It would be
interesting to hear which client you have or how do you plan to use this
EAP method.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside,
depends on the Windows version you are using.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS
query, or just the second?
The second. If you define UpdateQuery, it will not do the default
action, run DeleteQuery followed by AddQuery, but will only run the
UpdateQuery you have defined.
You should then see something like '... Updating session for ...'
instead of what is otherwise logg
ence?_
>
>
>
> - To enable multi-threaded through the FarmSize (ServerFarm) with IAS
> back-end, can I use a balancing algorithm alternative? There are any
> contraindications?
>
>
>
>
>
> ___
> radiator mailing lis
mnDef NASPORT,NAS-Port,integer
> AcctColumnDef PARENTSESSIONID,parent-session-id
>
> AcctSQLStatement update quotasubscribers set monthlycounter =
> monthlycounter + 0%{Acct-Output-Octets}, totalcounter = totalcounter +
> 0%{Acct-Output-Octets}, timestamp = %{Event-Timestamp} \
> wh
1 590 3008K 2488K sleep0:00 0.02% bash
>> 10821 root 1 590 8304K 2728K sleep0:00 0.01% sshd
>> 26407 daemon4 590 620M 559M sleep 19:44 0.01% nfsmapid
>>331 root 1 100 -20 2312K 1512K sleep 31:05 0.01% xntpd
>> 5013 root 25 590 6544K 4576K sleep1:01 0.01% nscd
&
e two different user (role) names
for different authorization rules. This would help to better understand
the implications of this patch.
> If needed in attach you can find my horrible patch
> I've added a Parameter (flag) "RemoteInContext" to enable/disable the option
a submitted by user, such as the
User-Name. If you need to use e.g. User-Name in a SQL query, use
prepared statements or quote() provided by SqlDb.pm. I would also make
sure uri_escape and HTTP server work correctly when passed random or
malicious data if User-Name is not sanitized beforehand.
Tha
ur
example Handler, it should work.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC,
d be easily used when the newer definitions are required.
I'll ask this to be included. That was my idea anyway, but I had not
done it yet.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, pas
net-ssleay-perl package. On
RedHat and Centos you need to install perl-Net-SSLeay. As you can see
the actual distribution package names varies from system to system.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy
rname) .
> '&pwd=peter'
> );
> if ($response->is_success)
> {
> print $response->content; # or whatever
> }
> else
> {
> die $response->status_line;
> }
> }
>
> }
>
>
setup.
Arranging the Handlers should do the trick.
# Proxy all EAP
...
# Process the rest of the messages here
...
Thanks,
Heikki
> On Wed, Mar 27, 2013 at 12:32 AM, Heikki Vatiainen <mailto:h...@open.com.au>> wrote:
>
> On 03/26/2013 10:11 AM, Jeff Lee wrote:
>
cret youllnever know
>
>
>
>
>
> or just a plain
>
> http://realm.org>> wrapper
>
>
> read proxy.cfg and proxyalgorithm.cfg in goodies
>
> alan
>
>
--
Heikki Vatiainen
Radiator: the
hen a reply is received, the processing stops before the ReplyHook is
called if there is no reply (rp) to be returned.
For details, please see AuthRADIUS.pm and the lines just before
ReplyHook is called.
Please let us know how it works.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the m
file, matching the first DEFAULT where Group
> matches one of the groups that were retrieved above.
>
> - Have AuthBy’s that don’t support Groups check just ignore it,
> instead of returning a reject.
>
>
>
> Thanks!
>
>
>
>
>
> ___
followed by . Add before the .
>
>
...
> AcctColumnDef NASPORT,NAS-Port,integer
>
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platy
on the device you are sending the CoA. You would need to
see its manual and/or experiment e.g., with radpwtst.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, F
ADIUS client.
It's getting a bit late here, so I'll now just ask if you have noticed
goodies/lookupauthgroup.pl? It uses SQL, but could still be useful as
another pointer.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere.
less infrequently (e.g., twice per hour) SQLite DB. Works very well.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Di
AuthBy LDAP2 is the preferred LDAP module to use.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TL
diusd process.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Va
>
>
>
>
>
>
>
>
>
>
> UBI amiga do ambiente: Antes de imprimir este e-mail pense bem se tem
> mesmo que o fazer. As árvores são um bem imprescindível.
>
>
>
local dictionary if Radiator log shows some are missing.
You could then utilise Diameter to Radius and Radius to Diameter
conversion hooks to process the PCRF requests and replies as required.
See goodies/diameter-server.cfg for more information about the hooks.
