This may be the case now, but pretty sure we went down this road YEARS ago and
even with BindAddress, packets were still being sourced from the main IP
address. In the mailing list archives this argument may exist. I vaguely
remember being told by Hugh that it was not possible in Perl at the tim
In my experience this is not the case. It will LISTEN on those addresses for
sure. But it’s return packets are always sourced from the primary IP address of
the outgoing interface. DSR will work, but the clients will receive a response
from an IP address that is not of the configure RADIUS serve
On 27.07.2016 21:32, Robert Blayzor wrote:
> The problem with this I think is that Radiator responds with a source
> address of where the packet leaves. (at least that’s been my
> experience).
Yes, this happens by default when BindAddress is not configured.
The default is to bind the RADIUS list
As a general network design we try to stay away from multihomed servers
as much as possible as the server admins lack networking/routing
know-how which leads to failing connectivity all the time.
Direct server return has its own share of problems which is why we don't
use it anymore but this is pr
On 27/07/16 19:32, Robert Blayzor wrote:
> DSR load balancing assumes the real servers know about the load balanced VIP
> and is generally configured on a loopback.
>
> The problem with this I think is that Radiator responds with a source address
> of where the packet leaves. (at least that’s bee
DSR load balancing assumes the real servers know about the load balanced VIP
and is generally configured on a loopback.
The problem with this I think is that Radiator responds with a source address
of where the packet leaves. (at least that’s been my experience). Most clients
will probably igno
Thanks Shaun. This is good reading.
Barry
On Wed, Jul 27, 2016 at 11:38 AM, shaun gibson wrote:
> On 27/07/2016 18:14, Barry Ard wrote:
>
> > We are running into some challenges configuring a new environment for
> > Eduroam.
> >
> > Recently we have moved away from 2 servers running multiple ra
On 27/07/2016 18:14, Barry Ard wrote:
> We are running into some challenges configuring a new environment for
> Eduroam.
>
> Recently we have moved away from 2 servers running multiple radiator
> processes to a multiple VMs behind an F5 load balancer. This has been
> working well for our wireless
Indeed - the old adage is very true:
“Just because a packet can get somewhere does not mean that the reply
can get back….”
regards
Hugh
> On 1 Feb 2016, at 20:39, Hugo Veiga wrote:
>
> Hi,
>
> Heikki I bow to you. :)
>
> So the problem was this:
> (Topology)
> Radiator Machine/ I
Hi,
Heikki I bow to you. :)
So the problem was this:
(Topology)
Radiator Machine/ IP: 10.253.1.12/24
--Router--wireless switch/IP:10.240.1.1/24
- The radiator machine receives requests from wireless switch.
- Wireless switch never receives the answer.
:: So Radiator
On 01/26/2016 06:05 PM, Hugo Veiga wrote:
> Also tried another certificate but it's doing the same, it gets stuck
> and never reaches the inner handler.
I don't think this is a certificate or handler problem now. Previously
AuthBy INTERNAL was dropping the request, but now when you changed the
co
Hi,
I'm sorry Heikki I don't know why but I didn't receive your email (but a
friend of mine in this list as sent me yesterday).
So this is what I've tested/checked so far:
1 - Perl modules: In this list are the ones mentioned in the goodies file
for PEAP/MSCHAPv2 (# Requires Net_SSLeay.pm-1.21 o
Sorry For the waist of your time, and thanks for your point (I was
trying all possible things that I could remember and this went to the list
by mistake).
Also tried another certificate but it's doing the same, it gets stuck and
never reaches the inner handler.
Here is a trace from 4.16 with
In my original message I have by mistake a AuthBy INTERNAL in the outter
authentication it's actually a AuthBy SQL clause.
This is trace from radiator 4.9.
Tue Jan 26 15:01:15 2016: DEBUG: Handling request with Handler
'Realm=/^convidado$/i', Identifier ''
Tue Jan 26 15:01:15 2016: DEBUG: Delet
Hi,
On Tue, 26 Jan 2016, Hugo Veiga wrote:
> In my original message I have by mistake a AuthBy INTERNAL in the outter
> authentication it's actually a AuthBy SQL clause.
which is exactly why I made you test your 4.9 case.
AuthBy SQL supports EAP.
AuthBy FILE also supports EAP.
and as Heikki s
Hi,
On Tue, 26 Jan 2016, Hugo Veiga wrote:
> Hi Alan,
>
> I have the same config on radiator 4.9 and it works perfectly.
