Heikki
> Thanks in Advance
> Sudhir H
>
>
> -Original Message-
> From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On
> Behalf Of Heikki Vatiainen
> Sent: Thursday, March 22, 2012 4:08 AM
> To: radiator@open.com.au
> Subject: Re: [RA
us how it goes.
Thanks!
Heikki
> Thx,
>
> Amândio
>
> -Mensagem original-
> De: Heikki Vatiainen [mailto:h...@open.com.au]
> Enviada: sexta-feira, 16 de Março de 2012 12:54
> Para: Amândio Antunes Gomes Silva
> Cc: radiator@open.com.au
> Assunto: Re: [RA
install-demo.html and the
installation instructions there. They give examples how to start radiusd
(Radiator).
Typically something like this should work:
perl c:\perl\bin\radiusd -trace 4 -config_file c:\path\to\your.conf
--
Heikki Vatiainen
Radiator: the most portable, flexible and confi
ks!
Heikki
> br,
> Arthur
>
>
> 20.03.2012 10:16, Heikki Vatiainen kirjutas:
>> On 03/19/2012 11:19 AM, Arthur Konovalov wrote:
>>
>> Hello Arthur,
>>
>>> I'm using Radiator as Diameter frontend and I'm wondering is there
>>> possi
u need to use a machine that is connected to the internet.
Thanks!
Heikki
> Thanks
> Sudhir
>
> -Original Message-
> From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On
> Behalf Of Heikki Vatiainen
> Sent: Tuesday, March 20, 2012 3:09
l http://www.open.com.au/radiator/free-downloads/Net-SSLeay.ppd
The idea is to fetch the files from the Internet with ppm.
Thanks!
Heikki
> Thanks
> Sudhir H
> -Original Message-
> From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On
> Behalf Of Hei
are not the intended recipient, please do not
> use or disseminate the information, notify the sender and delete it from your
> system.
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
-
privaccess-xxx"
>
> If I tried to add only Line-Information AVP, then it replied, but
> without grouped AVP and peer doesn't accept it.
>
>
> br,
> Arthur
>
> ___
> radiator mailing list
> radiator@open.com.a
en1.log' where is eapolclient's process id
and en1 is the interface name.
The log file will show how EAPOL works. It will not show details about
e.g., MS-CHAP-V2 but should at least tell what EAP messages are received
and sent and what their contents are.
Thanks!
Heikki
--
Heikki
e useful for debugging
these kinds of problems.
Thanks!
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS,
or tgz file, unpacking the
file will create a directory, for example Radiator-4.9, and the goodies
directory can be found from there.
Thanks!
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password,
function ‘pam_sm_authenticate’:
> pam_radius_auth.c:1102: warning: assignment from incompatible pointer type
Pointer vs pointer to pointer.
> cc -Wall -fPIC -m64 -c -o md5.o md5.c
> ld -Bshareable pam_radius_auth.o md5.o -lpam -o pam_radius_auth.so
> [root@app2 pam_radius-1.3.17]#
Thanks
tures and some bug fixes.
The TacacsPlus group cache GroupCacheFile now uses the IP address
of the client as part of the key, so that in situations where the
group name depends on the client the correct group name will be
retrieved
There are also many other Tacacs related changes. See the h
: + 351 253 60 40 20, Fax: +351 253 60 40 21
>
> VoIP: aman...@scom.uminho.pt
>
> email: aman...@scom.uminho.pt <mailto:aman...@scom.uminho.pt> |
> http://www.scom.uminho.pt <http://www.scom.uminho.pt/>
>
> --
e<198><175><228>X<175><180><150><184>s<179>4<146>&w<20><203><175><16><155>*<162><133><224><129>-
>
>>>> Message-Authenticator =
>
>>>> <0><0><0><0><0><0><0><0><
uthentication success and failure to the a file
> AuthLog myauthlogger
>
>
> Thanks for any hints and help!
>
>
> _______
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
--
Hei
want to talk to your local NREN about the certificates and
required configuration.
Thanks!
Heikki
> Regards
> Christian
>
> -Ursprüngliche Nachricht-
> Von: Heikki Vatiainen [mailto:h...@open.com.au]
> Gesendet: Donnerstag, 15. Dezember 2011 11:57
> An: Röver, Chris
see goodies/README for an index of
configuration examples and other related files. Studying them with the
reference manual, see doc/ref.pdf, will get you started.
Thanks!
Heikk
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, file
dn.microsoft.com/en-us/library/cc238354%28v=prot.13%29.aspx
This PEAP document is frequently updated and has text about version
negotiation but uses 0 for its own version.
