Hi,
Radiator doesn't send the RejectReason when using AuthHANDLER but instead the
hardcoded return string from AuthHANDLER.pm.
This is an excerpt of my config:
AuthByPolicyContinueUntilIgnore
# Show any rejection reason to the end user
RejectHasReason
AuthAttrDef
st Radiator 4.6 patches.
>
> regards
>
> Hugh
>
>
> On 28 Jun 2010, at 18:35, Alexander Hartmaier wrote:
>
> > Hi,
> >
> > Radiator doesn't send the RejectReason when using AuthHANDLER but instead
> > the hardcoded return
Hi,
I'm fighting a Radiator problem since today where Radiator sends the tacacs+
reply to the client 20 seconds after receiving an radius reply from another
Radiator server.
That's our config:
Key foo
Port 49
AuthorizationTimeout 600
IdleTimeout 600
# Group attribute
n able to reproduce this problem here.
>
> The only thing I can think of is some DNS lookup (or similar) that is taking
> a long time.
>
> Is there any more information you can provide?
>
> regards
>
> Hugh
>
>
> On 1 Jul 2010, at 01:28, Alexander Hartmaie
Hi,
Radiator is written in Perl, so check line 14 of Makefile.PL and figure
out what's going wrong.
Maybe some of your Perl modules are too old.
32MB of memory are really not much!
Radiator takes 28MB on our prod server which isn't really a lot for a
Perl app.
--
Best regards, Alex
Am Donnersta
ny B"
# Last row can be a comma separated list of flag names
map $client->{$_}++, split(/,/, $row[25]);
Is the 25th field the ClientHook or something else?
Whatfor are those 'flags'?
--
Alexan
Thanks Hugh!
--
Best regards, Alex
Am Dienstag, den 07.09.2010, 15:30 +0200 schrieb Hugh Irvine:
> Hello Alex -
>
> Thanks - we'll check this for the next release.
>
> regards
>
> Hugh
>
>
> On 7 Sep 2010, at 03:56, Alexander Hartmaier wrote:
>
We've written our own init scripts because the one installed by the rpm
stops all radiusd processes and not just the one you want.
Last week we where bugged by this because the rpm also overwrites the
init script without creating an .rpmsave file.
@Hugh: if you want to improve both the rpm spec fi
We have the same need and I've written some hooks that do what you want.
We have multiple radiator instances proxying tacacs+ requests to our central
instance with radius.
We use the OSC-Group-Identifier radius attribute for the tacacsgroup on the
outer instances and build the ldap dn from it on
Hi Hugh,
we started to use the ClientListSQL feature too but get an Oracle SQL
timeout error in the logs whenever Radiator tries to refresh the list,
works on startup.
Any idea why and how we can debug this?
--
Best regards, Alex
Am Mittwoch, den 22.09.2010, 00:25 +0200 schrieb Hugh Irvine:
>
patch level are you
> at?
>
> Cheers.
>
> On Saturday 09 October 2010 03:24:09 am Alexander Hartmaier wrote:
> > Hi Hugh,
> >
> > we started to use the ClientListSQL feature too but get an Oracle SQL
> > timeout error in the logs whenever Radiator tries to
e.hostid = tblhost.hostid) WHERE device.fk_collector = 5': SQL Timeout
--
Best regards, Alex
Am Montag, den 11.10.2010, 23:27 +0200 schrieb Mike McCauley:
Hello Alexander,
On Tuesday 12 October 2010 03:07:16 am Alexander Hartmaier wrote:
> Hi Mike,
>
> 4.7 rpm, without patches.
llo Alex,
>
> Thanks for the log.
> Can we pls see a bit more of the log, maybe a few hundred lines before the
> error.
> Are you quite sure you dant have a 4.7 patch set installed?
>
> Cheers.
>
> On Thursday 14 October 2010 09:01:09 pm Alexander Hartmaier wrote:
>
Hi Mike,
I've encountered the problem on another server today which was running
4.7 without a patchset.
I've installed the same patchset as on the other server and upgraded DBI
and DBD::Oracle and hope this fixes it.
The error I've seen here is:
ORA-03113: end-of-file on communication channel
Pro
Still happens with newest DBI and DBD::Oracle.
I assume radiator doesn't close the db connection and a firewall removes
it from its state table which leads to dropped packets after an hour
when radiator tries to use the db connection again.
