Hello Subash -
You can use the radpwtst utulity included with Radiator to generate any RADIUS
request, including Disconnect-Request and Change-Filter-Request.
Something like this (using whatever attributes are required by your NAS
equipment):
perl radpwtst -noauth -noacct -s n.n.n.n
) wrote:
> Hi Hugh,
>Thanks. Any idea about the MA attribute? I will give this a shot.
>How do I raise a bug on RADIATOR?
>
> Thanks & Regards,
> . . . . Subash
> Changing the Way We Live, Work, Play and Learn
>
> -Original Message-
> From: Hu
Hello Adam -
The error message you show below indicates your database is not running (or is
unreachable for some reason).
regards
Hugh
On 22 Jun 2010, at 15:03, Adam Gerson wrote:
> Well, nothing has changed in my config file and my database is still up
> and working. I have not used Radia
e Way We Live, Work, Play and Learn
>
> -Original Message-
> From: Hugh Irvine [mailto:h...@open.com.au]
> Sent: Tuesday, June 22, 2010 11:52 PM
> To: Subash Comerica (subashtc)
> Cc: radiator@open.com.au
> Subject: Re: [RADIATOR] Radiator CoA
>
>
> Hello Subash
rted at (eval 8) line 20, <_> line 575.
> ...caught at /usr/local/src/Radiator/Radiator-Locked-4.6/radiusd line
> 2, <_> line 575.
>
>
>
>
> --
> Adam Gerson
> Assistant Director of Technology
> Columbia Grammar and Prep School
> phone. 21
Hello Andrew -
I suggest something external to Radiator (like a cron job) to periodically scan
the file and lowercase the usernames.
regards
Hugh
On 24 Jun 2010, at 02:33, Andrew D. Clark wrote:
> Hi all,
>
> I know there's a feature for case-insensitive password matching, and I know I
>
service-policy input AutoQoS-Police-CiscoPhone
> end
>
>
> If I take out the static voice-vlan assignment from the interface the
> RADIUS reply puts the phone into the correct VLAN. I did read
> somewhere that "dynamic" vlan assignment for the voice-vlan wasn't
>
Hello Rajesh -
Mike is away until next week.
regards
Hugh
On 25 Jun 2010, at 18:20, Rajesh Thota wrote:
> Hi Mike,
>
> Appreciate your quick response. I modified the code to pull 3 triplets from
> the HTTP server and pass it like this. I also modified the radius.cfg
> (NumTriplets 3).
>
Hello Adam -
The dictionary is the file that contains all of the RADIUS attribute
definitions for the standard set plus all the vendor specifics.
The error you show is due to a missing vendor-specific for vendor 9967 which is
listed as Bluesocket.
You should ask Bluesocket for their vendor-sp
ol
> phone. 212-749-6200 ex. 321
> fax. 212-428-6806
> ager...@cgps.org
> http://www.cgps.org
>
> On 6/24/10 5:10 AM, Hugh Irvine wrote:
>>
>> Hello Adam -
>>
>> Try this:
>>
>>
>> /opt/local/bin/perl -I /usr/local/src/Radiat
Hello Alex -
Thanks for letting us know about this.
Should be fixed in the latest Radiator 4.6 patches.
regards
Hugh
On 28 Jun 2010, at 18:35, Alexander Hartmaier wrote:
> Hi,
>
> Radiator doesn't send the RejectReason when using AuthHANDLER but instead the
> hardcoded return string from
Hello Alex -
I have not been able to reproduce this problem here.
The only thing I can think of is some DNS lookup (or similar) that is taking a
long time.
Is there any more information you can provide?
regards
Hugh
On 1 Jul 2010, at 01:28, Alexander Hartmaier wrote:
> Hi,
>
> I'm fighti
Hello Mark -
See sections 5.36.3 and 5.36.4 in the Radiator 4.6 reference manual
("doc/ref.pdf").
regards
Hugh
On 20 Jul 2010, at 08:42, Mark Bassett wrote:
> My question is in regards to the SSLCAClientCert and SSLCAClientKey
> parameters. What certificate files is it looking for? I hav
# only need to set one of the following
> #SSLCAPath /path/to/CA/cert/dir
> SSLCAFile /path/to/file/containing/certificate/of/CA.pem
> Hint: You only need to set one of SSLCAFile or SSLCAPath, not both.