In summary: there are multiple documents with different versions, but
version 0 seems to work the best among all implementat
d,sessi
> oningresscallid,sessionprotocoltype,statustype,timestamp) values
> ('<9e>^N^F','Matroos,16319
> ;tag=9tBN868U1B42S^^
> ','23c4e3e9-dc8b-122f-088a-5cf3fc962edc','23c4e3e9-dc8b-122f-088a-5cf3fc962
> edc','TRAITECH-DBN-VPR',
t; AcctLogFileName %L/%Y-%m-local-detail
> AuthBy PessoalAlunos
>
>
>
>
>
> UBI amiga do ambiente: Antes de imprimir este e-mail pense bem se tem mesmo
> que o fazer. As árvores são um bem imprescindível.
> ___
"5.13.1 Filename" for more about using pipes.
Heikki
On 02/23/2012 12:04 AM, Heikki Vatiainen wrote:
> On 02/22/2012 01:25 PM, G.N. wrote:
>
>> i would like to know if is possible to filter Authlog entry, logging all
>> except access from certain username.
>
>
nge how username lookup is done and if
password checking is needed. Be sure to check Trace 4 log to see how the
SQL queries and Radiator behaviour changes with the above options.
This might be the way to go if you can not configure your wlan gear to
send mac address as username as Mike suggested.
reader.
Thanks!
Heikki
> Thank's.
>
> G.
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable
ikki
> thanks again.
>
>
> On Fri, Feb 17, 2012 at 11:10 PM, Heikki Vatiainen <mailto:h...@open.com.au>> wrote:
>
> On 02/17/2012 03:27 AM, Jay Tuala wrote:
>
> > I followed the 'RPM format for Linux' link and accepted the license
>
still sounds like HTML file was
downloaded.
Running Radiator on a virtual machine is not a problem. It's actually
quite common.
Thanks!
Heikki
> Many thanks,
> Jay #radiatornewbie :-|
>
>
>
>
>
> On Fri, Feb 17, 2012 at 1:45 PM, Heikki Vatiainen <mailto
conda-ks.cfg install.log install.log.syslog
> Radiator-Locked-4.9-2.noarch.rpm
>
>
>
> I would greatly appreciate any help i can get.
>
>
> Many thanks,
> J
>
>
> ___
> radiator mailing list
> rad
t;<0><0><0><0><0><0><0><0><0><0>
> NAS-IP-Address = 10.1.2.3
> NAS-Identifier = "nas.fqdn.net"
> NAS-Port = 13
> Calling-Station-Id = "00-21-6a-42-e8-46"
> User-Na
est.
Thanks!
Heikki
> Please somebody help me.
>
> 2012/2/15 Heikki Vatiainen
>>
>> On 02/14/2012 05:34 PM, Mark Green wrote:
>>
>>> # The challenge is sent by the client in CHAP-Challenge.
>>> # If that is not set, the challenge is in the authen
NTERNAL and e.g., RequestHook or AuthHook instead.
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS,
d')); \
};
tp stands for tunnelled packet. It can be manipulated with
PreHandlerHook from the outer Handler.
Thanks!
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platy
ects
> to it.
>
> Cheers,
>
> Mike
>
>
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RAD
Lee
>> ___
>> radiator mailing list
>> radiator@open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>>
>>
> ___
> radiator mailing list
> radiator@open.com.au
> http:/
hing else than 'true' the request will be rejected. The hook will
then set the returned Reply-Message based on X-Reject-Msg which comes
from SQL call.
For more about the hook parameters, please see the reference manual.
Thanks!
Heikki
--
Heikki Vatiainen
Radiator: the most portable
2><148><220><133>Z<131>{\(K3<1>3
> Message-Authenticator =
> }<209><252><171><157><22><196><239><22><3><223>R=<177><203><204>
>
> Tue Feb 7 15:19:11 2012: DEBUG: Handling
d probably do
this by checking the output from openssl crl -nextupdate command and
then scheduling update based on that.
A quick search for possible scripts found this candidate. Maybe it might
be useful for ideas of how to do this?
http://www.id.ee/11051
See 'Sample script for automatic
gt;> failure
>>> FailureBackoffTime 0
>>>
>>> UsernameAttr samaccountname
>>> # don't check the password, just for phone number lookup
>>> #PasswordAttr
>>> ServerChecksPassword
>>>
7;ve done binary data through DBI before (to mysql) without a problem.. so
> I'm not sure where it might be getting lost here.
Hard to tell. I have not tried this myself.
Please keep us posted how it goes.
Thanks!
