Hello list members,
Radiator mailing lists and list archives are migrating to a new server
soon. This requires no action from you. A message will be posted through
the migrated list when the operation has finished. This should happen
later today.
The current mailing list address,
We are pleased to announce the release of Radiator version 4.17
This version contains enhancements, new features, security and other
fixes described below.
As usual, the new version is available to current licensees
and evaluators from:
https://www.open.com.au/radiator/downloads.html
Licensees
This may be the case now, but pretty sure we went down this road YEARS ago and
even with BindAddress, packets were still being sourced from the main IP
address. In the mailing list archives this argument may exist. I vaguely
remember being told by Hugh that it was not possible in Perl at the
In my experience this is not the case. It will LISTEN on those addresses for
sure. But it’s return packets are always sourced from the primary IP address of
the outgoing interface. DSR will work, but the clients will receive a response
from an IP address that is not of the configure RADIUS
On 27.07.2016 21:32, Robert Blayzor wrote:
> The problem with this I think is that Radiator responds with a source
> address of where the packet leaves. (at least that’s been my
> experience).
Yes, this happens by default when BindAddress is not configured.
The default is to bind the RADIUS
As a general network design we try to stay away from multihomed servers
as much as possible as the server admins lack networking/routing
know-how which leads to failing connectivity all the time.
Direct server return has its own share of problems which is why we don't
use it anymore but this is
On 27/07/16 19:32, Robert Blayzor wrote:
> DSR load balancing assumes the real servers know about the load balanced VIP
> and is generally configured on a loopback.
>
> The problem with this I think is that Radiator responds with a source address
> of where the packet leaves. (at least that’s
DSR load balancing assumes the real servers know about the load balanced VIP
and is generally configured on a loopback.
The problem with this I think is that Radiator responds with a source address
of where the packet leaves. (at least that’s been my experience). Most clients
will probably
Thanks Shaun. This is good reading.
Barry
On Wed, Jul 27, 2016 at 11:38 AM, shaun gibson wrote:
> On 27/07/2016 18:14, Barry Ard wrote:
>
> > We are running into some challenges configuring a new environment for
> > Eduroam.
> >
> > Recently we have moved away from 2 servers
On 27/07/2016 18:14, Barry Ard wrote:
> We are running into some challenges configuring a new environment for
> Eduroam.
>
> Recently we have moved away from 2 servers running multiple radiator
> processes to a multiple VMs behind an F5 load balancer. This has been
> working well for our
We are running into some challenges configuring a new environment for
Eduroam.
Recently we have moved away from 2 servers running multiple radiator
processes to a multiple VMs behind an F5 load balancer. This has been
working well for our wireless infrastructure but has been posing challenges
as
*** Sending to 10.240.1.1 port 20004
*
There are multiple retransmits back and forth and the authentication
does not proceed.
I would check the Wi-Fi controller logs and make sure it is receiving
the responses from Radiator.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
;
> >
> 10.240.1.1(20004): retransmit reply
>
> >
> Tue Jan 26 15:54:57 2016: DEBUG: Packet dump:
>
> >
> *** Sending to 10.240.1.1 port 20004
>
>
> There are multiple retransmits back and forth and the authentication
> does not proceed.
>
On 01/26/2016 06:05 PM, Hugo Veiga wrote:
> Also tried another certificate but it's doing the same, it gets stuck
> and never reaches the inner handler.
I don't think this is a certificate or handler problem now. Previously
AuthBy INTERNAL was dropping the request, but now when you changed the
Hi,
I'm sorry Heikki I don't know why but I didn't receive your email (but a
friend of mine in this list as sent me yesterday).
So this is what I've tested/checked so far:
1 - Perl modules: In this list are the ones mentioned in the goodies file
for PEAP/MSCHAPv2 (# Requires Net_SSLeay.pm-1.21
Hi,
On Tue, 26 Jan 2016, Hugo Veiga wrote:
> Hi Alan,
>
> I have the same config on radiator 4.9 and it works perfectly.
>
> About the stuff order ;) , I use the Authby as "functions" and usually I
> put them before the handlers, this is very practical to reuse code.
