide/cg_user_accts.html#wp1120909
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076f974.shtml
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DB
clairity of
> AuthBy GROUP, and the fact that I can hand of the request to the remote
> server, and not worry about how bad (and it's a MS Radius, so it can bed
> really bad) it responds.
>
> Thanks in advance for hints and thoughts.
>
> /Søren
>
>
>
--
He
for.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP
e. The attribute name (such
as OSC-Authorize-Group) is then configured as AuthorizeGroupAttr in
.
Thanks,
Heikki
> -Original Message-
> From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On
> Behalf Of Heikki Vatiainen
> Sent: 29 Kasım 2012 Perşembe 14
On 11/29/2012 01:44 PM, Murat Bilal wrote:
> How can I add li-admin and li-user command-access to my
> ServerTacacsPlus.What is the correct syntax
Hmm, do you have documentation for these? I am not familiar with
li-admin or li-user or their usage with TACACS+
Thanks,
Heikki
--
ntifier is configured as GroupMemberAttr. This will
set 'group1' as the authorization group for the user. During the
authorization the OSC-Authorize-Group attribute values are processed
first followed by group1 values as defined by AuthorizeGroup
configuration options.
Thanks,
Heikki
--
Heikki
f) or other means to handle the load.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX
how exactly users and groups
are defined. Here is one method:
Assumption: User can belong only to one group.
Solution: Set NAS-IP-Address as user check item. If there are multiple
possible NASes, defined them as: 1.2.3.4|2.3.4.5|3.4.5.6
This restricts the user to said NASes.
Thanks,
Heikki
still allowing connections?
I'd like to know how common this problem is.
Thanks,
Heikki
> Regards,
> Ricardo.-
>
> -Mensaje original-
> De: Ricardo Martinez [mailto:rmarti...@redvoiss.net]
> Enviado el: lunes, 19 de noviembre de 2012 18:50
> Para: 'Hei
rn on 'LogMicroseconds' global option and then test with
radpwtst and other clients. With Trace 4 you will see exactly how long
DB query takes when you compare the debug log microsecond timestamps.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configur
bi:mysql:radius:localhost':
> 'select PASSWORD,TACACSGROUPID from SUBSCRIBERS':
> Tue Nov 20 09:52:31 2012: DEBUG: Radius::AuthSQL looks for match with
> DEFAULT4308 [murat]
> Tue Nov 20 09:52:31 2012: DEBUG: Radius::AuthSQL REJECT: Bad Password:
> DEFAULT4308 [mura
DB table needs to have the appropriate columns
too.
Thanks,
Heikki
> -Original Message-
> From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On
> Behalf Of Heikki Vatiainen
> Sent: 19 Kasım 2012 Pazartesi 23:33
> To: radiator@open.com.au
> Subjec
ERS
and define
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, OSC-Group-Identifier, reply
This will check the request password and and the desired group name to
reply if password check succeeds.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurabl
he DB, it will then time out the connection
attempt. When this happens you will see it start the backoff timer.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus,
ilto:radiator-boun...@open.com.au] On
> Behalf Of Heikki Vatiainen
> Sent: 16 Kasım 2012 Cuma 13:31
> To: radiator@open.com.au
> Subject: Re: [RADIATOR] AddToReply tacacsgroup
>
> On 11/15/2012 10:34 PM, Murat Bilal wrote:
>
>> I have three dıfferent groups and for TACACS
, 0, 2033174599, 70*
>
> *Thu Nov 15 22:31:17 2012: DEBUG: TacacsplusConnection Authorization
> REQUEST 6, 0, 1, 1, mikem, /dev/ttyp3, 78.169.249.3, 3, service=shell
> cmd* command-access**
>
> *Thu Nov 15 22:31:17 2012: INFO: Authorization denied for mikem, group
> DEFAULT. No
k documentation should describe any vendor specific attributes
(VSAs) it sends during authentication and accounting and what VSAs it
can be sent with Access-Accepts.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, f
; <http://www.ericsson.com/email_disclaimer>
>
>
>
>
>
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>
--
Heikki Vatiainen
Radiator: the most portab
On 11/12/2012 11:34 PM, Heikki Vatiainen wrote:
> If you look at the proxied packet, you will see the
Change the above to:
... look at the proxied packet *with e.g., Wireshark*, ...
sorry for the confusion. Just thinking about typing something seems not
to enough :)
> Message-Authent
commonly supported.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco
ied,
recalculated value.