You might want to look into DBIx::Connector which handles
3:31 +0200, Mike McCauley wrote:
> Hello Alexander,
>
> maybe you could reduce the RefreshPeriod in your ClientListSQL to less than an
> hour (or whatever the retain time is in the firewall is) so the SQL session
> stays up?
>
> Cheers.
>
> On Friday 29 October 2010 12:36:02 am
stating the minimum required version per dist.
--
Alexander Hartmaier
T-Systems Austria GesmbH
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*&qu
Strawberry Perl is the Perl of choice on Windows these days:
http://strawberryperl.com
Best regards, Alex
Am 2011-04-07 00:13, schrieb Heikki Vatiainen:
> On 04/06/2011 05:09 PM, Remco van Noorloos wrote:
>
>> We are planning to install Radiator on a Windows Server 2008 R2
>> server. I checked th
Hi guys,
radiator exits when encountering a sql timeout:
Sat May 14 18:28:12 2011: ERR: Execute failed for 'SELECT device.ipaddr,
'statickey', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, device.hostid, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
'OSC-Group-Identifier=' ||
, schrieb Heikki Vatiainen:
> On 05/16/2011 02:26 PM, Alexander Hartmaier wrote:
>
> Hello Alexander,
>
>> radiator exits when encountering a sql timeout:
>>
>> Sat May 14 18:28:12 2011: ERR: Execute failed for 'SELECT device.ipaddr,
>> 'statickey', N
-log_stdout is compatible with -daemon too.
Best regards, Alex
Am 2011-05-16 17:58, schrieb Heikki Vatiainen:
> On 05/16/2011 06:21 PM, Alexander Hartmaier wrote:
>
>> this one runs on a debian 4 vm using the distro perl version 5.8.8.
>> DBI is version 1.616, DBD::Oracle version
I haven't configured forking so we should be safe.
Am 2011-05-16 19:05, schrieb Heikki Vatiainen:
> On 05/16/2011 07:58 PM, Alexander Hartmaier wrote:
>> My init file is from the goodies dir.
> Ok, then we have to work around Debian specific things a bit.
>
>> Beca
eikki Vatiainen:
> On 05/16/2011 08:33 PM, Alexander Hartmaier wrote:
>> I haven't configured forking so we should be safe.
> Sorry, I may have been a bit unclear about which fork I was meaning.
> When Radiator is started without --foreground it will fork. If Fork has
> been config
Use different handlers for the tacacs clients.
You can use ClientListSQL or ClientListLDAP if you already have the
devices with their ips in a database or ldap directory.
BR Alex
Am 2011-05-17 23:28, schrieb James:
> Is there a way to set GroupMemberAttr per client?
>
> I want some devices to pul
In my endless quest for a working init script to ease config for new
users here's a patch against Radiator-4.8 + patches from today (this
includes two patches to the linux init script).
This is to make it work on a Debian 6 box with Radiator installed with
perl Makefile.PL; make install which insta
oximatly once per day, maybe a Monday-morning bug.
>
> Best regards, Alex
>
> Am 2011-05-16 23:02, schrieb Heikki Vatiainen:
>> On 05/16/2011 08:33 PM, Alexander Hartmaier wrote:
>>> I haven't configured forking so we should be safe.
>> Sorry, I may have been a bit u
Vatiainen:
> On 05/24/2011 05:06 PM, Alexander Hartmaier wrote:
>> Since changing the init script line 37 from:
>> [ -z "${RADIUSD_ARGS}" ]&& RADIUSD_ARGS="-config_file $RADIATOR_CONFIG
>> -daemon $RADIATOR_ARGS"
>> [ -z "${RADIUSD_ARGS}" ]
I have a NoReplyHook that always sends accepts:
NoReplyHook file:"%D/reply-accept.hook"
$ cat reply-accept.hook
sub {
my $p = ${$_[0]};
my $fp = ${$_[1]};
my $rp = ${$_[2]};
$rp->set_code('Access-Accept');
# reply to the Client that sent the request
$p->{Client}->replyTo($p);
0 which is
one hour, it only seems to try every two hours.
Am 2011-05-30 14:02, schrieb Heikki Vatiainen:
> On 05/25/2011 07:09 PM, Alexander Hartmaier wrote:
>
>> no, this is only acting as tacacs+ server without any db logging.