> Hint: All LDAP2 certificates are required to be in PEM format.
> Hint: If
Hello Andrew -
I'll add them today.
thanks and regards
Hugh
On 21 Jul 2010, at 01:14, Andrew Clark wrote:
> Hi,
>
> any chance the latest Coova Chilli dictionary could be integrated into the
> Radiator dictionary? Radiator has some of the attributes but Coova Chilli
> has added some add
Hello Andrew -
Now added.
regards
Hugh
On 21 Jul 2010, at 01:14, Andrew Clark wrote:
> Hi,
>
> any chance the latest Coova Chilli dictionary could be integrated into the
> Radiator dictionary? Radiator has some of the attributes but Coova Chilli
> has added some additional useful ones.
Hello Martin -
There are two different tables, for different purposes.
See sections 5.2 and 5.3 in the Radiator 4.6 reference manual ("doc/ref.pdf").
regards
Hugh
On 23 Jul 2010, at 13:11, Martin Edge wrote:
> Actually, %d, is the right one, it seems.
>
> Thanks
> Martin.
>
> From: radi
Hello Greg -
Here is a copy of an existing configuration that I have tested:
# RADIUS EAP-MD5 for Cisco IP
Phones---
RewriteUsername s/(.+)SEP([0-9a-fA-F]{12})$/$2/
NoDefault
Host
Hello Stan -
Can you please send me a copy of your Radiator configuration file together with
a more complete trace 4 debug and a copy of the customer record(s) from the
database?
thanks and regards
Hugh
On 28 Jul 2010, at 19:04, Stanley Thomas wrote:
> -BEGIN PGP SIGNED MESSAGE-
>
Hello Stan -
Many thanks for the additional information.
We have found and fixed a bug relating to "Max-All-Session" (and friends).
The fix is in the latest Radiator 4.6 patch set.
regards
Hugh
On 28 Jul 2010, at 19:04, Stanley Thomas wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA
Hello Vangelis -
Bruno is correct -
perl radpwtst -trace 4 ……
regards
Hugh
On 30 Jul 2010, at 00:08, Bruno Tiago Rodrigues wrote:
> Vangelis:
> Have you tried adding the -trace option to radpwtst?
>
> On Jul 29, 2010, at 12:48 PM, Vangelis Kyriakakis wrote:
>
>> Hello,
>>
>>
cy"
> Acct-Session-Id = "015B4AA9"
>
> OK
>
> As you can see although the NAS sends back a CoA-NAK packet with Session
> Context Not Found, radpwtst outputs just OK.
> Any Ideas?
>
> Regards
> Vange
Hello Andrew -
As usual I will need to see a copy of the configuration file and a trace 4
debug showing the whole packet sequence when this problem occurs.
regards
Hugh
On 31 Jul 2010, at 01:19, Andrew Clark wrote:
> Hi,
>
> I'm not sure this is actually a Radiator problem, but I'm seeing
Hello Vangelis -
Thanks for reporting this - now fixed in the latest Radiator 4.6 patches.
regards
Hugh
On 30 Jul 2010, at 21:20, Hugh Irvine wrote:
>
> Hello Vangelis -
>
> You are quite right - I'll fix this tomorrow.
>
> regards
>
> Hugh
>
>
&
Hello Richard -
Yes correct - Radiator is sending a DHCP request, but the DHCP server is not
responding, presumably because it doesn't understand the request.
You will need to check the DHCP server log to find out what it thinks the
problem is.
I am guessing, like Alan, that the problem is th
Hope you can help.
>
> Cheers,
>
> Richard
>
> -Original Message-
> From: Hugh Irvine [mailto:h...@open.com.au]
> Sent: 04 August 2010 09:57
> To: Richard Fenner
> Cc: Alan Buxey; radiator@open.com.au
> Subject: Re: [RADIATOR] Radiator with Windows Server 2008
ows.
>
> If you can think of anything else that may be the problem then it would
> be greatly appreciated if you could let me know.
>
> Cheers,
>
> Richard
>
> -Original Message-
> From: Hugh Irvine [mailto:h...@open.com.au]
> Sent: 04 August 2010 10:54
Hello Arthur -
When you specify "FarmSize 4" in your configuration file, you are telling
Radiator to start 4 child processes, all of which listen on the AuthPort and
AcctPort you have specified.