However, if it looks like there are problems with Message-Authenticator,
please let us know.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus,
>
>
> This Communication is Confidential. We only send and receive email on
> the basis of the terms set out at www.ericsson.com/email_disclaimer
> <http://www.ericsson.com/email_disclaimer>
>
>
>
>
>
> __
I
was using Radmin with the latest patches where one of the patches added
a number of attributes in the Radmin's database.
Instead of OSC-Group-Identifier you can use e.g., OSC-AVPAIR or any
other string valued attribute. I'd say OSC-AVPAIR is fine for your case.
Thanks,
Heikki
8 98 43
> murat.bi...@ericsson.com <mailto:murat.bi...@ericsson.com>
> www.ericsson.com
>
>
>
> <http://www.ericsson.com/>
>
>
> This Communication is Confidential. We only send and receive email on
> the basis of the terms set out at www.ericsso
inTacacs.cfg which
might be useful. From goodies/README:
radminTacacs.cfg
Sample RAdmin configuration file that shows how to record
Tacacs+ commands to the Radmin
RADCOMMANDAUDITtable for auditing
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and co
to see it's not surprising after all. The password (MSCHAP-V2)
checks are done differently for the two cases. Thanks for clarifying
this. Next time I'll need to check the code too :)
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhe
ser.
Using UsernameMatchesWithoutRealm should work fine. Rewriting the
username can be problematic if the rewritten username becomes part of
MSCHAP-V2 calculation. This can cause the server and client use
different usernames for calculating the results which makes the
authentication fail.
Thanks,
H
2, 2, service=shell cmd*
> Thu Nov 1 14:58:46 2012: INFO: Authorization denied for tac2, group
> DEFAULT. No matching AuthorizeGroup rule for args service=shell cmd*
> Thu Nov 1 14:58:46 2012: DEBUG: TacacsplusConnection Authorization
> RESPONSE 16, denied, ,
> Thu Nov 1 14:58:
; RETVAL=$?
> [ $RETVAL -eq 0 ] && echo -e "\e[00;32msuccess\e[00m"
> [ $RETVAL -ne 0 ] && echo -e "\e[00;31mfailed\e[00m with return code
> $RETVAL"
> return $RETVAL
> }
>
> tracedown() {
> echo -n "Dec
ctionaries to map AVP
numbers greater than 255 to Radius attributes.
These two are the main things I have noticed.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platy
re you experiencing
connect problems when there's just one Host in AuthBy LDAP2?
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, externa
t;
>
> # Save time by never looking for a default
> NoDefault
>
> Host 10.1.2.1 10.1.2.2
> Port 636
Here Net::LDAP will take care of retrying, timeouts etc. until all hosts
have been tried.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, f
re verbose logging
> facility but I would like to know if you can point me in the right direction
and other clauses are meant for general logging.
will only log authentication success and failure events.
It can be customised easily too.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the mo
can cause problems with network
access. So it might be hard to say what is a sound cert chain if this is
the case.
Thanks,
Heikki
> Any hints or known to work setups (private reply is fine) would be
> appreciated.
>
> /bz
>
> (sorry for the slightly offtopic question)
>
rt-Type=%{OuterRequest:NAS-Port-Type}
Add the option to the Handlers that take care of requests marked with
TunnelledByPEAP=1 and ConvertedFromEAPMSCHAPV2=1
That should take care of NAS-Port-Type problem if you want or need to
continue proyxing to NPS.
Thanks,
Heikki
--
Heikki Vatiainen
Radia
s, then you should check the configuration to make sure there
are no invisible characters in the secrets.
Since you are having problems with replies, you should use
IgnoreReplySignature if you need to set an option to handle the problem.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable,
this case, the AuthSelect would return two values. The first one is used
> as check value. I would like to get the second returned value and use it in a
> subsequent within the same clause. Is possible to save the
> second value in a variable or pseudo-attribute and use it later on?.
&
On 10/01/2012 02:20 PM, Remco van Noorloos wrote:
> Where should I add the 'AuthPort' and 'AcctPort' attributes? In the
> ServerTACACSPLUS-clause?
Those are global parameters. See '5.6.4 AuthPort' and '5.6.5 AuthPort'
in the 4.9 reference m
r answer.
>
>
>
> Best regards,
>
>
>
> PROXSYS
>
> Remco
>
>
>
>
>
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>
--
Heikki Vatiainen
R
what may be
> causing this would be greatly appreciated.
I'd check DupInterval and server load. Can your server keep up with PEAP
authentication load?
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM
t the problem was.