>
> As you suggested I tried
Hi Alan,
I have the same config on radiator 4.9 and it works perfectly.
About the stuff order ;) , I use the Authby as "functions" and usually I
put them before the handlers, this is very practical to reuse code.
As you suggested I tried to put them after the handlers and I have the same
exact
Hi,
On Tue, 26 Jan 2016, Hugo Veiga wrote:
> In my original message I have by mistake a AuthBy INTERNAL in the outter
> authentication it's actually a AuthBy SQL clause.
which is exactly why I made you test your 4.9 case.
AuthBy SQL supports EAP.
AuthBy FILE also supports EAP.
and as Heikki
In my original message I have by mistake a AuthBy INTERNAL in the outter
authentication it's actually a AuthBy SQL clause.
This is trace from radiator 4.9.
Tue Jan 26 15:01:15 2016: DEBUG: Handling request with Handler
'Realm=/^convidado$/i', Identifier ''
Tue Jan 26 15:01:15 2016: DEBUG:
Sorry For the waist of your time, and thanks for your point (I was
trying all possible things that I could remember and this went to the list
by mistake).
Also tried another certificate but it's doing the same, it gets stuck and
never reaches the inner handler.
Here is a trace from 4.16 with
Try putting your stuff into order - your inner stuff , handlers et al , AFTER
the realm check (where you are then asking for a particular handler).
The goodies directory provides ready to go starting recipes for this stuff (so
you can see how handlers/inner work)
On 01/25/2016 07:57 PM, Hugo Veiga wrote:
> I'm upgrading from 4.9 to radiator 4.16 and I'm stuck because I can't
> get radiator to get to the inner authentication phase.
AuthBy INTERNAL does not work with EAP (PEAP in this case). It just
ignores the request by default.
If you had problems with
On 16.11.2015 13.32, a.l.m.bu...@lboro.ac.uk wrote:
> seems fussy about the upper/lower case eg
I'll see that this gets changed. I'd say case insensitive check is
enough here.
Thanks for reporting this!
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and
hi,
seems fussy about the upper/lower case eg
WARNING: Clause Authby closed in /etc/radiator/radius.cfg line 121 does not
match currently open clause AuthBy from /etc/radiator/radius.cfg line 118
# Local test realm
# Strip realm
RewriteUsername s/^([^@]+).*/$1/
On 11/03/2015 10:25 PM, Ullfig, Roberto Alfredo wrote:
> Ah, the Android 6 support is in base 4.16 then - my mistake. Thanks!
Yes. 4.16 should do the right thing no matter what the OpenSSL and
Net::SSLeay versions are. It will also log during the startup about the
versions it finds and what they
On 11/03/2015 09:54 PM, Ullfig, Roberto Alfredo wrote:
> Also, is it typical for patches to not be released in RPMs?
Yes, the patches work best with the .tgz package:
- untar the release .tgz
- untar the patches on top of this
- then proceed with 'perl Makefile.PL' as described in the
2:22 PM
To: radiator@open.com.au
Subject: Re: [RADIATOR] Radiator Version 4.16 released - security fixes,
enhancements and new features
On 11/03/2015 09:54 PM, Ullfig, Roberto Alfredo wrote:
> Also, is it typical for patches to not be released in RPMs?
Yes, the patches work best with the .
:48 PM
To: radiator@open.com.au
Subject: Re: [RADIATOR] Radiator Version 4.16 released - security fixes,
enhancements and new features
We installed the previous version from RPM. Should we remove that RPM before
installing this version plus patches?
---
Roberto Ullfig – rull...@uic.edu
ACCC
Of Heikki Vatiainen
Sent: Tuesday, October 27, 2015 4:57 AM
To: radiator@open.com.au
Subject: [RADIATOR] Radiator Version 4.16 released - security fixes,
enhancements and new features
We are pleased to announce the release of Radiator version 4.16
This version contains two important security fixes
We are pleased to announce the release of Radiator version 4.16
This version contains two important security fixes. Upgrade is
recommended. Please review OSC security
advisory OSC-SEC-2015-02 for more information:
https://www.open.com.au/OSC-SEC-2015-02.html
As usual, the new version is
Hi,
>Oh man!