> Thanks for confirming this.
>
>> # refresh
Hi,
I'm currently implementing dot1x for our wired and wireless
infrastructure (various Cisco switches, mostly 4500 and Cisco 5508
Wireless LAN Controllers).
I've installed radiator in a Debian 6 VM with openssl 1.0.0d from
testing for CRL reloading support although I'm not sure if this is still
ne
Am 2011-06-02 09:54, schrieb Heikki Vatiainen:
> On 06/01/2011 07:17 PM, Alexander Hartmaier wrote:
>
>> Everything is working good so far but for the case that a non-company
>> client has dot1x enabled on the interface I'd like to switch the port to
>> our guest
Am 2011-06-03 16:47, schrieb Heikki Vatiainen:
> On 06/03/2011 11:35 AM, Alexander Hartmaier wrote:
>
>>> What happens when you detect a non-company client? Have you configured
>>> Radiator to return Access-Accept with appropriate attributes for guest VLAN?
>> Yes, t
Does this mean that we can't bind to IPv4 and IPv6 separately on Linux
to not get v6 mapped v4 addresses?
Am 2011-06-09 19:50, schrieb Heikki Vatiainen:
> On 06/09/2011 05:37 PM, Dyonisius Visser wrote:
>> Well, I installed a second instance on a dual stack host, and I tested
>> various combinatio
Awesome reply Heikki, thanks!
I recommend you add an IPv6 section to the pdf documentation including this!
Am 2011-06-14 15:21, schrieb Heikki Vatiainen:
> On 06/14/2011 11:45 AM, Alexander Hartmaier wrote:
>> Does this mean that we can't bind to IPv4 and IPv6 separately on Linux
&g
>
> Note that although the refresh interval is configured for 3600 which is
> one hour, it only seems to try every two hours.
>
> Am 2011-05-30 14:02, schrieb Heikki Vatiainen:
>> On 05/25/2011 07:09 PM, Alexander Hartmaier wrote:
>>
>>> no, this is only acting as tacac
Hi,
we have the need to map users with membership in multiple groups into
tacacs groups to decide if the user is allowed to login (authentication)
and what the user is allowed to do (authorization).
We solved the authentication by multiple authby ldap2's for the
different ldap groups in an authby
s.
>
> Cheers.
>
> On Friday 08 July 2011 09:51:08 pm Heikki Vatiainen wrote:
>> On 07/07/2011 01:26 PM, Alexander Hartmaier wrote:
>>> we have the need to map users with membership in multiple groups into
>>> tacacs groups to decide if the user is allowed
Hi guys,
what's the status of crl reloading?
I've installed openssl 1.0.0 from Debian testing on a Debian stable
server but it still fails with
ERR: Failed to add CRL file '/etc/radiator/certificates/foo.crl.pem':
error:0B07D065:x509 certificate routines:X509_STORE_add_crl:cert already
in hash tabl
So a reload after every crl download is still the only solution?
Adding the crl download and refresh functionality to Radiator would be a
welcome addition!
Cheers, Alex
Am 2011-08-08 09:41, schrieb Heikki Vatiainen:
> On 08/02/2011 01:59 PM, Alexander Hartmaier wrote:
>
> Hello
Am 2011-08-09 10:35, schrieb Heikki Vatiainen:
> On 08/08/2011 05:59 PM, Alexander Hartmaier wrote:
>> So a reload after every crl download is still the only solution?
> Unfortunately this seems to be currently the only solution.
>
>> Adding the crl download and refresh func
I found out what is required to make 802.1x work with WPA2-Enterprise + AES:
the AuthBy of the outer handler needs AutoMPPEKeys configured so that
the Cisco WLC generates the PMK and starts the 4-way PTK handshake.
This graph shows the complete flow:
http://kimiushida.com/bitsandpieces/articles/fl
Hi Heikki,
Am 2011-09-14 08:54, schrieb Heikki Vatiainen:
> On 09/13/2011 03:38 PM, Alexander Hartmaier wrote:
>> I found out what is required to make 802.1x work with WPA2-Enterprise + AES:
>> the AuthBy of the outer handler needs AutoMPPEKeys configured so that
>> the Ci
Note that Perl never frees memory back to the OS once it has allocated
it although it might be unused internally.