>
> About the stuff order ;) , I use the Authby as "functions" and usually I
> put them before the handlers, this is very practical to reuse code.
>
> As you suggested I tried t
Hi Alan,
I have the same config on radiator 4.9 and it works perfectly.
About the stuff order ;) , I use the Authby as "functions" and usually I
put them before the handlers, this is very practical to reuse code.
As you suggested I tried to put them after the handlers and I have the same
exact r
On 01/25/2016 07:57 PM, Hugo Veiga wrote:
> I'm upgrading from 4.9 to radiator 4.16 and I'm stuck because I can't
> get radiator to get to the inner authentication phase.
AuthBy INTERNAL does not work with EAP (PEAP in this case). It just
ignores the request by default.
If you had problems with
Try putting your stuff into order - your inner stuff , handlers et al , AFTER
the realm check (where you are then asking for a particular handler).
The goodies directory provides ready to go starting recipes for this stuff (so
you can see how handlers/inner work)
alan__
On 16.11.2015 13.32, a.l.m.bu...@lboro.ac.uk wrote:
> seems fussy about the upper/lower case eg
I'll see that this gets changed. I'd say case insensitive check is
enough here.
Thanks for reporting this!
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS
On 11/03/2015 10:25 PM, Ullfig, Roberto Alfredo wrote:
> Ah, the Android 6 support is in base 4.16 then - my mistake. Thanks!
Yes. 4.16 should do the right thing no matter what the OpenSSL and
Net::SSLeay versions are. It will also log during the startup about the
versions it finds and what they c
2:22 PM
To: radiator@open.com.au
Subject: Re: [RADIATOR] Radiator Version 4.16 released - security fixes,
enhancements and new features
On 11/03/2015 09:54 PM, Ullfig, Roberto Alfredo wrote:
> Also, is it typical for patches to not be released in RPMs?
Yes, the patches work best with the .
On 11/03/2015 09:54 PM, Ullfig, Roberto Alfredo wrote:
> Also, is it typical for patches to not be released in RPMs?
Yes, the patches work best with the .tgz package:
- untar the release .tgz
- untar the patches on top of this
- then proceed with 'perl Makefile.PL' as described in the installation
:48 PM
To: radiator@open.com.au
Subject: Re: [RADIATOR] Radiator Version 4.16 released - security fixes,
enhancements and new features
We installed the previous version from RPM. Should we remove that RPM before
installing this version plus patches?
---
Roberto Ullfig – rull...@uic.edu
ACCC
We installed the previous version from RPM. Should we remove that RPM before
installing this version plus patches?
---
Roberto Ullfig – rull...@uic.edu
ACCC Research Programmer
-Original Message-
From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On
Behalf Of Heik
Hi,
>Oh man!
>
>In other words it's a waste of good money to pay for a signed certificate.
for your own internal 802.1X (where you are only directly authenticating your
own users
(and that includes eg eduroam) - yes. best practice is to use a self-signed CA
(you have the
same issues
il: Jesper Skou Jensen
Cc: radiator@open.com.au
Emne: Re: [RADIATOR] Radiator, WPA2, certificates and untrusted
Hi Jesper,
I think this is normal behavior.
In eduroam we install the CA's root-certificate in the client/supplicant. (The
'eduroam CAT' crafted installer does so).
The
Hi Jesper,
I think this is normal behavior.
In eduroam we install the CA’s root-certificate in the client/supplicant. (The
'eduroam CAT’ crafted installer does so).
The clients certificate store is the responsibility of the browser (in a
laptop).
So, in a web context your server-certificate is
On 16.7.2015 17.04, Nick Lowe wrote:
> In conjunction with https://tools.ietf.org/html/rfc7465 , it is
> probably time for RADIUS servers to comply with this by default unless
> explicitly configured otherwise:
Thanks for the RC4 reminder Nick.
This configuration is now possible with Radiator. I
On 16.7.2015 18.10, Hartmaier Alexander wrote:
> On 2015-07-16 15:07, Heikki Vatiainen wrote:
>> There's also an example of how to use a custom module, possibly modified
>> from Radius/LogFormat.pm, to change the formatting or add new formats.