>
>In other words it's a waste of good money to pay for a signed certificate.
for your own internal 802.1X (where you are only directly authenticating your
own users
(and that includes eg eduroam) - yes. best practice is to use a self-signed CA
(you have the
same issues
Skou Jensen
Cc: radiator@open.com.au
Emne: Re: [RADIATOR] Radiator, WPA2, certificates and untrusted
Hi Jesper,
I think this is normal behavior.
In eduroam we install the CA's root-certificate in the client/supplicant. (The
'eduroam CAT' crafted installer does so).
The clients certificate store
Hi Jesper,
I think this is normal behavior.
In eduroam we install the CA’s root-certificate in the client/supplicant. (The
'eduroam CAT’ crafted installer does so).
The clients certificate store is the responsibility of the browser (in a
laptop).
So, in a web context your server-certificate is
Hello people,
I'm in the process of renewing a certificate for our Radiator setup and I've
run into a bit of problem.
The problem is that I can't get clients to trust the WPA2 certificate when
connecting to the network. Eg. Windows 7, an iPhone and probably other clients
too.
On the iOS I
On 16.7.2015 18.10, Hartmaier Alexander wrote:
On 2015-07-16 15:07, Heikki Vatiainen wrote:
There's also an example of how to use a custom module, possibly modified
from Radius/LogFormat.pm, to change the formatting or add new formats.
I know because I was the one who requested the feature
On 16.7.2015 17.04, Nick Lowe wrote:
In conjunction with https://tools.ietf.org/html/rfc7465 , it is
probably time for RADIUS servers to comply with this by default unless
explicitly configured otherwise:
Thanks for the RC4 reminder Nick.
This configuration is now possible with Radiator.
Hi Heikki,
that's a great release!
I couldn't find info about CEF and JSON logging in the reference manual,
should be included at least as keywords with a pointer to the
'logformat.cfg' goodies file although I'd prefer having it in the main docs.
Is there a way to log the used TLS version and
On 16.7.2015 13.42, Hartmaier Alexander wrote:
I couldn't find info about CEF and JSON logging in the reference manual,
should be included at least as keywords with a pointer to the
'logformat.cfg' goodies file although I'd prefer having it in the main docs.
Good point. I'll see that CEF and
RC4 is particularly broken now:
https://www.rc4nomore.com
https://www.rc4nomore.com/vanhoef-usenix2015.pdf
In conjunction with https://tools.ietf.org/html/rfc7465 , it is
probably time for RADIUS servers to comply with this by default unless
explicitly configured otherwise:
o TLS servers MUST
On 2015-07-16 15:07, Heikki Vatiainen wrote:
On 16.7.2015 13.42, Hartmaier Alexander wrote:
I couldn't find info about CEF and JSON logging in the reference manual,
should be included at least as keywords with a pointer to the
'logformat.cfg' goodies file although I'd prefer having it in the
We are pleased to announce the release of Radiator version 4.15
This version contains fixes for an EAP-MSCHAP-V2 and EAP-pwd
vulnerability. Upgrade is recommended. Please review OSC security
advisory OSC-SEC-2015-01 for more information:
https://www.open.com.au/OSC-SEC-2015-01.html
As usual, the
On 03/19/2015 02:49 PM, Heikki Vatiainen wrote:
On 03/19/2015 12:18 PM, Laurent Duru wrote:
Thu Mar 19 11:11:11 2015: ERR: Execute failed for 'select PASS_WORD,
STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM,
VALIDTO from RADUSERS where USERNAME=‘X'': Can't call
Hello,
My configuration as is :
Blue server : Radiator + Radmin + Mysql Master
Red Server : Mysql Slave
There is a Master-Slave Replication between blue and red, I need to avoid
Radiator writes on Red.
In my Radiator config I use a Read/Write account to connect to Blue and a Read
Only
On 03/19/2015 12:18 PM, Laurent Duru wrote:
Thu Mar 19 11:11:11 2015: ERR: Execute failed for 'select PASS_WORD,
STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM,
VALIDTO from RADUSERS where USERNAME=‘X'': Can't call method
prepare on an undefined value at
Hello,
Right now we are using Radiator's own load balancer. Would using an F5 Load
Balancer to load balance make any sense and would it work? Their product is
here:
https://f5.com
We use it for other services but they are all tcp based. Thanks!