Thanks,
Heikki
--
Heikki Vat
nd/or omissions in its e-mail messages.
>
>
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurabl
hod in mind?
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Y
riginal Message
> Subject: Re: [RADIATOR] Adding a user through radmin gives a CGI Error
> (11-apr-2013 13:12)
> From:Heikki Vatiainen
> To: akalfster...@aksi.nl
>
>> On 04/10/2013 04:48 PM, Adwim Kalfsterman - AKSI Automatisering bv wrote:
>>
>>&g
49 00 64
> F - +31 (0)50 549 00 71
> E - akalfster...@aksi.nl
> W - www.aksi.nl
>
> ---- Original Message
> Subject: Re: [RADIATOR] Re-2: Adding a user through radmin gives a CGI Error
> (16-apr-2013 7:12)
> From:Heikki Vatiainen
> To: ak
e 5.12) you need
to keep the date below 2038-01-19. I just tested 2410 with a system
running Perl 5.14 and Radmin and DB had no problems with it.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NI
ything in
RADCOMMANDAUDIT.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMA
ently on the machines and they are not
completely identical?
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, T
the new file for a more
current set of Cisco/Altiga attributes.
> Are the names I've used ok for you?
We did not touch the names. I think they are fine.
Thanks for your help,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL,
t I I've got something wrong in my config, or I need to
> upgrade my PERL installation.
I think you only need Socket6 and this is not a configuration problem
nor a problem with the Perl installation.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configur
bove assume that Radiator and
NavisRadius communicate with each other with normal RADIUS proxying.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, T
o extend any AuthLog module
but instead you can just generate a special internal attribute that is
the hashed CSI and then log this attribute.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, pas
from the RADIUS message's (outer request) value.
> Is this expected behavior, or a bug ?
I think this is a bug. If can send you a fixed EAP_21.pm if you could
test it before it gets applied to the patches.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and con
., SQL. But the above will allow you to experiment
with Fork and SQL accounting.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, ex
heck how it works with
EAPBALANCE.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC,
Ignoring
> Fri May 10 01:08:41 2013: INFO: AuthRADIUS : No reply after 4 seconds and 3
> retransmissions to 127.0.0.1:1822 for a (129)
>
> Thanks.
>
> --
> todor
> ___
> radiator mailing list
> radiator@open.com.au
> http://w
IUS : Could not find a working host to
> forward a (4) after 4 seconds. Ignoring
> Fri May 10 16:52:12 2013: INFO: AuthRADIUS : No reply after 4 seconds and 3
> retransmissions to 127.0.0.1:1824 for a (129). Now have 1 consecutive
> failures over 0 seconds. Backing off for 300 secon
On 05/03/2013 10:05 PM, Johnson, Neil M wrote:
> Certainly, I'd be glad to test.
And the patch is now in 4.11 patches.
Thanks for testing,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+,
bute for EAP to work at all.
It might be related handling multiple State attributes. Maybe they get
reordered or just one gets forwarded by intermediate proxies or the
remote site client (wlan controller etc.) just returns one State.
Hmm, I wonder if using HASHBALANCE with State as HashAttributes v
lko
> Network Analyst
>
> Western University Canada
> Network Operations Centre
> Information Technology Services
> 1393 Western Road, SSB 3300CC
> London, Ontario N6G 1G9
>
> tel: 519-661-2111 x81390
> e-mail: mihu...@uwo.ca <mailto:mihu...@uwo.ca> <mailto:mihu...@uwo.ca>
>
>
>
>
&g
g servers and see if
they are ignoring requests because of EAP errors.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active D
> Many thanks & regards,
>
> Tim Jones
> /Technology & Quality
> /
> **
> **
> tim.jo...@fon.com <mailto:tim.jo...@fon.com>
> Skype: Tim.Jones.Fon
>
> C/ Quintanavides 15. Edificio 2, Planta 1ª
> Parque Empresarial Vía Norte, de Metrovacesa
>
might be possible by defining suitable
SQL queries, but it's hard to say more.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, ex
d you check were
there any other error messages or warnings when radiusd starts?
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external,
|
> 428504 |
>
>
>
> On Tue, 21 May 2013 23:40:26 +0300
> Heikki Vatiainen wrote:
>> On 05/21/2013 11:02 PM, rohan.he...@cwjamaica.com wrote:
>>
>>> Can Radmin work in an environment where Radiator writes a single record
>>> (containi
Hugh.
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP
the request. The start time would still be in seconds
(epoch time) but you could use AcctColumnDef with integer-date Type to
convert it to a date.