The parent process does not handle any RADIUS requests itself, so although you
have increased the
Hello Arthur -
Well if you only use FarmSize on its own, the children will round-robin taking
packets from the socket queue.
In your case I see you are only processing accounting requests, so I am
guessing that if you only process accounting starts and accounting stops, two
of the processes a
Hello Adrian -
It looks like you have not correctly installed the prerequisites for ADSI.
See section 5.41 in the Radiator 4.6 reference manual ("doc/ref.pdf").
If you are running on Windows I suggest the AuthBy LSA clause instead, which is
much more flexible.
See section 5.51 in the manual.
Hello Arthur -
Radiator operates as a Diameter to RADIUS translation gateway.
That is to say that incoming Diameter requests are converted to RADIUS requests
that are processed in the normal way.
So yes, if your frontend has a clause it will translate the
Diameter requests to RADIUS requests
Hello Robert -
Can you please send me a copy of the configuration file and a complete trace 4
debug from a terminal session like this:
cd /your/Radiator-4.7/source
perl radiusd -foreground -log_stdout -trace 4 -config_file
/your/Radiator/configuration
….
Use you loca
Hello Adrian -
See section 16.5 in the Radiator 4.7 reference manual ("doc/ref.pdf").
regards
Hugh
On 12 Aug 2010, at 18:24, adrian wrote:
> Hi:
>
> How can I run Radiator as a service in Windows 2003 64 bits?
>
> Regards
> Adrian
> ___
> radiat
Hello Kris -
I will need to see a copy of the configuration file and a trace 4 debug showing
what is happening.
regards
Hugh
On 17 Aug 2010, at 09:42, Kris Amy wrote:
> Hi All,
>
> We currently have Radiator acting as a proxy forwarding to many real
> servers behind it. This is done base
Hello Tarko -
Thanks for your mail.
The problem here is due to "00" being used in an ASCII string.
RFC4679 (http://www.ietf.org/rfc/rfc4679.txt) indicates that this attribute
should be a printable string - hence our definition as "string".
If you want to get at the binary data you should chan
Hello Tarko -
You can try a PreClientHook in more recent versions of Radiator to access the
request before it is unpacked.
regards
Hugh
On 17 Aug 2010, at 15:51, Tarko Tikan wrote:
> hey,
>
>> The problem here is due to "00" being used in an ASCII string.
>
> That is what I was thinking a
Hello Tarko -
Then just redefining the attribute as "binary" is the way to go.
regards
Hugh
On 17 Aug 2010, at 16:32, Tarko Tikan wrote:
> hey,
>
>> You can try a PreClientHook in more recent versions of Radiator to access
>> the request before it is unpacked.
>
> According to my debug lo
Hello Adrian -
I will need to see a copy of the configuration file and a trace 4 debug showing
what happens in both cases.
regards
Hugh
On 18 Aug 2010, at 19:28, adrian wrote:
>
>Hello:
>
> I have two Server with the same Radiator configuration. The server with
> AD 2003 work fin
Hello Andrea -
You just need to run Radiator directly from the distribution source directory:
cd /your/Radiator/source/directory
perl test.pl
……
perl radiusd -foreground -log_stdout -trace 4 -config_file
/your/Radiator/configuration/file
…..
hed reading configuration file
> 'radius.cfg'
> Thu Aug 19 21:17:41 2010: ERR: Incorrect LicenseKey. For keys, contact
> in...@open.com.au
> Incorrect LicenseKey. For keys, contact in...@open.com.au
> r...@metarouter:/Radiator-Locked-4.7#
>
>
> Keep in mind this is an evalu
Hello Andrea -
The FAQ now has an item on this topic.
http://www.open.com.au/radiator/faq.html#188
regards
Hugh
On 20 Aug 2010, at 10:58, Mike McCauley wrote:
> Hi Andrea,
>
> thats a good tip. Thanks.
>
> I have installed openwrt kamikaze x86 under qemu here and perl as advised.
Hello Heikki, Hello Dave -
Correct.
Historically we had a PreClientHook and a PreHandlerHook in the Client
clause(s), however when vendors began encrypting attributes, we needed to
provide a hook that fired after the attributes were decoded. Hence we came up
with the ClientHook that can be sp
of Radiator for linux? I know I could run an eval on Windows.