> I know because I was the one who requested the featu
On 2015-07-16 15:07, Heikki Vatiainen wrote:
> On 16.7.2015 13.42, Hartmaier Alexander wrote:
>
>> I couldn't find info about CEF and JSON logging in the reference manual,
>> should be included at least as keywords with a pointer to the
>> 'logformat.cfg' goodies file although I'd prefer having it
RC4 is particularly broken now:
https://www.rc4nomore.com
https://www.rc4nomore.com/vanhoef-usenix2015.pdf
In conjunction with https://tools.ietf.org/html/rfc7465 , it is
probably time for RADIUS servers to comply with this by default unless
explicitly configured otherwise:
"o TLS servers MUST N
On 16.7.2015 13.42, Hartmaier Alexander wrote:
> I couldn't find info about CEF and JSON logging in the reference manual,
> should be included at least as keywords with a pointer to the
> 'logformat.cfg' goodies file although I'd prefer having it in the main docs.
Good point. I'll see that CEF an
Hi Heikki,
that's a great release!
I couldn't find info about CEF and JSON logging in the reference manual,
should be included at least as keywords with a pointer to the
'logformat.cfg' goodies file although I'd prefer having it in the main docs.
Is there a way to log the used TLS version and cip
On 03/19/2015 02:49 PM, Heikki Vatiainen wrote:
> On 03/19/2015 12:18 PM, Laurent Duru wrote:
>
>> Thu Mar 19 11:11:11 2015: ERR: Execute failed for 'select PASS_WORD,
>> STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM,
>> VALIDTO from RADUSERS where USERNAME=‘X'': Can't
On 03/19/2015 12:18 PM, Laurent Duru wrote:
> Thu Mar 19 11:11:11 2015: ERR: Execute failed for 'select PASS_WORD,
> STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM,
> VALIDTO from RADUSERS where USERNAME=‘X'': Can't call method
> "prepare" on an undefined value at /usr/l
Hi,
F5 load balancers have been used successfully for RADIUS load balancing for
years
(its essential for the load balancer to be RADIUS protocol aware and ensure the
same session goes to the same backend)
alan
___
radiator mailing list
radiator@open.c
Sorry,
Just a typo in the radius config file... Sorry to cause this trouble
Met vriendelijke groeten/With kind regards,
Karel van der Velden
[KPN-logo]
Ananke
Goddess of necessity, inevitability and compulsion
Godin van de noodzakelijkheid, onvermijdelijkheid en dwangmatigheid
NET
e a package for the Mikrotik? MikrotikSessionMIB.pm
>
>
>> -Original Message-
>> From: nath...@fsr.com
>> Sent: Mon, 8 Dec 2014 05:30:26 -0800
>> To: m.abdelsa...@wimd.com.kw, radiator@open.com.au
>> Subject: Re: [RADIATOR] Radiator+Mikrotik
>>
>
ikSessionMIB.pm
>
>
>> -Original Message-
>> From: nath...@fsr.com
>> Sent: Mon, 8 Dec 2014 05:30:26 -0800
>> To: m.abdelsa...@wimd.com.kw, radiator@open.com.au
>> Subject: Re: [RADIATOR] Radiator+Mikrotik
>>
>> On Monday, December 08, 2014 12:16 AM, Mahmoud Ab
iator@open.com.au
> Subject: Re: [RADIATOR] Radiator+Mikrotik
>
> On Monday, December 08, 2014 12:16 AM, Mahmoud Abdelsalam wrote:
>
>> Hello all,
>>
>> As Mikrotik doesn't support COA for PPPoE, so I used Disconnect-Request,
>> the hook script will send Dis
hello
It is possible to create a package for the Mikrotik? MikrotikSessionMIB.pm
> -Original Message-
> From: nath...@fsr.com
> Sent: Mon, 8 Dec 2014 05:30:26 -0800
> To: m.abdelsa...@wimd.com.kw, radiator@open.com.au
> Subject: Re: [RADIATOR] Radiator+Mikrotik
>
>
You need to specify the cmd-arg multiple times, one for each space
separated argument:
authorizedgroup deny service=shell cmd=changeto
cmd-arg=context cmd-arg=system
authorizedgroup permit service=shell cmd=changeto
cmd-arg=context cmd-arg=
authorizedgroup deny .*
BR Alex
On 2015-01-05 15:2
On 5.1.2015 15.34, Steve Normoyle wrote:
> I have a Cisco ASA with multiple context. I am trying to deny the use
> of the command "changeto context system", but allow authorized group to
> be able to change to any of the other context. When user types in the
> command they get denied.