> Thanks for your assistance.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
ing peculiar there. It's
hard to say why some tries end up with alerts.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external
n resumption. The patch fixes
problems with windows clients.
The problem does not cause the error you are seeing so it may be related
to some other client. However, if you can apply the patch, it might be
worth trying.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible a
27;. A loopback interface
might be a good choice here.
If the client IP changes and there's a new TCP connection for each
request this can lead to the above problems.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy,
-starter or not.
So the user would have to be under the tightly controlled OU which would
be the BaseDN in AuthBy LDAP2. However, if there's already a group for
centrally administered users, maybe that could be used for LSA Group check.
> I'll have to go back and think about this so
can give ntlm_auth some options, such as
--require-membership-of but I'm not sure if that would be any different
than using Group option with LSA.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP,
AP decision information available to
Radiator. Otherwise setting up what you have described could be tricky.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Frees
n that group. We could then add 'BlacklistGroup'
functionality in AuthBy LSA. If a user is a member of blacklisted group,
access would not be allowed.
Do you think option 2 would solve your problem?
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configur
e thing?
Do you want to limit the searches to subtrees like BaseDN does? This
would likely to be good for performance and easier for authentication
related AD searches. Part of your message is missing something so I'm
guessing a little here.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator:
tain persistent connections from hooks. It can also
make hooks shorter since they do not have to do connection, timeout and
other stuff SqlDb already does.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files,
tor 4.6 is No-Accounting (0). Maybe someone
has already changed this to IP-Session-Based?
To change the value with 4.6 you need to edit Radius/AuthWIMAX.pm and
look for WiMAX-Capabilities. Make a copy of the file first and then
change the value to 2 which means Flow-Based.
Please let us know how it
able without HoldServerConnection.
Good to hear it works better. The crash still sounds troublesome. Can
you tell if it was more stable with HoldServerConnection? Did you have
time to let it run with the option enabled to see if the crashes were
happening as frequently as with the older NetSSLeay?
Thanks,
Heikki
I’ve clearly missed an obvious step in the
> install…
>
>
>
> Thanks,
>
>
> Chris
>
>
>
> _______
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>
--
Heikki Vatiainen
Radiator: the most portable, flexi
correctly with State.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA,
state to handle e.g., retries and knowing which reply
is related to which request. Sharing an address can lead to problems
when related RADIUS messages are sent to multiple different RADIUS servers.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADI
both AuthBys since you have
AccountingHandled in Handler.
If this does not solve the problem, please describe your requirements in
more detail.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS
for the help, really appreciate the time you spend to help :)
>
> 2012/8/23 Heikki Vatiainen mailto:h...@open.com.au>>
>
> On 08/23/2012 04:54 PM, eliran shlomo wrote:
>
> > Is there another way to do it?
> > because we got 6 different Handlers,and i wis
y compiling Net::SSLeay locally and try the latest version?
It does not look like a Radiator problem and with IO::Socket:SSL the
problem was seen always when Net::SSLeay::connect() was called. It would
be a good idea to see if upgrading Net::SSLeay helps.
Thanks,
Heikki
--
Heikki Vatiainen
Rad
com/>
> This e-mail and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they are
> addressed. If you are not the intended recipient you are hereby notified
> that any dissemination, copying or use of the information is prohibited.
> The opinio
ng should be just fine with Vasco and Radiator. I'll check
the latest status and get back to you soon.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Free
Port 1812
AcctPort 1813
Identifier authby2
Secret mysecret2
Host 127.0.0.2
AuthPort 1812
AcctPort 1813
AuthBy authby1
AuthBy authby2
AuthBy authby1
AuthBy authby2
Thanks,
Ḧeikki
--
Heikki Vatiainen
Radiator: the most portable, fle
osts
you have. If one Host fails, the other(s) can be used instead.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active D
your comments. Tracking drift is certainly needed if the
drift can be minutes. Thinking of it more, it does not sound that bad
with a token with a long lifetime and reasonable price.
We will take a look at adding support for drift tracking.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the mos
#x27; if
you have up-to-date database for files in your system.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directo
On 08/21/2012 10:36 PM, Heikki Vatiainen wrote:
> Radiator is not multi-threaded but you can run multiple processes on
> Windows and other platforms. See section "6.0 radiusd" in the reference
> manual and look for radiusd options -servicename for how to run multiple
orms. See section "6.0 radiusd" in the reference
manual and look for radiusd options -servicename for how to run multiple
Radiator (radiusd) instances as Windows services.