---
Roberto Ullfig - rull...@uic.edu
ACCC
hello
It is possible to create a package for the Mikrotik? MikrotikSessionMIB.pm
-Original Message-
From: nath...@fsr.com
Sent: Mon, 8 Dec 2014 05:30:26 -0800
To: m.abdelsa...@wimd.com.kw, radiator@open.com.au
Subject: Re: [RADIATOR] Radiator+Mikrotik
On Monday, December 08
@open.com.au
Subject: Re: [RADIATOR] Radiator+Mikrotik
On Monday, December 08, 2014 12:16 AM, Mahmoud Abdelsalam wrote:
Hello all,
As Mikrotik doesn't support COA for PPPoE, so I used Disconnect-Request,
the hook script will send Disconnect-Request to Mikrotik once the
session
exceeds the quota
-Original Message-
From: nath...@fsr.com
Sent: Mon, 8 Dec 2014 05:30:26 -0800
To: m.abdelsa...@wimd.com.kw, radiator@open.com.au
Subject: Re: [RADIATOR] Radiator+Mikrotik
On Monday, December 08, 2014 12:16 AM, Mahmoud Abdelsalam wrote:
Hello all,
As Mikrotik doesn't support COA
It is possible to create a package for the Mikrotik? MikrotikSessionMIB.pm
-Original Message-
From: nath...@fsr.com
Sent: Mon, 8 Dec 2014 05:30:26 -0800
To: m.abdelsa...@wimd.com.kw, radiator@open.com.au
Subject: Re: [RADIATOR] Radiator+Mikrotik
On Monday, December 08, 2014 12:16 AM, Mahmoud
Sorry,
Just a typo in the radius config file... Sorry to cause this trouble
Met vriendelijke groeten/With kind regards,
Karel van der Velden
[KPN-logo]
Ananke
Goddess of necessity, inevitability and compulsion
Godin van de noodzakelijkheid, onvermijdelijkheid en dwangmatigheid
You need to specify the cmd-arg multiple times, one for each space
separated argument:
authorizedgroup readonly group deny service=shell cmd=changeto
cmd-arg=context cmd-arg=system
authorizedgroup readonly group permit service=shell cmd=changeto
cmd-arg=context cmd-arg=other context name
I have a Cisco ASA with multiple context. I am trying to deny the use of the
command changeto context system, but allow authorized group to be able to
change to any of the other context. When user types in the command they get
denied.
I have entered
authorizedgroup readonly group permit
On 5.1.2015 15.34, Steve Normoyle wrote:
I have a Cisco ASA with multiple context. I am trying to deny the use
of the command changeto context system, but allow authorized group to
be able to change to any of the other context. When user types in the
command they get denied.
Hello Steve,
Hello all,
As Mikrotik doesn't support COA for PPPoE, so I used Disconnect-Request, the
hook script will send Disconnect-Request to Mikrotik once the session exceeds
the quota, here is how i send Disconnect-Request:
my @coa_attrs = (User-Name=$user_name, Acct-Session-Id=$sess_id,
On Monday, December 08, 2014 12:16 AM, Mahmoud Abdelsalam wrote:
Hello all,
As Mikrotik doesn't support COA for PPPoE, so I used Disconnect-Request,
the hook script will send Disconnect-Request to Mikrotik once the session
exceeds the quota, here is how i send Disconnect-Request:
[snip]
We are pleased to announce the release of Radiator version 4.14
This version contains a fix for an EAP authentication vulnerability.
Upgrade is strongly recommended. Please review OSC security advisory
OSC-SEC-2014-01 for more information:
https://www.open.com.au/OSC-SEC-2014-01.html
As usual,
We are pleased to announce the availability of the first release of
preconfigured Radiator and RAdmin evaluation virtual machine.