See the reference manual for the above for more.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS
{
> my $p = ${$_[0]};
> my $response = $_[2];
> &main::log($main::LOG_DEBUG, $p->{EAPIdentity} );
> $$response = $main::REJECT;
> return $main::REJECT;
> }
> but that didn't print the username and it didn't reject the
ar thing but in reverse. If the user has had a certain
> number of failed auths in the day then any subsequent Auth failures
> result in an automatic Access Accept that puts them into a walled garden
> for an hour, stops them hammering authentication with bad requests.
--
Heikki Vatia
s, uppercase or lowercase
what was left and only complain if you have something else than 12 hex
characters left.
This will drop any potential prefix or suffix and make sure the CSI will
be look the same before it gets hashed no matter which vendor's
equipment was used for the WLAN service
s not used. The failed Host will stay down
until there is a valid response to a Status-Server probe (or in special
cases, some other request generated by Hooks etc.).
Please see the details and other changes in the patch set description.
Comments and test reports are welcome!
Thanks,
Heikki
m defaults with BindAddress ipv6::: will take care of
IPv4 and IPv6 messages received by any address the host has.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Pl
le that blocks long UDP messages. The
last message Radiator sends looks quite lengthy.
Do you have EAPTLS_MaxFragmentSize configured and does adjusting its
value change anything?
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, fi
.
What kind of tokens do you have?
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, Wi
nterval 0
Identifier ipv6-mapped-ipv4-loopback
Secret mysecret
DupInterval 0
Identifier default-client
Secret mysecret
DupInterval 0
# The Reply-Message will show which client clause was selected
Filename%D/u
es to
turning PIN check off. It has to be done during the import.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Direc
h the systems that do not support it
or do not provide the option name.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, A
e is no specific timeframe set
yet. However, do you think you could help testing this when we think
IPv6 CIDR support is ready for wider testing?
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS
oyments I'd take the latest. Version 5.18 is out
too and it will most likely work fine but we have not tested it yet.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Pl
ich AuthBys you have
in common. Otherwise it's very hard to say what might be the problem.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS
On 06/19/2013 10:35 AM, Heikki Vatiainen wrote:
> The patch set for Radiator 4.11 now has changes to make Status-Server
> based detection of failed Hosts more reliable especially when there is
> more than one Host defined for AuthBy RADIUS or its subclasses.
These changes are now avai
le LDAP server.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, V
default 0 should mean bad
login count is ignore. You could also consider defining
IncrementBadLogins with empty value to disable it.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT
Reading dictionary file
'/opt/radiator/current/dictionary'
Sat Jul 6 11:20:05 2013: DEBUG: Creating authentication port 0.0.0.0:1645
Sat Jul 6 11:20:05 2013: DEBUG: Creating accounting port 0.0.0.0:1646
Sat Jul 6 11:20:05 2013: NOTICE: Server started: Radiator 4.11 on solaris11
Thanks
and referenced it from Realm with 'AuthBy identifiervalue'.
Unfortunately(?) I could not make it to fail.
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TAC
was
thrown off a bit since I was under the impression it fails with stock
4.11. That's not the case but the change is in the 4.11 patches. It's
also not specific to Solaris either.
We'll see what can be done for this. Thanks again for everyone.
Heikki
--
Heikki Vatiainen
Making this automatic is once again problematic: there is no
standard way to enumerate the interfaces to find out all addresses the
system has.
However, if there are supported ways to do all or some of the above, I
would be interested to hear more.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most
n are you currently running? We have a
couple of versions installed with perlbrew and at least 5.12.5 and
5.14.4 do not complain about setsockopt.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, pas
ks for me now. The NAKed request now gets forwarded to the original
> requester (radpwtst).
Thanks for reporting the results. If nothing special comes up the
additional messages types will be in patches soon.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and conf
is now an official IETF RFC 6614. RFC 6614 is now
included in the distribution. In accordance with RFC 6614,
the default shared secret for RadSec has been changed to
'radsec', UseTLS is enabled by default, and
TLS_RequireClientCert is enabled in Server RADSEC by default.
T
ADIUS/EAP server's
perspective. Please see goodies/eap_tls.cfg for EAP-TLS examples. I do
not think it matters to the servers side whether the private key is
stored in a TPM chip or in a file.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
ng if there are
other similar fixes needed. Meanwhile you can do a restart if you need
to reconfigure. A HUP already tears down and reinitializes everything,
so the overall effect is the same.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS serv
Not-Found
The INFO line is logged by Handler which forwards the request back to
radpwtst even if the request type was not added the the ACCEPTed request
types.