Am 2011-09-30 14:41, schrieb Michael:
> I noticed an increase of memory usage over time as well on radiusd. Quite a
> long time though, but an increase non-the-less. 10% right now for
I've tried a lot of different values and looked at the radius packets coming
from our switches (for wired dot1x):
peap 1350, inner tls 1300
peap 1400, inner tls 1360
peap 1412, inner tls 1350
In the end I've used 1350/1300 because increasing it any further towards the
limit didn't lower the num
Thanks Mike!
Am 2011-10-11 23:23, schrieb Mike McCauley:
> Hello Alex,
>
> On Tuesday 11 October 2011 09:35:08 pm Alexander Hartmaier wrote:
>> I've tried a lot of different values and looked at the radius packets
>> coming from our switches (for wired dot1x): peap 13
f the AuthBy RADIUS clauses.
I strongly recommend to *NOT* use Synchronous, *EVER*.
Best regards, Alexander Hartmaier
Am 2011-11-23 02:21, schrieb Martin Burton:
Oops, forgot one important keyword in there. You need to put the
Synchronous flag in the AuthBy RADIUS clause for host1. If you don&#
cation if
possible!
Best regards, Alex
Am 2011-11-25 00:37, schrieb Judy Angel:
> Have you solved the multi hosts config in another way?
> Judy
>
> --On 24 November 2011 16:51 +0100 Alexander Hartmaier
> wrote:
>
>> Synchronous will block the Radiator process until a r
Yes, working here fine since years, what problems are you encountering?
config:
AuthorizeGroup Admins permit service=shell cmd\* {priv-lvl=15}
Best regards, Alex
Am 2011-12-12 17:34, schrieb Kim, Steve:
Does anyone try CISCO ASA authentication with TACACS+?
I have TACACS+ working with CIS
onfig that I'm using:
AuthorizeGroup netadmin permit service=shell cmd\* {priv-lvl=15}
AuthorizeGroup netadmin permit .*
Is there anything that I need to do on ASA?
Thanks,
Steve.
*From:*radiator-boun...@open.com.au
[mailto:radiator-boun...@open.com.au] *On Behalf Of *Alexander Hartma
policy
<http://www.davispolk.com/files/uploads/davispolk.master.privacypolicy.sep10.pdf>
located at www.davispolk.com <http://www.davispolk.com/> for important
information on this policy.
*From:*radiator-boun...@open.com.au
[mailto:radiator-boun...@open.com.au] *On Behalf Of *Alexande
e two different
handlers.
Ideas?
--
Best regards, Alexander Hartmaier
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*&qu
wonder if he should also look at AuthBy OTP?
> Cheers.
>
> On Tuesday, January 17, 2012 09:39:27 PM Heikki Vatiainen wrote:
>> On 01/17/2012 08:13 PM, Alexander Hartmaier wrote:
>>
>> Hello Alexander,
>>
>>> I'm trying to implement a two factor auth w
Serializing Objects, references and regexes is no easy task.
What are you trying to achieve?
I suggest you switch to a different format like JSON and only serialize
a data structure you created from the request attributes by yourself.
The internal representation of a packet could change with every
Is it really binary data that your want to store?
I suggest you serialize to a variable and log it before guessing what's
happening.
Also enable DBI trace mode to see what queries get executed:
https://metacpan.org/module/DBI#TRACING
Best regards, Alex
Am 2012-01-25 18:15, schrieb Jared Watkins:
Hi,
I've encountered another problem.
I've written a bash script that downloads the crl once a day at one
o'clock in the morning local time and restarts radiator afterwards
because of the openssl crl caching.
The CRL lifetime ends about 30 minutes later and radiator rejects all
auths after that tim
nce manual ("doc/ref.pdf").
>
> regards
>
> Hugh
>
>
> On 18 Jan 2012, at 21:16, Alexander Hartmaier wrote:
>
>> Hi Heikki and Mike,
>> I'm already using AuthBy OTP with my own ChallengeHook.
>> I've read RFC2865 yesterday
Hi Mike,
does IOS 5.1 finally support PEAP-TLS?