The virtual machine image is available from the usual location:
http://www.open.com.au/radiator/
The virtual machine is configured to respond to RADIUS, TACACS+ and
Hi Heikki,
The same problems with the certificates :(
Thanks for your this suggestion,
Imanol
On Thu, Jun 19, 2014 at 9:17 PM, Heikki Vatiainen h...@open.com.au wrote:
On 06/19/2014 12:46 AM, Imanol Fuidio wrote:
I have repeated the test on an iphone with IOS7 configuring a TLS
profile
On 06/19/2014 12:46 AM, Imanol Fuidio wrote:
I have repeated the test on an iphone with IOS7 configuring a TLS
profile with the CA in der format. The same problem.
The log is also in https://gist.github.com/ifdm001/57c03984282f33406aec
Maybe you could try with the certificates that come with
Hi everyone,
In the company we have performed some tests on EAP TLS.
We are using Radiator-4.13 with the goodie eap_tls.cfg.
We have created self-signed certificates through the script: script.sh
(You can find the script, as well as the certificates in
On 06/18/2014 02:04 PM, Imanol Fuidio wrote:
The WiFi configuration is: EAP method TLS, Phase 2 PAP, User
certificate, Identiy user
Phase 2 PAP looks odd. This would make sense with EAP-TTLS, but I am not
sure what it could mean with EAP-TLS.
Wed Jun 18 11:49:35 2014: ERR: EAP TLS error: -1,
Hi Heikki,
The same test repeated with Second Phase as none and the same problem.
As you have said, this should have nothing to do with EAP TLS.
I have repeated the test on an iphone with IOS7 configuring a TLS profile
with the CA in der format. The same problem.
The log is also in
Excellent - Thanks Hugh.
-Original Message-
From: Hugh Irvine [mailto:h...@open.com.au]
Sent: Thursday, 12 June 2014 4:05 PM
To: Michael Bellears
Cc: radiator@open.com.au
Subject: Re: [RADIATOR] Radiator / Radmin - bulk add users
Hello Michael -
See buildsql in the main Radiator
Hello Michael -
See buildsql in the main Radiator distribution directory.
See also section 10.0 in the Radiator 4.13 reference manual (“doc/ref.pdf”).
Here is the help for buildsql:
Radiator-4.13 hugh$ perl buildsql -h
usage: buildsql [-h] -dbsource dbi:drivername:option
[-dbusername
Hi,
We have a need to add ~150users to Radmin - Doing this via the (Radmin) web
interface would be tedious/error-prone - Is anyone aware of a script to bulk
add users?
Cheers.
___
radiator mailing list
radiator@open.com.au
On 05/02/2014 03:24 PM, Hartmaier Alexander wrote:
I've configured the outer PEAP Handler with EAPTLS_MaxFragmentSize 1350
and removed the value 1250 (1300 which we use for wired dot1x seems to
be too large) from the inner TLS handler which makes it fail the same
way as when configuring 1300.
On 2014-05-05 13:53, Heikki Vatiainen wrote:
On 05/02/2014 03:24 PM, Hartmaier Alexander wrote:
I've configured the outer PEAP Handler with EAPTLS_MaxFragmentSize 1350
and removed the value 1250 (1300 which we use for wired dot1x seems to
be too large) from the inner TLS handler which makes
On 05/05/2014 03:01 PM, Hartmaier Alexander wrote:
The correct number in your case is something between 1250 and 1300 when
you have outer fragment size 1350? That is, when you have 1350 as outer
fragment size, 1250 works but 1300 does not.
So what you're saying is that 1350 for the outer
On 2014-05-05 15:02, Heikki Vatiainen wrote:
On 05/05/2014 03:01 PM, Hartmaier Alexander wrote:
The correct number in your case is something between 1250 and 1300 when
you have outer fragment size 1350? That is, when you have 1350 as outer
fragment size, 1250 works but 1300 does not.
So what
On 05/05/2014 04:18 PM, Hartmaier Alexander wrote:
Yes, the inner EAP-TLS creates fragments of size 1310 and based on your
message, I understand when these are given to outer PEAP for TLS
tunneling and transport, the result is too large: it does not fit in 1350.