>
> Regards
> Andrea
>
>
> -Original Message-
> From: Hugh Irvine [mailto:h...@open.com.au]
> Sent: 20 August 2010 7:05 AM
> To: Andrea Coppini (AIR Networks)
> Cc: radiator list
> Subject:
Hello Adrian -
I would suspect a difference in the configuration of the AD 2008 schema and/or
the user settings therein.
Have you checked the log messages from AD 2008?
As mentioned previously, I would be more inclined to use the AuthBy NTLM clause
on *NIX, or the AuthBy LSA clause on Windows
<_> line 575.
> BEGIN failed--compilation aborted at (eval 8) line 20, <_> line 575.
>...caught at radiusd line 2, <_> line 575.
> r...@openwrt:/Radiator-Locked-4.7#
>
>
> I have tried goodies/simple.cfg, ./radius.cfg and ./radius2.cfg. All the
>
Hello Mark -
Can you please send me a copy of the full configuration file and a trace 4
debug showing the startup messages and a more complete log showing the whole
sequence?
thanks and regards
Hugh
On 21 Aug 2010, at 01:10, Pearson, Mark wrote:
> Hi, I currently have Radiator for Windows
Hello Arthur -
The usual cause for this is your Radiator server has timed out and sent a retry
before the first reply has come back.
The first reply then comes back which Radiator processes normally, then the
second reply comes back but Radiator has already dealt with the request with
the fir
that Michael Harlow was getting similar errors so I added
> UsernameMatchesWithoutRealm but its made no difference.
>
>
> regards
> Mark Pearson
> Senior Technical Support Analyst
> Information Systems
> Nottingham Trent University
>
> tel: 0115 8488287
>
>
Hello Neil -
You have an incorrect shared secret for a client device and/or proxy RADIUS
target.
regards
Hugh
On 27 Aug 2010, at 11:04, Johnson, Neil M wrote:
> I’ve just begun getting tools of these error messages in my log files. What
> does it mean ?
>
> Thu Aug 26 18:20:05 2010: WAR
x27;m
> investigating with the upstream radius server vendor.
>
> Thanks.
>
> -Neil
>
> --
> Neil Johnson
> Network Engineer
> Information Technology Services
> The University of Iowa
> Work: 319 384-0938
> Mobile: 319 540-2081
> Fax: 319 355-2618
>
f Iowa
> Work: 319 384-0938
> Mobile: 319 540-2081
> Fax: 319 355-2618
> E-mail: neil-john...@uiowa.edu
>
>
> -Original Message-
> From: Hugh Irvine [mailto:h...@open.com.au]
> Sent: Friday, August 27, 2010 5:47 PM
> To: Johnson, Neil M
> Cc: radiato
Hello Neil -
Thanks - I'll add them later today.
regards
Hugh
On 31 Aug 2010, at 13:10, Johnson, Neil M wrote:
>
> With System Directory Release 4.0 Meru Networks is now returning some vendor
> Specific Attributes in their Interim Accounting Requests.
>
> The following Dictionary defini
Hello Kukas, Hello Christian -
I agree with Christian - in my consulting practice I almost always find that it
is preferable to set up frontend / multiple backend instances of Radiator
designed to break up processing into separate processes running on different
ports.
At the very least you sh
Hello Alex -
Thanks - we'll check this for the next release.
regards
Hugh
On 7 Sep 2010, at 03:56, Alexander Hartmaier wrote:
> The 4.7 ref manual says on page 46:
>
> A comma-separated list of flag names as field 25
>
> But the code says:
>$client->set('ClientHook', $self->file_su
Hello Neil -
As far as we are aware there shouldn't be any problem.
If you have any trouble with your testing please send us a copy of your
configuration file and a trace 4 debug from Radiator showing what is happening.
>From the history file for Radiator 4.6
>(http://www.open.com.au/radiator
Hello Heikki -
We hope to be able to address this next week.
regards
Hugh
On 9 Sep 2010, at 06:12, Heikki Vatiainen wrote:
> On 08/24/2010 11:07 AM, Heikki Vatiainen wrote:
>
>> % rpm -i --test Radiator-4.7-1.noarch.rpm
>> error: Failed dependencies:
>> rpmlib(PayloadIsLzma) <= 4.4.2-1 is
Hello Greg -
I tend to prefer Handler's that match, rather than not.
