Freeradius-Users Digest, Vol 17, Issue 8
Ravi S M
smravi at TechMahindra.com
Mon Sep 4 06:24:40 CEST 2006
Hi Alan DeKok
Thanks for Answers, actually I was replied for your questions but those were bouncing back. So you have mistaken. Any how sorry for that.
Thanks & Regards
Ravi
-----Original Message-----
From: freeradius-users-bounces+smravi=techmahindra.com at lists.freeradius.or.g [mailto:freeradius-users-bounces+smravi=techmahindra.com at lists.freeradius.or.g] On Behalf Of freeradius-users-request at lists.freeradius.org
Sent: Saturday, September 02, 2006 10:08 PM
To: freeradius-users at lists.freeradius.org
Subject: Freeradius-Users Digest, Vol 17, Issue 8
Send Freeradius-Users mailing list submissions to
freeradius-users at lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
freeradius-users-request at lists.freeradius.org
You can reach the person managing the list at
freeradius-users-owner at lists.freeradius.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Re: Everything lookslike it works, but PC is not authentified
(Alexandros Gougousoudis)
2. Re: Everything lookslike it works, but PC is not authentified
(Alexandros Gougousoudis)
3. Regarding handling of threads (Ravi S M)
4. Re: Everything lookslike it works, but PC is not authentified
(Alan DeKok)
5. Re: Regarding handling of threads (Alan DeKok)
6. Proxy IP Address (Doug Hardie)
----------------------------------------------------------------------
Message: 1
Date: Sat, 02 Sep 2006 12:58:48 +0200
From: Alexandros Gougousoudis <gougousoudis at kh-berlin.de>
Subject: Re: Everything lookslike it works, but PC is not authentified
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <44F963E8.6060803 at kh-berlin.de>
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Hi,
Stefan Winter schrieb:
> this list, is that the server cert doesn't have the MS TLS Web Server
> Authentication OID in the cert. Please read the various documentation about
Nope, the cert has this extension. I checked that again and again.
Server is in DNS and the CN of the cert is the FQDN of the server. The
CN of the PC is the netbios-name. Both certs have their extenstion
(Webserver and Client). Maybe it's something else?
TIA
Alex
--
ServiceCenter IT - Alexandros Gougousoudis (Leiter)
Gemeinsame Einrichtung der Kunsthochschule Berlin-Weissensee, Hochschule
für Musik "Hanns Eisler" und der Hochschule für Schauspielkunst "Ernst
Busch".
Tel.: 030 / 477 05 - 444 * Fax.: 030 / 477 05 - 445
------------------------------
Message: 2
Date: Sat, 02 Sep 2006 13:03:29 +0200
From: Alexandros Gougousoudis <gougousoudis at kh-berlin.de>
Subject: Re: Everything lookslike it works, but PC is not authentified
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <44F96501.5070700 at kh-berlin.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Hi,
K. Hoercher schrieb:
> 1. Don't set Auth-Type. See
> http://deployingradius.com/documents/configuration/auth_type.html
Thanks to your reply. The problem is, there are now a lot of partial
howtos in the net, but not even one covers all. I did that, because it
was in an howto... I'll try something else.
and finally what the supplicant sends. What is "host/vinfo-t1"
> supposed to be?
vinfo-t1 is the netbiosname of the client, the realm(?) host/ comes from
Windows or the AP, I don't know. Probably it breaks the cert, because
the name differs and this bothers EAP/TLS. But I don't know how to
handle or shorten this. Maybe somebody has a good idea to handle that.
TIA Alex
--
ServiceCenter IT - Alexandros Gougousoudis (Leiter)
Gemeinsame Einrichtung der Kunsthochschule Berlin-Weissensee, Hochschule
für Musik "Hanns Eisler" und der Hochschule für Schauspielkunst "Ernst
Busch".
Tel.: 030 / 477 05 - 444 * Fax.: 030 / 477 05 - 445
------------------------------
Message: 3
Date: Sat, 2 Sep 2006 16:53:32 +0530
From: "Ravi S M" <smravi at TechMahindra.com>
Subject: Regarding handling of threads
To: <freeradius-users at lists.freeradius.org>
Cc: aland at deployingradius.com
Message-ID:
<1BC030D8DE6BC042B3F33EE14CA2B8FA03158BD9 at SINPUNEX002.TechMahindra.com>
Content-Type: text/plain; charset="us-ascii"
Hi
I have some doubts regarding free radius server.