Can you add a critical
On 2014-05-05 15:39, Heikki Vatiainen wrote:
On 05/05/2014 04:18 PM, Hartmaier Alexander wrote:
Yes, the inner EAP-TLS creates fragments of size 1310 and based on your
message, I understand when these are given to outer PEAP for TLS
tunneling and transport, the result is too large: it does
Hi,
the following new feature seems to not work as I'd expect it:
PEAP and EAP-TTLS now make maximum fragment size available for inner
authentication protocols. EAP-TLS was improved to use this information.
This allows PEAP/EAP-TLS and EAP-TTLS/EAP-TLS to work better with
environments with
We are pleased to announce the release of Radiator version 4.13
This version contains one new module for authenticating against YubiKey
validation server and YubiHSM, some significant new features and bug fixes.
As usual, the new version is available to current licensees from:
Hello Everyone,
Radiator SIM support version 1.42 is now released. This version supports
Radiator 4.13 and provides small updates to the recently released
version 1.41.
We are also pleased to announce the availability of SIM cards for those
who evaluate Radiator SIM support. We can provide mini,
On 04/14/2014 07:07 AM, Adam O'Reilly wrote:
Just wanting to find out the reasoning behind this:
200 my $bsid = $p-get_attr('WiMAX-BS-ID');
201 ($napid, $bsid) = unpack('a3 a3', $bsid)
The reason is we are seeing WiMAX-BS-ID come in like this
WiMAX-BS-ID = 000XXXX001
Hello Everyone,
Just wanting to find out the reasoning behind this:
22 # $Id: AuthWIMAX.pm,v 1.21 2012/12/13 20:19:47 mikem Exp $
.
200 my $bsid = $p-get_attr('WiMAX-BS-ID');
201 ($napid, $bsid) = unpack('a3 a3', $bsid)
202 if (defined $bsid);
The reason is we are
On 2014-03-26 18:40, Roberto Pantoja wrote:
I have a problem trying to assign dynamic VLANs to users on a WPA2-Enterprise
configuration. Users have successful authentication and if I don't send the
Radius Attribute Tunnel-Private-Group-ID The Wireless Controller connects me
to the default VLan
Hi,
On 03/26/2014 06:40 PM, Roberto Pantoja wrote:
I have a problem trying to assign dynamic VLANs to users on a
WPA2-Enterprise configuration. Users have successful authentication and
if I don't send the Radius Attribute Tunnel-Private-Group-ID The
Wireless Controller connects me to the
Thank you for your promptly answer, but I have the same effect if I put
the VLAN name or numeric ID. Do you have any other idea that can help me
to resolve this problem.
Best regards.
On 03/26/2014 11:37 AM, Hartmaier Alexander wrote:
On 2014-03-26 18:40, Roberto Pantoja wrote:
I have a
as spam.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo
/X7j9AwsBAS3GX2PQPOmvUmkxeMeR4%21FmwYL%21b%21gsSiAI7lo7et4NX6Fo9FCU0sXr2U9s6bVQO2bgE3KctAewCA==
to report this email as spam.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
Hi,
yesterday we have experienced twice a situation where Radiator stops to respond
to requests apparently because the server was stuck in the execution of a
script.
Here is what we saw in the logfile :
Tue Jan 14 13:13:56 2014: DEBUG: Deleting session for demk2801, 10.40.0.130, 1
Tue Jan 14
On 10/15/2013 10:41 PM, Sevilla, Norman A wrote:
The only function that we are unable to migrate successfully is 8021.x
wireless authentication. The Windows-based version used Authby LSA so
the MSCHAP-V2 challenge worked successfully. On the Linux-based system,
Authby LDAP2 is finding my
hi,
RADIATOR has a definition for the NAS-IPv6-Address attribute in
its dictionary file.
ATTRIBUTE NAS-IPv6-Address95 ipaddrv6
however, it appears that this attribute type (ipaddrv6) has
some interplay problem with the server. ie If you have a RADIUS packet
going
We are pleased to announce the release of Radiator version 4.12.1
This version contains one bug fix and one enhancement. A bug in AuthBy
SQL prevented it from loading with certain configurations.
As usual, the new version is available to current licensees from:
Hello Michael,
CachePasswords doesn't work with EAP, it works only with PAP
authentication. So it won't help you in this situation.