Heikki
> Thanks,
> Jared
>
>
> On Jan 24, 2012, at 5:59
happening here? For reference.. for
> development/debugging I'm attempting to serialize and store (in db field) a
> hash I'm creating with all the per packet name-value pairs.
Hard to tell. Examples would be useful :)
Thanks!
Heikki
--
Heikki Vatiainen
Radiator: the most p
hBy RADIUS forwards the accounting request it will
return IGNORE. Depending on what other AuthBys you have and how your
AuthByPolicy has been set (defaults to ContinueWhileIgnore), you may
need to do accounting forwarding with the last AuthBy
Thanks!
Heikki
--
Heikki Vatiainen
Radiator: the most
05 2012: DEBUG: Handling with Radius::AuthFILE:
> FILE_IP_check
> Fri Jan 20 12:33:05 2012: DEBUG: Radius::AuthFILE looks for match with
> ctac [ctac]
> Fri Jan 20 12:33:05 2012: DEBUG: Radius::AuthFILE REJECT: No such user:
> ctac [ctac]
> Fri Jan 20 12:33:05 2012: DEBUG:
It was there since the first version 3.12. I just tried with 3.12 client
and server config against 4.9 server and client config and they were
able to talk when Secret was changed to radsec.
With 3.12 you have to enable UseTLS explicitly. That was the other
change apart from port number I ha
d card, prepaid card works like mentioned above.
>
> Is it possible?
>
> We’ll looking forward to hear from you soon.
>
> Tnx.
>
>
>
>
>
> Хүндэтгэсэн,
>
> Я.Пүрэвбат
>
>
>
>
>
> _____
e
> p2p application his/her speed rate limitation will become 500kbps.
>
> Is it possible?
>
> We’ll looking forward to hear from you soon.
>
> Tnx.
>
>
>
> BR,
>
> Purevbat.Ya
>
>
>
>
>
> ______
On 01/17/2012 10:12 PM, Mike McCauley wrote:
> I wonder if he should also look at AuthBy OTP?
Good point. If not directly applicable, there might be good ideas how to
utilise e.g. Radiator's context framework.
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurabl
ecting the
correct handler for verifying the challenge.
# Check challenge here
# Generate OTP here and send challenge
# AD auth happens here
AddToReply State=whatever
Please let us know how it goes.
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible an
*
> To view the terms under which this email is distributed
> please go to http://www2.hull.ac.uk/legal/disclaimer.aspx
> **
>
>
>
> ___
> radiator mailing list
> radia
to use shibboleth for
WLAN authentication. Note that it does not enable encrypted radio, so
even if authentication is strong, users are still susceptiple for
eavesdropping.
Have you considered eduroam for federated authentcation?
Thanks!
Heikki
--
Heikki Vatiainen
Radiator: the most portable
iguration files to see what the configuration looks like. The
web gui would overwrite the comments which contain a lot of useful
information.
Please let us know how it goes.
Thanks!
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, D
nder different uids and groups. If the test instance tries to e.g.,
write to wrong log file, the file permissions should stop it causing any
actual harm.
Thanks!
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDA
8,
5,10 or 5.12 like this:
ppm install http://www.open.com.au/radiator/free-downloads/Win32-Lsa.ppd
Thanks!
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, T
> Attribute Value Pairs
> AVP: l=12 t=Vendor-Specific(26) v=REDCOM Laboratories, Inc(32167)
> VSA: l=6 t=Unknown-Attribute(1): string
>
>
> Steven Saverino
> Integration Lab
> One Redcom Center
> Victor, New York
> Phone: (585) 924-7550
> Exte
yet. Also, Radiator 4.9
without patches prints out some warnings about features that will be
removed in the future Perl releases. Maybe you could use 5.12 instead?
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files,
re possibility: you could consider a which would then use e.g. AuthBy
HASHBALANCE to distribute accouting requests to multiple Radiator
instances listening on loopback address. These instances would then push
the accounting requests into the database.
Thanks!
Heikki
--
Heikki Vatiainen
Radiator: th
Fri Dec 30 08:54:24 2011: DEBUG: Handling with AuthINTERNAL: AuthAccept
> Fri Dec 30 08:54:24 2011: DEBUG: AuthBy INTERNAL result: ACCEPT,
> Fixed by DefaultResult
> Fri Dec 30 08:54:24 2011: NOTICE: Started Post Authentication Hook
> for mikem
> Fri Dec 3
tly. Have you
checked Trace 4 logs for what is returned with Access-Accept messages?
The perl snippet in goodies seems to depend e.g., that the outer request
identity is anonymous which may not be the case.
Have you modified the hook in any way? It may require some fixes to get
it working better.