I wonder if you have a (very) old Radiator or more likely, a
configuration that causes NAKed messages to be rejected.
Thanks,
Heikki
et dump is called so that any Log ... within AuthBy etc.
module will be called instead of the dump going just to the main log file
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT,
rything not otherwise specified
> DefaultResultACCEPT
>
> Must be:
>
> DefaultResult ACCEPT
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+,
On 07/10/2013 12:50 PM, Karl Gaissmaier wrote:
> a SIGHUP to a running radiator (Version 4.11) opens an additional socket
> for AuthByRADSEC:
Fixed in the latest patches.
Thanks for reporting this,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable
bit problematic, though. This attribute is
the only identifier that currently maps responses to requests with
RadSec. If the other proxies mangle it, it would be essential to find
and fix them.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS serv
own for memberof?
Most likely because the memberof LDAP attribute value is in CN=...
format. When attribute is added in the request, CN is taken as the
attribute name and the rest (...) as the value.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADI
On 07/15/2013 05:18 PM, Karl Gaissmaier wrote:
> there is a missing whitespace in the documentation:
Hello Charly,
this will be fixed in the next ref.pdf.
> > DefineFormattedGlobalVar system mysystem
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, fle
but it will be proxied back
just like an ACKed reply.
However, rejected accounting messages are dropped. The RADIUS spec does
not specify how to reject accounting messages, so there's no
Accounting-Rejected message type to send back. You get drops instead.
Thanks,
Heikki
--
Heikki Vatiain
there is no Accounting-Reject message type to send back.
About the conversion: are you doing the conversion so that you can log
the various RFC 5176 replies? Would a separate log file type à la
AuthLog be the way to solve this?
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable,
vides.
For UDP extended identifier space can also be useful. For example, when
there are strict firewall rules that restrict what the source ports can be.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files,
ed fine? I'm thinking of the alternatives at hand: sticking with
Proxy-State extented IDs (using one TCP connection) or using the port
numbers (multiple TCP connections) for ID space extension?
Thanks for your input!
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and c
US so it's not a problem of
using a proxy.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TL
reclaims all addresses that have
exceeded their expiry time.
> Does anybody have any pointers please?
Please see ReclaimQuery and AddressAllocator SQL and DHCP in the
reference manual. The goodies directory also containts examples, see
goodies/addressallocator*
Thanks,
Heikki
--
Heikki
s. An example of
reply attributes, or reply items, is inside the braces {}.
For quick testing you could also try goodies/tacacsplustest. Something
like this should match the about AuthorizeGroup:
perl goodies/tacacsplustest -port 4949 -trace 4 -noacct -user heinzdb
-author_args service=shell,cmd
in the latest 4.11 patches. It's a new module that does
asynchronous communication.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, ex
with
> dprill [dprill]
> Tue Aug 6 15:39:07 2013: DEBUG: Radius::AuthFILE ACCEPT: : dprill [dprill]
> Tue Aug 6 15:39:07 2013: DEBUG: EAP result: 3, Wait for peer challenge
> Tue Aug 6 15:39:07 2013: DEBUG: AuthBy FILE result: CHALLENGE, Wait for
> peer challenge
> Tue Aug
separately. This
allow checking the configuration without activating the modules and
causing error messages related to e.g., binding to ports.
Those who have their custom modules may want to see e.g. AuthTEST for an
example how to apply the changes to their own modules.
Thanks,
Heikki
--
Heikki
ilable in the latest Radiator patch set for Radiator 4.11.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,
ested in taking a
further look at this.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS,
DIUS unless LocalAddress is defined.
>
>
> Host 192.0.2.20
> Secret FooBar
> AuthPort 1645
> NoForwardAccounting
> LocalAddress 10.0.0.2 # without this line no radius packet is
> sent according to tcpdump
>
>
Thanks,
H
ents the counters for all
modules that the request visited.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Director
If needed, we can also provide customisation help.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, T
, CIDR notation is now supported for IPv6 clients:
...
...
Any comments and test reports are appreciated.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus
ess binding, IPv6 related attributes, IPv6 CIDR
clients, required modules, RFCs, etc. - all gathered in one place.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platy
PHP's crypt with salt) before comparing against database.
A better way to do this is to let Radiator know what the DB has. In this
case you need to tell it the DB has MySQL hashes.
> Does anyone have a solution to this?
Please let us know if the above helps.
Thanks,
Heikki
--
Heik
601 - 700 of 1068 matches
Mail list logo