Hello Ste
On Monday, December 08, 2014 12:16 AM, Mahmoud Abdelsalam wrote:
> Hello all,
>
> As Mikrotik doesn't support COA for PPPoE, so I used Disconnect-Request,
> the hook script will send Disconnect-Request to Mikrotik once the session
> exceeds the quota, here is how i send Disconnect-Request:
[sn
Hi Heikki,
The same problems with the certificates :(
Thanks for your this suggestion,
Imanol
On Thu, Jun 19, 2014 at 9:17 PM, Heikki Vatiainen wrote:
> On 06/19/2014 12:46 AM, Imanol Fuidio wrote:
>
> > I have repeated the test on an iphone with IOS7 configuring a TLS
> > profile with the C
On 06/19/2014 12:46 AM, Imanol Fuidio wrote:
> I have repeated the test on an iphone with IOS7 configuring a TLS
> profile with the CA in der format. The same problem.
> The log is also in https://gist.github.com/ifdm001/57c03984282f33406aec
Maybe you could try with the certificates that come wit
Hi Heikki,
The same test repeated with Second Phase as none and the same problem.
As you have said, this should have nothing to do with EAP TLS.
I have repeated the test on an iphone with IOS7 configuring a TLS profile
with the CA in der format. The same problem.
The log is also in https://gist.g
On 06/18/2014 02:04 PM, Imanol Fuidio wrote:
> The WiFi configuration is: EAP method TLS, Phase 2 PAP, User
> certificate, Identiy user
Phase 2 PAP looks odd. This would make sense with EAP-TTLS, but I am not
sure what it could mean with EAP-TLS.
> Wed Jun 18 11:49:35 2014: ERR: EAP TLS error: -
Excellent - Thanks Hugh.
-Original Message-
From: Hugh Irvine [mailto:h...@open.com.au]
Sent: Thursday, 12 June 2014 4:05 PM
To: Michael Bellears
Cc: radiator@open.com.au
Subject: Re: [RADIATOR] Radiator / Radmin - bulk add users
Hello Michael -
See buildsql in the main Radiator
Hello Michael -
See buildsql in the main Radiator distribution directory.
See also section 10.0 in the Radiator 4.13 reference manual (“doc/ref.pdf”).
Here is the help for buildsql:
Radiator-4.13 hugh$ perl buildsql -h
usage: buildsql [-h] -dbsource dbi:drivername:option
[-dbusername dbu
On 2014-05-05 15:39, Heikki Vatiainen wrote:
> On 05/05/2014 04:18 PM, Hartmaier Alexander wrote:
>
>>> Yes, the inner EAP-TLS creates fragments of size 1310 and based on your
>>> message, I understand when these are given to outer PEAP for TLS
>>> tunneling and transport, the result is too large:
On 05/05/2014 04:18 PM, Hartmaier Alexander wrote:
>> Yes, the inner EAP-TLS creates fragments of size 1310 and based on your
>> message, I understand when these are given to outer PEAP for TLS
>> tunneling and transport, the result is too large: it does not fit in 1350.
> Can you add a critical
On 2014-05-05 15:02, Heikki Vatiainen wrote:
> On 05/05/2014 03:01 PM, Hartmaier Alexander wrote:
>
>>> The correct number in your case is something between 1250 and 1300 when
>>> you have outer fragment size 1350? That is, when you have 1350 as outer
>>> fragment size, 1250 works but 1300 does not
On 05/05/2014 03:01 PM, Hartmaier Alexander wrote:
>> The correct number in your case is something between 1250 and 1300 when
>> you have outer fragment size 1350? That is, when you have 1350 as outer
>> fragment size, 1250 works but 1300 does not.
> So what you're saying is that 1350 for the oute
On 2014-05-05 13:53, Heikki Vatiainen wrote:
> On 05/02/2014 03:24 PM, Hartmaier Alexander wrote:
>
>> I've configured the outer PEAP Handler with EAPTLS_MaxFragmentSize 1350
>> and removed the value 1250 (1300 which we use for wired dot1x seems to
>> be too large) from the inner TLS handler which
On 05/02/2014 03:24 PM, Hartmaier Alexander wrote:
> I've configured the outer PEAP Handler with EAPTLS_MaxFragmentSize 1350
> and removed the value 1250 (1300 which we use for wired dot1x seems to
> be too large) from the inner TLS handler which makes it fail the same
> way as when configuring 13
Hi,
the following new feature seems to not work as I'd expect it:
PEAP and EAP-TTLS now make maximum fragment size available for inner
authentication protocols. EAP-TLS was improved to use this information.