Th
t
also be one option if there's a problem with RADIUS authentication
and/or TACACS+ provides more features, such as command logging, that you
need.
Thanks!
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDA
rver would then implement 30 minute or
infinite locking. In other words, if your authentication backend
supports this, you would not need to do it with Radiator.
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP,
I think you are on the right track. You can use the DBI calls supported
by system DBI, for example.
Thanks!
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freesi
ere 'aaa' is the salt.
The example in ref.pdf should be {SSHA}k1qAjger6rE9fhCrig+QPZ/HTrJhYWE=
to make it less confusing, since the value is really a salted SHA, not a
plain SHA.
In other words, when Radiator sees {sha} or {ssha} it can run the same
password verify function. If the has
'. File hooks.txt has plenty of
examples but there are also other files that use hooks.
Thanks!
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, P
ork. Can you tell us how old the IOS version was you
were using?
Thanks!
Heikki
>
>
> /Regards,
> Indrajaya Pitra Perdana/
>
> On 12/17/2011 2:01 PM, viet...@indo.net.id wrote:
>>
>> I'm using Microsoft Windows XP Professional SP 2
>>
>> Quoting
> [1352] 12:03:42:671: << Sending Response (Code: 2) packet: Id: 3,
> Length: 80, Type: 13, TLS blob length: 70. Flags: L
> [1352] 12:03:42:671: EapPeapCMakeMessage done
> [1352] 12:03:42:671: EapPeapMakeMessage done
> [2004] 12:04:12:687: EapPeapEnd
> [2004] 12:04:12:687:
ing you could try first is to use even lower value for
EAPTLS_MaxFragmentSize
The messages before certifcate are much smaller and so this challenge
would be the first that can reach the maximum size.
Thanks!
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS ser
ere be a problem?
Sorry, I did not quite understand this. You can use SSL or TLS for LDAP
connections from Radiator without worries with RadSec.
I also just noticed you use AuthBy RADIUS too. Are you proxying PEAP and
TTLS inner authentication via RADIUS?
Thanks!
--
Heikki Vatiainen
Radi
;120128213155Z0<129><158>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0&
19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
> Demo Certificates1!0<
atabase. Based on radwho.cgi
Thanks!
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMA
e = Login
> Message-Authenticator =
> <243><254><249><158><160><208>E<182>u<1><240>Q$<184><186><26>
> EAP-Message = <2><1><0><24><1>usern...@otherinstitution.de
> NAS-Port-Type = Wireless-IEEE-802-11
_____
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, pas
used it myself, but apparently ntlm_auth should work with
that version.
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, T
TLS_CertificateFile
> C:/radius/certificates/server.institution.de.pem
>
>TLS_CertificateType PEM
>
> TLS_PrivateKeyFile
> C:/radius/certificates/server.institution.de.key
>
>
> ERR: Attribute number 250 (vendor 8744) is not defined in your dictionary
See above.
Thanks!
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, P
".
See Radiator disribution doc/ directory for the actual MIB files. IETF's
tools.ietf.org is probably the most convenient method to access the
files online. For example:
http://tools.ietf.org/html/rfc4669
Thanks!
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and
y to have so many questionsŠ
>
> Thanks,
> Joy
>
> On 12/8/11 5:26 PM, "Heikki Vatiainen" wrote:
>
>> On 12/09/2011 12:15 AM, Joy Veronneau wrote:
>>
>>> But if I do that, I will still have to have the names of the machines in
>>> the
heck.
Thanks!
Heikki
> Thanks,
>
> Joy
>
> On 12/8/11 5:07 PM, "Heikki Vatiainen" wrote:
>
>> On 12/07/2011 11:42 PM, Joy Veronneau wrote:
>>
>> Hello Joy,
>>
>>> I am still working on my machine based authentication config.
>
1x_tls
> Wed Dec 7 16:32:46 2011: DEBUG: Running command:
> /app/radius/scripts/authby.ADCERT
> Wed Dec 7 16:32:46 2011: DEBUG: External command exited with status 0
> Wed Dec 7 16:32:46 2011: DEBUG: AuthBy GROUP result: ACCEPT,
> Wed Dec 7 16:32:46 2011: DEBUG: Access accepted for
> CIT-JV11GTEST2.cit.cornell.edu
>
t check one thing. Why not just use
%{Acct-Output-Gigawords}? I think the NAS should already send it as integer?
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACA
ormare il mittente con l'invio di
> una risposta e-mail all'indirizzo di cui sopra e quindi eliminare il
> messaggio e la vostra risposta dal sistema. Se non siete destinatari della
> presente email siete obbligati a non utilizzare, divulgare, distribuire,
> copiare, s
ture.