My advice is that you should add more hosts for authentication or if you
have a lot of accounting traffic then it might a good solution if you
have separate
Thanks for the response too bad though. Unfortunately, we can only have
one radius server instance per NAS (and a backup), but this particular NAS
supports the radius proxy clients which are the problem.
M
On 2013-09-13, at 6:39 AM, Sami Keski-Kasari wrote:
Hello Michael,
In a previous discussion regarding Loadbalancing radius requests, we instituted
the AuthBy EAPBALANCE method to proxy requests to departmental radius
servers. We have been running this method for close to 6 months and have been
pretty satisfied with the result. Of late, however, the client
We are pleased to announce the release of Radiator version 4.12
This version contains two new modules, AuthBy DUO and AuthBy DIAMETER,
some significant new features and bug fixes.
As usual, the new version is available to current licensees from:
http://www.open.com.au/radiator/downloads/
and to
Hi,
1272017248108...@wlan.mnc001.mcc262.3gppnetwork.org
3gppnetwork realms are invalid. ..just like hotmail, gmail, yahoo etc -
until a notice comes from eduroam stating that these realms now have agreed
relationship, they are public realms and not within the private scheme of
eduroam.
RFC
Hi,
status-server musnt be proxiedits only for the first-hop check of
a remote proxy and not the end target - but that surely isnt the issue?
a Status-Server message is easy to deal with - you just send something back
to show you are alive - RADIATOR has been sending a basic statts page
Hi,
Am 15.07.2013 09:15, schrieb a.l.m.bu...@lboro.ac.uk:
Hi,
1272017248108...@wlan.mnc001.mcc262.3gppnetwork.org
3gppnetwork realms are invalid. ..just like hotmail, gmail, yahoo etc -
until a notice comes from eduroam stating that these realms now have agreed
relationship, they are
Hi,
1.)Radiator has to fix AuthRADSEC. The user has to choose to use
extended-Ids in the Proxy-State Attribut if the upstream proxy
will handle this. By default it should use 8 Bit Identifiers.
2.)radsecproxy has to fix the self generated Access-Rejects.
If a
Hi radiator team,
now I proved my suspicion, that the upstream radsecproxy is stripping
the radiator proxy-state, at least in status-server requests.
I used monkey patching in AuthBy RADSEC, just quick and dirty
to get the result (you know, it's sunday):
Sun Jul 14 16:56:43 2013 009313: DEBUG:
Am 14.07.2013 17:28, schrieb Karl Gaissmaier:
...
Worse, it seems that buggy clients with unroutable @Realms trigger
answers with proxy-state stripped. So I get NoreplyTimeouts for
any buggy client request and my upstream connections break away.
Seems that all german @Realms in eduroam using
Hi
As an end site you really shouldn't be sending invalid realms to your national
proxy... but there does seem to be something odd gong on here. . their system
should be just sending back a straight access reject. If radsecproxy doesn't
like extended proxy id (or the config doesn't allow it )
Hi Alex, hi radiator team,
Am 14.07.2013 19:48, schrieb Alan Buxey:
Hi
As an end site you really shouldn't be sending invalid realms to your
national proxy... but there does seem to be something odd gong on here.
I sent it to test this situation. As an eduroam ServiceProvider I don't
know if
On 07/11/2013 07:31 PM, Florian Kabus wrote:
We would like to authenticate Win 7 endpoints with certificates stored
on the TPM and thus based on the identity deny or permit access to the
enterprise network.
Hello Florian,
this sounds like a normal EAP-TLS setup from the RADIUS/EAP server's
Am 12.07.2013 11:28, schrieb Heikki Vatiainen:
this sounds like a normal EAP-TLS setup from the RADIUS/EAP server's
perspective. Please see goodies/eap_tls.cfg for EAP-TLS examples. I do
not think it matters to the servers side whether the private key is
stored in a TPM chip or in a file.
Hello,
I know this is maybe not the right place to ask, but as my last hope:
Are there any experiences, resources, hints regarding implementation of
an TPM platform authentication on windows clients in conjunction with
radiator?
classic scenario:
We would like to authenticate Win 7 endpoints
1 - 100 of 1136 matches
Mail list logo