So I would do something like this:
…..
# deal with phones
…..
# deal with whatever else (if required)
…..
…..
# deal with everything else
…..
…..
hope that helps
regards
Hugh
On 10 S
Hello Matthew -
When asking questions please include the configuration file you are using
together with a trace 4 debug when testing from the command line like this:
cd /your/Radiator/source/directory
perl radiusd -foreground -log_stdout -trace 4 -config_file
/your/Radiator/c
oginWindow 10
> DelayWindow 4
> TimeStep 60
> # You can also support EAP-OTP and/or EAP-GTC, besides PAP
> EAPType OTP GTC
> #EAPType GTC OTP
>
>
>
>
> The systems is running Ubuntu 10.04 64 bit under vmware ES
Hello Matthew -
I don't think you have done anything wrong - but the debug shows the client is
sending an MSCHAP-V2 request, which as you can see is not supported by the
AuthBy SQLHOTP clause.
regards
Hugh
On 13 Sep 2010, at 15:57, Matthew Reeves-Hairs wrote:
> Hi,
> I'm getting the follo
Hello Bob -
We will need to see a copy of the configuration file and a more complete trace
4 debug showing the startup messages as well as what is happening with the
requests.
For the most flexibility I suggest the AuthBy NTLM clause on *NIX and the
AuthBy LSA clause on Windows.
regards
Hug
Hello Jhonny -
We hope to address this problem this week.
In the meantime I suggest the source tarball.
regards
Hugh
On 14 Sep 2010, at 11:45, JHONNY FREIRE DE OLIVEIRA wrote:
> Hi,
>
> I’m unable to install Radiator 4.7.1 under RHEL 5.5, apparently, due to an
> unsupported compression f
UsernameAttr sAMAccountName
>ServerChecksPassword
>AuthDN x
>AuthPassword x
>BaseDN dc=PSU, dc=X, dc=PDX, dc=EDU
>SearchFilter (&(%0=%1)(x))
>AddToRe
Hello Heikki -
New RPM now available on the web site.
regards
Hugh
On 9 Sep 2010, at 06:12, Heikki Vatiainen wrote:
> On 08/24/2010 11:07 AM, Heikki Vatiainen wrote:
>
>> % rpm -i --test Radiator-4.7-1.noarch.rpm
>> error: Failed dependencies:
>> rpmlib(PayloadIsLzma) <= 4.4.2-1 is needed
Hello Adrian -
The debug you include below only shows an access request, not an accounting
request.
If you are not receiving any accounting requests from your NAS, you will not
see anything in the debug.
You will need to check the configuration of your NAS equipment to verify if it
is sendin
Hello Michael -
We'll need to see a copy of the configuration file (no secrets), together with
a more complete trace 4 debug showing what is happening.
We will also need to know what hardware/software platform you are running on,
what version of Perl, what version of DBI/DBD, what SQL database
term_cause`,`timestamp`,`type`,`uid`,`upload`,`zone`)
> values
> ('0','dsltest','116','192.168.100.100','192.168.100.1','testing','0620','4','dsltest','User-Request','1284664794','
Hello Michael -
The behaviour you observe is in fact what the code does - the manual does not
correctly describe this behaviour.
The manual has been amended for the next release.
Thanks for letting us know.
regards
Hugh
On 16 Sep 2010, at 15:31, Hugh Irvine wrote:
>
> Hello M
Hello Heikki, Hello Jethro -
Yes correct - if you want the decoded values you should use a ClientHook
instead of a PreClientHook.
regards
Hugh
On 17 Sep 2010, at 10:02, Heikki Vatiainen wrote:
> On 09/17/2010 05:43 PM, Jethro R Binks wrote:
>
>> With reference to the problem I observed whe
Hello Dan -
You have two options - both will show you the Perl crash message(s).
1. run radiusd by hand from the command line:
cd /your/Radiator/source/directory
perl radiusd -foreground -log_stdout -trace 4 -config_file
/your/Radiator/configuration/file
…..