If you decide to try how it works, please let us know of your results.
> Just curious if anyone has tried anything similar as we are looking to
> consolidate old SPARC hardware hence the possible above
> implementations.
>
> Thanks in advance for any feedback.
>
>
directory.
It worked and I think it's been available for a long time.
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active
gt;<151>+
> Attributes:
> EAP-Message = <1><9><0><17><13><128><0><0><0><7><21><3><1><0><2><2>-
> Message-Authenticator =
> <0><0><0><0><0>
rejects, redirect to authby2
> AuthByPolicy ContinueWhileReject
> NextAuthBy authby2
>
Notified. Thanks for the suggestion.
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emera
once
- same functionality as with individual files, just organised differently
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Dire
ge);
>
> [3] Compare the CHAP-Password received from the user's Access-Request vs
> the CHAP-Password that was converted as per item [2];
>
> [4] Whatever the result of item [3], my script will then do an "exit 0"
> or "exit 1".
>
> Please advice.
249><173>~
> [4] Whatever the result of item [3], my script will then do an "exit 0"
> or "exit 1".
Yes.
> Please advice. Thank you very much.
I think you got the steps correct.
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable
t and Radius/AuthGeneric.pm and check_chap function
calculate the values. That should clarify how CHAP-Password and
CHAP-Challenge work.
Thanks!
Heikki
> Thank you in advance.
>
>
> ___
> radiator mailing list
> radiator@open.com.au
> http:/
backend state machine of IEEE 802.1X.
>
>
>
>
>
>
>
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
--
Heikki Vatiainen
Radiator: the most portable, flexible an
ore details.
This approach gives you added benefit for being future proof. If you
later need to store the log e.g., into SQL you can replace AuthBy
INTERNAL with AuthBy SQL.
Please let us know how this works.
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable R
he machine cert and then check to see if the machine is in a
> certain group.
>
> I tried using but that really broke everything... I do
> have NTLM working for username/pw based authn but I need to do that AND
> machine based…
>
> I'd appreciate a hint. Thanks-
>
ook
> I can use on a per AuthBy basis to split the password?
>
> Jeff.
>
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
--
Heikki Vatiainen
Radiator: the most portable, flexible and configura
13:19 2011: DEBUG: AuthorizeGroup rule match found: permit .* {
> }
> Tue Nov 15 12:13:19 2011: INFO: Authorization permitted for connolly at
> xxx.xxx.11.242, group netadmin, args service=shell cmd=enable cmd-arg=
> Tue Nov 15 12:13:19 2011: DEBUG: TacacsplusConnection Authorization RESPONS
;150><130>J<181>
>
> Tue Nov 15 12:41:42 2011: DEBUG: Handling request with Handler '',
> Identifier ''
> Tue Nov 15 12:41:42 2011: INFO: Access rejected for
> host/CIT-JV11GTEST2.cit.cornell.edu: Invalid character in User-Name
> Tue Nov 15 1
acacsplusConnection Authorization REQUEST
> 1, 0, 1, 0, connolly, tty1, xxx.xxx.11.1, 3, service=shell cmd=exit
> cmd-arg=
> Tue Nov 15 11:16:07 2011: DEBUG: AuthorizeGroup rule match found: permit .* {
> }
> Tue Nov 15 11:16:07 2011: INFO: Authorization permitted for connolly a
cisco-avpair = "disc-cause-ext=9"
>
> cisco-avpair = "pre-session-time=7"
>
> cisco-avpair = "elapsed_time=4"
>
> cisco-avpair = "stop_time=1321370732"
>
> OSC-Version-Identifier = "192"
>
>
&
ice=shell"
>cisco-avpair = "start_time=1321368109"
>cisco-avpair = "disc-cause=1"
>cisco-avpair = "disc-cause-ext=9"
>cisco-avpair = "pre-session-time=6"
> cisco-avpair =
., accounting requests where it
may not always be possible to know if the key is already there or not.
The syntax errors are in a bit different category. Anyone please comment
on this if you see good reasons to or not to special syntax errors this way.
Thanks!
Heikki
--
Heikki Vatiainen
Radiat
ot;
>
> Service-Type = Login-User
>
> NAS-Identifier = "TACACS"
>
> User-Name = "xyz"
>
> User-Password = **obscured**
>
> *cisco-avpair = "action=1"*
>
> * cisco-avpair = "authen_type=1"*
&
list of known machines
available for Radiator.
Thanks!
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
| $reason =~ /Duplicate entry/im
> || $reason =~ /^ORA-1/;
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Director
701 - 800 of 1068 matches
Mail list logo