Best regards, Alex
Am 2012-02-09 14:08, schrieb Mike Puchol:
> Hi all,
>
> I'm testing EAP-PEAP with an iPad running iOS5.1, and even though I'm
> using an SSL certificate from Digicert, signed using SHA-1, and Digicert
> being on the list of trust
Hi,
we're doing PEAP-TLS for our WLANs and need to have different settings
per SSID.
The outer PEAP packet includes the Called-Station-Id attribute in the
form of 01-23-45-67-89-0a:SSID which I match using:
The inner TLS packet is matched by
but in case we want to have multiple SSIDs using PEAP-
"anonymous"
Thu Feb 16 09:34:34 2012: DEBUG: Handling request with Handler
'Client-Identifier="wlancontroller", Called-Station-Id=/:SSID$/,
TunnelledByPEAP=1', Identifier ''
Best regards, Alex
Am 2012-02-15 19:40, schrieb Heikki Vatiainen:
> On 02/15/2012 0
Now that our dot1x and WLAN Radiator needs to check three different crls
I've looked into a better solution for refreshing them.
While reading Radius::TLS I've stumbled over the method reloadCrls which
claims to reload the crl if the timestamp changes. Has this ever worked?
In the contextInit metho
Hi Heikki,
Am 2012-03-22 17:16, schrieb Heikki Vatiainen:
> On 03/21/2012 12:11 PM, Alexander Hartmaier wrote:
>
>> Now that our dot1x and WLAN Radiator needs to check three different crls
>> I've looked into a better solution for refreshing them.
>> While reading R
Hi Sudhir,
please use meaningful subjects for your mails!
'Radiator' for a mail to the Radiator mailing list makes no sense and finding
useful questions and answers later hard.
Thanks!
Am 2012-03-31 14:28, schrieb Sudhir Harwalkar:
Hi Heikki,
As I want to verify security feature PEAPv1 which us
EAP and OTP also requires pinning which I personally would always use.
Am 2012-05-10 16:56, schrieb James:
> I've done it -- currently in production serving an environment with
> over 80,000 users. No issues.
>
> If you're load balancing TACACS+ you should enable stickiness so that
> the session r
Note that Perl 5.12 is no longer supported because 5.16 came out yesterday.
The Perl community currently recommends to use Strawberry Perl for
Windows: http://strawberryperl.com
Best regards, Alex
Am 2012-05-21 20:08, schrieb Heikki Vatiainen:
> On 05/18/2012 05:35 PM, Johnson, Neil M wrote:
>
>
Hi Pramod,
check out the various ldap*.cfg config files in the goodies directory as a starting point.
Radiator connects on the first use, not on startup.
You can also use the radpwtst utility to test your Radiator config so be sure its ok before configuring the switch.
Also enable trace level 4
Thanks for the info Mike!
Do you know which devices support it?
We're mainly interessted in Cisco gear.
Best regards, Alex
Am 2012-05-29 22:46, schrieb Mike McCauley:
> RadSec is now an official RFC.
>
>
> -- Forwarded Message --
>
> Subject: [radext] RFC 6614 on Transport Laye
Congratulations on getting RadSec into an RFC!
Radiator and its configuration is even mentioned in the appendix.
http://www.rfc-editor.org/rfc/rfc6614.txt
--
Cheers, Alex
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wi
Good move, thanks Mike!
BR Alex
Am 2012-06-16 00:14, schrieb Mike McCauley:
> Hi All,
>
> Until now, Radiator and other products in the family used a mixture of
> Digest::SHA and Digest::SHA1, sometimes optionally and sometimes absolutely.
>
> We recently issued patches for Radiator and friends
text/html, patches-4.10.tar.gz as text/plain.
It seems the mime types for both extensions is missing or configured wrong.
--
Best regards, Alexander Hartmaier
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
# store the users mobile phone number in the Callback-Number
radius attribute
AuthAttrDef mobile,Callback-Number,request
--
Best regards, Alexander Hartmaier
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"
On 2012-10-19 11:01, Heikki Vatiainen wrote:
> On 10/18/2012 06:33 PM, Alexander Hartmaier wrote:
>
>> I've upgraded the radiator servers from 4.8 to 4.10 with current patches
>> in hope of a fix but it still shows the same behaviour:
>>
>> Sometimes it works
On 2012-10-19 11:39, Alexander Hartmaier wrote:
> On 2012-10-19 11:01, Heikki Vatiainen wrote:
>> On 10/18/2012 06:33 PM, Alexander Hartmaier wrote:
>>
>>> I've upgraded the radiator servers from 4.8 to 4.10 with current patches
>>> in hope of a fix
On 2012-10-23 23:11, Heikki Vatiainen wrote:
> On 10/23/2012 12:29 PM, Alexander Hartmaier wrote:
>
>>> In the meantime I've upgraded Net::SSLeay from version 1.32 to CPANs
>>> current 1.49 on this RHEL4 box which seems to have fixed the problem.