This allows PEAP/EAP-TLS and EAP-TTLS/EAP-TLS to work better with
environments with variable
On 04/14/2014 07:07 AM, Adam O'Reilly wrote:
> Just wanting to find out the reasoning behind this:
> 200 my $bsid = $p->get_attr('WiMAX-BS-ID');
> 201 ($napid, $bsid) = unpack('a3 a3', $bsid)
>
> The reason is we are seeing WiMAX-BS-ID come in like this
> WiMAX-BS-ID = 000XXXX001
Thank you, I will try tagging values for the reply...
On 03/26/2014 12:47 PM, Sami Keski-Kasari wrote:
> Hello Roberto,
>
> The RFC2868 defines that tunnel attributes includes Tag field before
> value. Some NASes are needing that it is defined and some not.
>
> Try for example with
>
> mikem2 Use
Hello Roberto,
The RFC2868 defines that tunnel attributes includes Tag field before
value. Some NASes are needing that it is defined and some not.
Try for example with
mikem2 User-Password=fred
Service-Type = Framed-User,
Tunnel-Private-Group-ID = 0:,
Tunnel-Medium-Type
Thank you for your promptly answer, but I have the same effect if I put
the VLAN name or numeric ID. Do you have any other idea that can help me
to resolve this problem.
Best regards.
On 03/26/2014 11:37 AM, Hartmaier Alexander wrote:
> On 2014-03-26 18:40, Roberto Pantoja wrote:
>> I have a prob
Hi,
On 03/26/2014 06:40 PM, Roberto Pantoja wrote:
> I have a problem trying to assign dynamic VLANs to users on a
> WPA2-Enterprise configuration. Users have successful authentication and
> if I don't send the Radius Attribute "Tunnel-Private-Group-ID" The
> Wireless Controller connects me to th
On 2014-03-26 18:40, Roberto Pantoja wrote:
I have a problem trying to assign dynamic VLANs to users on a WPA2-Enterprise
configuration. Users have successful authentication and if I don't send the
Radius Attribute "Tunnel-Private-Group-ID" The Wireless Controller connects me
to the default VLa
Salut Pascal -
Bonne Annee 2014!
There are many examples of how to do this in the Radiator source code.
Here is an extract from “Radius/AuthLDAP2.pm”:
#
# Check a password for a DN, by attempting to bind with a
# supplied pa
On 10/15/2013 10:41 PM, Sevilla, Norman A wrote:
> The only function that we are unable to migrate successfully is 8021.x
> wireless authentication. The Windows-based version used Authby LSA so
> the MSCHAP-V2 challenge worked successfully. On the Linux-based system,
> Authby LDAP2 is finding my
On 10/04/2013 12:31 AM, a.l.m.bu...@lboro.ac.uk wrote:
> ATTRIBUTE NAS-IPv6-Address95 ipaddrv6
>
> however, it appears that this attribute type (ipaddrv6) has
> some interplay problem with the server. ie If you have a RADIUS packet
> going through RADIATOR on a host tha
Thanks for the response too bad though. Unfortunately, we can only have
one radius server instance per NAS (and a backup), but this particular NAS
supports the radius proxy clients which are the problem.
M
On 2013-09-13, at 6:39 AM, Sami Keski-Kasari wrote:
> Hello Michael,
>
> CachePass
Hello Michael,
CachePasswords doesn't work with EAP, it works only with PAP
authentication. So it won't help you in this situation.
My advice is that you should add more hosts for authentication or if you
have a lot of accounting traffic then it might a good solution if you
have separate insta
Hi,
> 1.)Radiator has to fix AuthRADSEC. The user has to choose to use
>extended-Ids in the Proxy-State Attribut if the upstream proxy
>will handle this. By default it should use 8 Bit Identifiers.
>
> 2.)radsecproxy has to fix the self generated Access-Rejects.
>I
Hi,
Am 15.07.2013 09:15, schrieb a.l.m.bu...@lboro.ac.uk:
> Hi,
>
>> 1272017248108...@wlan.mnc001.mcc262.3gppnetwork.org
>
> 3gppnetwork realms are invalid. ..just like hotmail, gmail, yahoo etc -
> until a notice comes from eduroam stating that these realms now have agreed
> relationship, they ar
Hi,
> status-server musnt be proxiedits only for the first-hop check of
> a remote proxy and not the end target - but that surely isnt the issue?