2. use r
Hello Matthew -
The current implementation conforms to draft-mraihi-totp-timebased-06.txt,
which has nothing to say about replay attacks (though perhaps it should).
regards
Hugh
On 18 Sep 2010, at 23:12, Matthew Reeves-Hairs wrote:
> Hi,
> I have notice that with TOTP even with the TimeSt
Hello Alex -
See section 5.7.3 in the Radiator 4.7 reference manual ("doc/ref.pdf").
regards
Hugh
On 22 Sep 2010, at 05:01, Martin Burton wrote:
> Hi Alex,
>
> You need to make sure that RefreshPeriod is set in your config file. It
> defaults to 0, which means the SQL query is performed on
g or forwarding of this email and/or its attachments is unauthorised.
>> If you have received this email in error please notify the sender by email
>> and delete this message and any attachments immediately. Nothing in this
>> email shall bind the Company in any contract or
Hello Todd -
Thanks for sending the relevant information with your question - it certainly
helps.
>From what I can see, as do you, Radiator appears to be operating correctly -
>the final MSCHAP-V2 challenge is sent to the client, and presumably the client
>just starts the negotiation again?
Hello Markus -
You can do this already with the AuthenticationStartHook.
See the code immediately following what you show below.
regards
Hugh
On 25 Sep 2010, at 03:09, Markus Moeller wrote:
> Hi,
>
> Would it be possible to map also the privilege level from the tacacs request
> into a r
Hello Markus -
Further to this, these values are now passed to the hook in the latest Radiator
4.7 patch set.
regards
Hugh
On 25 Sep 2010, at 08:51, Hugh Irvine wrote:
>
> Hello Markus -
>
> You can do this already with the AuthenticationStartHook.
>
> See the code imm
;
> Also it looks more like the Hook is replacing the standard authentication
> handling and is not what I want.
>
> Anyway why does this basic TACACS attribute need special treatment ?
>
> Thank you
> Markus
>
> - Original Message - From: "Hugh Irvine&quo
;
> Thank you
> Markus
>
> - Original Message - From: "Hugh Irvine"
> To: "Markus Moeller"
> Cc:
> Sent: Sunday, September 26, 2010 5:36 AM
> Subject: Re: [RADIATOR] (RADIATOR) enable privilege levels for TACACS+ server
>
>
>
> Hel
Hello Waldemar -
On 27 Sep 2010, at 18:40,
wrote:
> Hello,
>
> I try to implement the mapping of AD groups to TACAS+ groups.
>
> Witch AuthAttrDef memberOf,tacacsgroup,reply will be the complete LDAP string
> delivered:
> tacacsgroup = CN=ASAADMINS,DC=adtest,DC=corporate,DC=net
>
>
Hello Waldemar -
If you already know the group from the SearchFilter query, you can just use an
AddToReply like this:
###
Identifier ASA-Admin
Hostw3kvm.adtest.corporate.net
HoldS
Hello Bruno -
A server such as you describe should be able to do several thousand requests
per second.
However, as you say, you will need to take into account proxy response times in
the overal system design.
There were some benchmark figures posted by one of our OEM customers a year or
so a
Hello -
Radiator will work fine in this environment - many of our customers use the
same Cisco controllers.
You will find a great many example configuration files in the "goodies"
directory of the Radiator distribution.
Note that the most recent release is Radiator 4.7 (plus patches).
Your b
Hello Greg -
I have seen both methods used - it is really your preference.
regards
Hugh
On 8 Oct 2010, at 01:42, Gregory Fuller wrote:
> I'd like to go through and separate out my authentication, accounting,
> and tacacsplus radiator configurations each into its own separate
> radiator insta
Hi Neil -
Thanks for letting us know.
regards
Hugh
On 12 Oct 2010, at 06:12, Johnson, Neil M wrote:
>
> Because Tk is no longer supported, Tkx is.
>
> -Neil
>
>
> --
> Neil Johnson
> Network Engineer
> Information Technology Services
> The University of Iowa
> Work: 319 384-0938
> Mobil
Hi Dave, Hi Greg -
You can also use "include …" files to simplify configuration file management.
regards
Hugh
On 12 Oct 2010, at 05:37, Dave Kitabjian wrote:
> fyi,
>
> You can also run separate instances with all pointing to a common config
> file, if that's simpler. That works if you can
Hello Markus -
Radiator is operating as intended.