>>> I&#x
configuration options in the Radiator reference manual.
Best regards, Alexander Hartmaier
Network Security Engineer
T-Systems Austria GesmbH
On 2012-11-07 08:58, Murat Bilal wrote:
Hi all,
I wonder if Radiator supports tacacs protocol and command authorization. If so, can I install this scenario on
Thanks for sharing those best-practises with the list!
On 2012-12-03 17:17, Anders Bandholm wrote:
> Hi list!
>
> We have been running Radiator for several purposes for around 5 years,
> and I would like to share a few tricks that we have learned...
>
>
> Memcached
> -
>
> Memcached is dis
Hi guys,
does Radiator support OCSP?
It might be a better alternative to manually downloading CRLs and
restarting Radiator because openssl caches the CRL file.
--
Best regards, Alexander Hartmaier
*"*"*"*"*"*"*"*"*"*"*"*"*"*&qu
On 2012-12-12 14:30, Heikki Vatiainen wrote:
> On 12/07/2012 11:02 AM, Alexander Hartmaier wrote:
>
>> does Radiator support OCSP?
>> It might be a better alternative to manually downloading CRLs and
>> restarting Radiator because openssl caches the CRL file.
> Hello A
VALUEF5-LTM-User-Role-Universal Enabled1
VALUEF5-LTM-User-ConsoleDisabled 0
VALUEF5-LTM-User-ConsoleEnabled1
--
Best regards, Alexander Hartmaier
*"*"*"*"*"*"*"*"*"*"*"*"*"*&qu
rect?
No, sorry. I've only copied them from the given vendor website and
transformed it to Radiator dictionary format.
>
>
> On Wednesday, January 09, 2013 05:08:51 PM Alexander Hartmaier wrote:
>> Hi guys,
>> please add those to the dictionary (taken from
>> http
Hi Thomas,
the hooks are just regular Perl code so look at perldoc, either on the cli or
perldoc.perl.org.
You want system [1] but note that the Radiator process will wait for it to exit
until it continues process which might introduce a performance problem.
[1] http://perldoc.perl.org/functio
SSB 3300CC
> London, Ontario N6G 1G9
>
> tel: 519-661-2111 x81390
> e-mail: mihu...@uwo.ca <mailto:mihu...@uwo.ca>
>
>
>
>
>
> ___
> radiator mailing list
&
meters
into the hooks but being able to pass options in the config would make
the config much clearer.
--
Best regards, Alexander Hartmaier
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*&q
On 2013-01-31 15:31, Heikki Vatiainen wrote:
> On 01/31/2013 02:01 PM, Alexander Hartmaier wrote:
>
>> we'd need a way to pass config parameters to hooks to be able to use
>> them in multiple different handlers e.g. sending OTPs by SMS with
>> different accounts.
&g
gards
>
> Hugh
>
>
> On 1 Feb 2013, at 01:31, Heikki Vatiainen wrote:
>
>> On 01/31/2013 02:01 PM, Alexander Hartmaier wrote:
>>
>>> we'd need a way to pass config parameters to hooks to be able to use
>>> them in multiple different handle
57
> Code: Access-Accept
> Identifier: 121
> Authentic: A<195>P<232><<2>z<217>Fmg<153><185><149><16>$
> Attributes:
> Reply-Message = "whatever"
>
> Fri Feb 1 20:02:16 2013: DEBUG: Packet dump:
&g
On 2013-01-31 15:31, Heikki Vatiainen wrote:
> On 01/31/2013 02:01 PM, Alexander Hartmaier wrote:
>
>> we'd need a way to pass config parameters to hooks to be able to use
>> them in multiple different handlers e.g. sending OTPs by SMS with
>> different accounts.