> a Status-Server message is easy to deal with - you just send something back
> to show you are alive - RADIATOR has been sending a basic statts pag
Hi,
> 1272017248108...@wlan.mnc001.mcc262.3gppnetwork.org
3gppnetwork realms are invalid. ..just like hotmail, gmail, yahoo etc -
until a notice comes from eduroam stating that these realms now have agreed
relationship, they are public realms and not within the private scheme of
eduroam.
> RF
Hi Alex, hi radiator team,
Am 14.07.2013 19:48, schrieb Alan Buxey:
> Hi
>
> As an end site you really shouldn't be sending invalid realms to your
> national proxy... but there does seem to be something odd gong on here.
I sent it to test this situation. As an eduroam ServiceProvider I don't
know
Hi
As an end site you really shouldn't be sending invalid realms to your national
proxy... but there does seem to be something odd gong on here. . their system
should be just sending back a straight access reject. If radsecproxy doesn't
like extended proxy id (or the config doesn't allow it )
Am 14.07.2013 17:28, schrieb Karl Gaissmaier:
...
> Worse, it seems that buggy clients with unroutable @Realms trigger
> answers with proxy-state stripped. So I get NoreplyTimeouts for
> any buggy client request and my upstream connections break away.
>
> Seems that all german @Realms in eduroam u
Am 12.07.2013 11:28, schrieb Heikki Vatiainen:
> this sounds like a normal EAP-TLS setup from the RADIUS/EAP server's
> perspective. Please see goodies/eap_tls.cfg for EAP-TLS examples. I do
> not think it matters to the servers side whether the private key is
> stored in a TPM chip or in a file.
On 07/11/2013 07:31 PM, Florian Kabus wrote:
> We would like to authenticate Win 7 endpoints with certificates stored
> on the TPM and thus based on the identity deny or permit access to the
> enterprise network.
Hello Florian,
this sounds like a normal EAP-TLS setup from the RADIUS/EAP server
Hi Heikki,
Am 07.07.2013 21:19, schrieb Heikki Vatiainen:
...
> Yes, that seems to be it. Thanks everyone for locating the change. I was
> thrown off a bit since I was under the impression it fails with stock
> 4.11. That's not the case but the change is in the 4.11 patches. It's
> also not spec
On 07/06/2013 06:24 PM, Karl Gaissmaier wrote:
>> could it just be that the configuration checker has a b0rkeness
>> as the server runs okay when NOT using '-c' ?
>
> yep, found in Configurable.pm
Yes, that seems to be it. Thanks everyone for locating the change. I was
thrown off a bit since I w
Hi,
until now I checked my old cfg for new Radiaror versions before I
upgraded to the newer version in production.
With this bug it's not possible to do this any more.
Worse, if the AuthBy clause is really missing, the warning is the same.
Am 06.07.2013 19:53, schrieb Garry Shtern:
> When you
: Re: [RADIATOR] Radiator 4.11: WARNING: Could not find AuthBy clause
with Identifier ...
Hi,
> yep, found in Configurable.pm
>
> >#
> ># Load a particular class module and construct and return an instance
>
Hi,
> yep, found in Configurable.pm
>
> >#
> ># Load a particular class module and construct and return an instance
> ># return undef if it didnt work
> >sub load
> >{
> >my ($file, $class, @args) = @_;
> >
> >my $ret;
>
Am 06.07.2013 15:51, schrieb a.l.m.bu...@lboro.ac.uk:
> Hi,
>
>
> 2013-04-30 Configurable.pm
> Configuration file check no longer activates clauses which could cause
> spurious error messages.
> Requested by Garry Shtern.
>
> ?
>
> could it just be that the configuration checker has a b0rk
Hi,
2013-04-30 Configurable.pm
Configuration file check no longer activates clauses which could cause
spurious error messages.
Requested by Garry Shtern.
?
could it just be that the configuration checker has a b0rkeness
as the server runs okay when NOT using '-c' ?
alan
Hi,
> safeword.cfg fails here too but the reason is missing module. Also,
> there's no Identifier or Handler in my goodies/safeword.cfg, it uses
> Handler DEFAULT. Is that really goodies/safeword.cfg or something else?
the version that comes with 4.11 but running radiator 4.11 with patches
howe
Hi together,
I tried it now with 4.11 *without* patches. All other parameters are
identical, and now the config file check with Identifiers work.