See section 5.86 in the Radiator 4.7 reference manual ("doc/ref.pdf").
regards
Hugh
On 18 Oct 2010, at 07:27, Markus Moeller wrote:
> With bug I mean is it intended to add the av pair to the authorisation
> exchange ? I would have thought t
gt; mean that all authentication AND authorization replys have priv-lvl=12 in
> their reply ? That is what I see and not expect and can't see in the
> documentation.
>
> Markus
>
> - Original Message - From: "Hugh Irvine"
> To: "Markus Moeller"
Hello Ian -
You will need to use something like a PostProcessingHook to deal with the reply
attributes in the reply packet.
There are numerous examples of various hooks in the file "goodies/hooks.txt".
regards
Hugh
On 27 Oct 2010, at 00:05, Ian Mordey wrote:
> Hi there
> I’m trying to repl
Hello Gilbert -
As the debug below shows, you have not installed Net-SSLeay (and of course you
also need OpenSSL).
regards
Hugh
On 27 Oct 2010, at 08:37, Gilbert T. Gutierrez, Jr. wrote:
> I need to setup EAPS TTLS and am having difficulties. I have not populated
> the user details nor ha
;
>$rp->delete_attr('Framed-Route');
>$rp->parse(&main::getVariable($profile));
>}
>return;
> }
>
>
Hello Waldemar -
You will need to set up nested authentication to match your requirements, using
the AuthBy GROUP to match what you need to do.
For example:
…..
AuthByPolicy ContinueUntilAccept
AuthByPolicy ContinueWhileAccept
AuthBy ASA_
Hello Garth -
Here is the first problem:
Tue Nov 2 11:34:34 2010: INFO: Connecting to ldapserver:389
Tue Nov 2 11:34:34 2010: ERR: Could not open LDAP connection to
ldapserver:389. Backing off for 90 seconds.
Tue Nov 2 11:34:34 2010: DEBUG: EAP result: 1, EAP MSCHAP V2 failed: no such
user
Hello Alex -
Yes Radiator keeps the connection open by default.
You will need a hook, or a local modification to the code to alter the
behaviour.
regards
Hugh
On 3 Nov 2010, at 22:03, Alex Sharaz wrote:
> Hi all,
>
> I've seen a couple of messages relating to ClientListSQL issues.
>
> Ca
Hello Markus -
Because most people want it enabled.
regards
Hugh
On 5 Nov 2010, at 06:45, Markus Moeller wrote:
> That solved it. Why is this not the default ?
>
> Thank you
> Markus
>
> - Original Message -
> From: "Sami Keski-Kasari"
> To: "Markus Moeller" ;
> Sent: Wednesday
Hello Ricardo -
You need to look at a trace 4 debug from Radiator with LogMicroseconds enabled
so you can see how long each processing step is taking.
I tend to agree that the most likely cause of the problem is slow database
response.
regards
Hugh
On 9 Nov 2010, at 07:47, Alan Buxey wrote
Hello Neil -
The way to do this is to either return the real username in the access accept
(or a Class attribute), or use the accounting hook.
Many NAS devices will use the User-Name returned in the access accept for
subsequent accounting records for the session.
All NAS devices should return
Hello Ricardo -
There should be no differences in the configurations.
However, you should *always* test in the lab before deploying in production.
regards
Hugh
On 26 Nov 2010, at 04:25, Ricardo Freitas wrote:
> Hello Guys
>
> Could any of you guys tell me what are the implications of updat
Hi Mike -
This is quite strange - I would have expected the source IP address to be
intact by default.
Otherwise you can use the value of the NAS-IP-Address attribute to rewrite the
source IP address with a rule on the F5.
I did something similar a few years ago when there was a Radiator prox
Hello Sergio -
Its included with Radiator.
http://www.open.com.au/radiator/ref.pdf
See section 5.88.
regards
Hugh
On 14 Dec 2010, at 13:31, sergio wrote:
> Hello list
>
> Someone already made or used a web interface to manage the Radiator?
> ___
Hello Sergio -
See section 5.15 in the manual.
http://www.open.com.au/radiator/ref.pdf
regards
Hugh
On 14 Dec 2010, at 14:58, sergio wrote:
> Hello list
>
> I'm needing to build graphs MRTG / CACTI (snmp) to monitor endorsements for
> Radiator
>
> Best Regards
> _
501 - 600 of 5222 matches
Mail list logo