&g
On 2013-02-05 19:39, Alexander Hartmaier wrote:
> On 2013-01-31 15:31, Heikki Vatiainen wrote:
>> On 01/31/2013 02:01 PM, Alexander Hartmaier wrote:
>>
>>> we'd need a way to pass config parameters to hooks to be able to use
>>> them in multiple different
On 2013-02-05 20:01, Alexander Hartmaier wrote:
> On 2013-02-05 19:39, Alexander Hartmaier wrote:
>> On 2013-01-31 15:31, Heikki Vatiainen wrote:
>>> On 01/31/2013 02:01 PM, Alexander Hartmaier wrote:
>>>
>>>> we'd need a way to pass config parame
On 2013-02-07 16:13, Heikki Vatiainen wrote:
> On 02/05/2013 08:39 PM, Alexander Hartmaier wrote:
>
>> I've looked into it today and have some questions:
>> - is it safe to assume that the list or arguments passed to the
>> ChallengeHook in my case is always ($self, $u
On 2013-02-07 22:19, Mike McCauley wrote:
> Hello,
>
> On Thursday, February 07, 2013 04:29:56 PM Alexander Hartmaier wrote:
>> On 2013-02-07 16:13, Heikki Vatiainen wrote:
>>> On 02/05/2013 08:39 PM, Alexander Hartmaier wrote:
>>>> I've looked into it to
That's because IKEv2 is no EAP method but an IPSec phase 1 standard.
Best regards, Alex
On 2013-02-26 11:02, Arya, Manish Kumar wrote:
Hi,
We are currently running Radiator 3.13. I want to confirm if we can use EAP
iKev2 with this radius server.
if not then does the latest version of radiator
Forgot to reply also to the list.
Original Message
Subject:Re: [RADIATOR] EAP iKev2 support in radiator 3.13
Date: Tue, 26 Feb 2013 13:04:37 +0100
From: Alexander Hartmaier
Organization: T-Systems Austria GesmbH
To: Arya, Manish Kumar
Hi Manish,
I suggest
After some googling I've found the answer to this question [1] asked on
this list in 2003 [2]
Seems Cisco ASAs, which where called PIX before, where called Altiga
before [3]
The current dictionary that ships with Radiator has the attributes up to
number 137.
The names in the Cisco ASA doc have som
We are using Radiator successfully for wired dot1x with PEAP-TLS and wireless
PEAP-TLS and EAP-TLS for years.
You can find quite a lot of example configs in the goodies directory all
starting with eap_.
Best regards, Alex
On 2013-02-27 14:34, benson, john wrote:
I used radiator years ago for a
On 2013-02-26 22:35, Heikki Vatiainen wrote:
> On 02/26/2013 07:04 PM, Alexander Hartmaier wrote:
>
>> After some googling I've found the answer to this question [1] asked on
>> this list in 2003 [2]
>> Seems Cisco ASAs, which where called PIX before, where called A
On 2013-02-28 18:08, Bao Tran wrote:
> Hi everyone, I'm new to this forum and of course new to linux:).
>
> I have a number of laptops on the new domain but unable to associate to the
> wireless network.
>
> When I try to connect my laptop to our wireless network by entering the
> username e.g. j
Hi Matt,
both DBD::Sybase and DBD::ODBC with FreeTDS where suggested on the
#dbix-class irc channel where some users connect to MSSQL successfully
from Linux.
DBD::ODBC requires the Linux ODBC library which is included in the
Debian package unixodbc if you run that.
Best regards, Alex
On 2013-03-
So you prefer to include obsolete entries in the default dictionary
instead of making them available in a separate file for backward compat?
If someone upgrades Radiator this doesn't mean that he replaces his
dictionary file with the one from the installation tarball.
Cheers, Alex
On 2013-03-25 2
Hi Manish,
as you have to define the nas and its radius secret anyway I suggest that you
configure a client-identifier for it and use that in your Handler(s), makes
future changes easier because you don't have to search the IP in your whole
config.
Best regards, Alex
On 2013-04-15 12:56, Arya,
gt;
> Regards,
> -Manish
>
>
> ----
> *From:* Alexander Hartmaier
> *To:* radiator@open.com.au
> *Sent:* Monday, April 15, 2013 5:25 PM
> *Subject:* Re: [RADIATOR] Syntax for handler
>
> Hi Manish,
> as you have to define the nas a
1 - 100 of 122 matches
Mail list logo