> mizar:.../tmp# /radiator/perl-5.12.4/bin/perl -I
> /radiator/install-4.11/lib/site_perl/ /radiator/install-4.11/bin/radiusd -c
> -log_stdout -trac
On 07/06/2013 03:25 PM, a.l.m.bu...@lboro.ac.uk wrote:
> goodies/safeword.cfg
>
> that fails in the same way (its a naked Handler statement instead of a
> Realm statement - but still has an identifier that is not recognised)
safeword.cfg fails here too but the reason is missing module. Also,
th
Hi,
> > I just tried goodies/minimal.cfg with freshly installed Solaris 11.1,
> > September 2012. Perl is 5.12.4 that comes with the system. Radiator is
> > unpatched 4.11.
>
> but in the goodies/simple.cfg is no 'Identifier' used.
> Please add an Identifier and try it again.
goodies/safeword.cf
Hi,
to confirm this via my own tests:
on Solaris:
Sat Jul 6 13:01:00 2013: WARNING: Could not find AuthBy clause with Identifier
myinternal
Sat Jul 6 13:01:00 2013: DEBUG: Finished reading configuration file 'test.cfg'
on Linux:
Sat Jul 6 12:59:22 2013: DEBUG: Finished reading configurati
Hi Heikki,
thanks for working an saturday. The Radiator team is as usaual great!
Am 06.07.2013 10:21, schrieb Heikki Vatiainen:
> On 07/06/2013 11:04 AM, Karl Gaissmaier wrote:
>
>> the cfg is clean, 4.9 is working fine
>>>
# radiusd -c -log_stdout -trace 5 -config_file /tmp/radiator-config
On 07/06/2013 11:04 AM, Karl Gaissmaier wrote:
> the cfg is clean, 4.9 is working fine
>>
>>> # radiusd -c -log_stdout -trace 5 -config_file /tmp/radiator-config
Can you add -foreground option to the options too? And be extra careful
to not to miss any complaints that come to stdout only and for
Hi,
Am 05.07.2013 23:15, schrieb Christian Kratzer:
> Hi,
>
> just verified your minimal configuration with a clean Radiator-4.11 plus
> patches installation:
thank you very much!
> there must be something wrong in your installation or even your config.
the cfg is clean, 4.9 is working fine
>
>
Hi,
> The next test on monday is a fresh, newer perl installation.
> What perl version do you have on solaris?
perl 5, version 12, subversion 2 (v5.12.2)
alan
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiat
Am 05.07.2013 23:53, schrieb a.l.m.bu...@lboro.ac.uk:
> Hi,
>
>> there must be something wrong in your installation or even your config.
>
> check the config doesnt have wierd characters in it I guess... 'cat -v
> /tmp/radiator-config'
>
> there were some changes as the move to 4.11 occured to dea
Hi,
> there must be something wrong in your installation or even your config.
check the config doesnt have wierd characters in it I guess... 'cat -v
/tmp/radiator-config'
there were some changes as the move to 4.11 occured to deal with the config
strings
in better ways -
alan
__
Hi,
> Sounds really fishy, just wondering if someone else sees the same problem.
no. have updated through 4.9m 4.10 and 4.11 by just getting latest version,
applying
patches and then 'make install' - thats on Solaris as on Linux. the only thing
that
I can think of is some required library isnt
Hi,
just verified your minimal configuration with a clean Radiator-4.11 plus
patches installation:
[root@test-centos64 Radiator-4.11]# cat /tmp/radius.cfg
Foreground
LogStdout
LogDir .
DbDir .
Trace 4
Identifier myinternal
AuthResult REJECT
Hi Christian, RADIATOR team and listeners,
Am 05.07.2013 18:57, schrieb Christian Kratzer:
...
> just saw that you start with:
>
>
>
> and close with:
>
>
uups, sorry but in my original cfg there isn't such a typo
and if I correct this stupid error it's the same problem
as before.
>
Hi,
On Fri, 5 Jul 2013, Karl Gaissmaier wrote:
> Hi RADIATOR team,
>
> I tried to upgrade from 4.9 to 4.11 (up to date patches applied) and I'm
> no longer able to parse my old cfg file.
>
> >>> Identifiers are no longer recognized. <<<
>
> I stripped it down to the bare minimum:
>
>> Foreground
1 - 100 of 894 matches
Mail list logo