What is not supported on Windows are fork based settings. So FarmSize
and Fork options will not work with Windows.
s a requirement.
The default settings allow for 30 second clock drift (DelayWindow 1,
TimeStep 30). I am not aware of reports with clock drift being a
problem, so it would be interesting to hear how well the HW tokens keep
the time.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most porta
at had hook code in them. However, the patch and
the discussion was useful for considering if there was still room for
minor improvements.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, passwo
ass authentication.
Maybe the best option is to verify the mode when ordering.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, externa
ass GO-6 is
> supported, as this seems to be the version of the single button token
> that Vasco are pushing these days.
GO-6 works for Digipass authentication. I noticed GO-6 has also HOTP and
TOTP functionality. Radiator supports the both but we have not tested
these methods.
Thanks,
H
= $p->code;
>
> if ($code eq 'Access-Accept')
> {
>$sp->delete_attr('RB-Context-Name');
> }
>
> return;
> }
>
>
>
>
> ___
> radiator mailing list
> radiator@open.com.au
lect select password from subscriber where username=? and
group=1
# Your current AuthBy DYNADDRESS
AuthSelect select password from subscriber where username=? and
group=0
# Possibly pull the address with select too
Thanks,
Heikki
--
Heikki Vatiainen
Radi
/,
Client-Identifier=/^(?!4ProxyServer$)/
Try this instead:
I added the double quotes to surround the Realm value since the value
contains a comma.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP
{CentsPerSecond};
An alternative is to define ComputeCostHook which will replace the
default cost calculation with the hook you specify. See the reference
manual and goodies/fidelio.cfg for more about this hook.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable R
o see goodies/ldap.cfg in the Radiator distribution for
more LDAP examples too.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external,
ByDYNADDRESS. AuthBYDYNADDRESS allocate IP address with
> AddressAllocate DHCP.
See goodies/hooks.txt for an example of how to do this. Look for keyword
DYNADDRESS. It's close to line 290, about 1/4 down the file.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and config
tended recipient, please do
> not use or disseminate the information, notify the sender and delete it
> from your system.
>
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Pl
e server
can not do this, the client refuses to continue the authentication process.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM,
ent and then use Handler
Client-Identifier= to serve IOS and IOS-XR with their specific
AuthorizeGroup options.
Unfortunately this might mean duplicating a lot of existing configuration.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
a
gt;> Can you assist with this issue?
>
>
>
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>
--
Heikki Vatiainen
Radiator: the most portable, flexible and configur
ick test using 32bit Ubuntu 12.04 and 10.04 as
platforms for Radiator 4.10, and the authentication seems to work fine.
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Frees
bases, plans and other details.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, W
m is with the attribute having different name in dictionary
than you are expecting. The names are just for us human, they can vary
between dictionaries, and often do, but the important part is the vendir
id and type.
The best thing to get the names right is to see Trace 4 output and get
the attribute na
urrently considering options that make
reloading less problematic.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Di
lt;3><212>iv<240><128><243>BO<188><234><174>
>
> Attributes:
>
> NAS-Port-Id = "AP183/1"
>
> Calling-Station-Id = "00-18-DE-94-3E-36"
>
> Called-Station-Id = "00-0B-0E-2A-16-82:eduroam
bit later. Some code changes are likely to be
needed, but even if there are no patches or patch candidates yet, I
thought I'd at least break the silence :)
Thanks,
Heikki
> -Dave
>
>
>
> On 5/11/12 4:55 PM, "Heikki Vatiainen" wrote:
>
>> On 05/11/2012 09:
017945.html
and also see Microsoft requirements for their clients:
http://technet.microsoft.com/en-us/library/cc731363.aspx
For example with OpenSSL you need to have this configuration file option
when creating certificates:
extendedKeyUsage = serverAuth
Please let us know how it goes.
T
> Below my radius.cfg file:
>
>
>
> Fork
> Synchronous
Forking may be causing problems with EAP state when a new radiusd
instance is created.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIU
On 07/03/2012 12:22 AM, Heikki Vatiainen wrote:
> If you can wait a little with upgrading I will get back to this later
> this week.
Patches for 4.10 now restore the functionality while keeping the
originally planned multiline change working. Please let us know if there
are still pr
tAuthSelectHook, but this is executed before Radiator performs the
> authentication operations. This force me to understand if the user is
> blocked twice, one time in the Hook and another time by Radiator and
> this does not make very sense I think. Maybe there is a better way to
>
501 - 600 of 1068 matches
Mail list logo