1) When we run server parent exits by spawning a child to handle
client's requests, so during this time purify also exits but shows 95
leaks. (leak report shows from "src/main/modules.c" from line num "207")
* My doubt is whether these leaks which are shown with purify
are freed in child or how these leaks get rid off??
* Or when parents calls exit(0), do all memory are freed ??
2) For handling multiple requests, is threads implemented? If so
how?
3) If threads are not implemented how multiple requests are
handled?
Please I am grateful if you can provide some information.
Thanks & Regards
Ravi.S.M
============================================================================================================================
Tech Mahindra, formerly Mahindra-British Telecom.
Disclaimer:
This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review at <a href="http://www.techmahindra.com/Disclaimer.html">http://www.techmahindra.com/Disclaimer.html</a> externally and <a href="http://tim.techmahindra.com/Disclaimer.html">http://tim.techmahindra.com/Disclaimer.html</a> internally within Tech Mahindra.
============================================================================================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060902/ca7ae9fa/attachment-0001.html
------------------------------
Message: 4
Date: Sat, 02 Sep 2006 10:11:42 -0400
From: "Alan DeKok" <aland at deployingradius.com>
Subject: Re: Everything lookslike it works, but PC is not authentified
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <20060902141143.1412716CBC at mail.nitros9.org>
Alexandros Gougousoudis <gougousoudis at kh-berlin.de> wrote:
> vinfo-t1 is the netbiosname of the client, the realm(?) host/ comes from
> Windows or the AP, I don't know. Probably it breaks the cert, because
> the name differs and this bothers EAP/TLS. But I don't know how to
> handle or shorten this. Maybe somebody has a good idea to handle that.
It looks like it is doing machine authentication, in which case the
certs (both client and server) need the machine authentication OIDs,
and not the normal user OIDs. From the CVS head version of
'xpextensions':
#
# Add this to the PKCS#7 keybag attributes holding the client's private key
# for machine authentication.
#
# the presence of this OID tells Windows XP that the cert is intended
# for use by the computer itself, and not by an end-user.
#
# The other solution is to use Microsoft's web certificate server
# to generate these certs.
#
# 1.3.6.1.4.1.311.17.2
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
------------------------------
Message: 5
Date: Sat, 02 Sep 2006 10:14:09 -0400
From: "Alan DeKok" <aland at deployingradius.com>
Subject: Re: Regarding handling of threads
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <20060902141409.7F04016CBC at mail.nitros9.org>
"Ravi S M" <smravi at TechMahindra.com> wrote:
> 1) When we run server parent exits by spawning a child to handle
> client's requests, so during this time purify also exits but shows 95
> leaks. (leak report shows from "src/main/modules.c" from line num "207")
If the "leaks" happen when the program exits, they are not really
leaks.
> * My doubt is whether these leaks which are shown with purify
> are freed in child or how these leaks get rid off??
They are not leaked in the child, because the child is still using
that memory.
> * Or when parents calls exit(0), do all memory are freed ??
That's how operating systems work.
> 2) For handling multiple requests, is threads implemented? If so
> how?
Uh... go read the source code.
> Please I am grateful if you can provide some information.
I think I'll stop responding to your messages. You haven't
responded to any of my questions, so there's no point in me continuing.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
------------------------------
Message: 6
Date: Sat, 2 Sep 2006 09:18:53 -0700
From: Doug Hardie <bc979 at lafn.org>
Subject: Proxy IP Address
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <0CEF26E0-5062-4809-907E-C8BA3C5A6571 at lafn.org>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
I have a situation where all my authentication requests are proxied
to me. I have 4 different groups of users that require unique local
polieies and have been using a fairly complicated parsing of the
Called ID phone number and a couple other fields to figure out which
group a request is in. However, I just found out that each of the 4
groups is being proxied through different proxy servers. It would be
real easy to distinguish the group from the IP address that the proxy
request is being sent from. However, I have not been able to find a
variable that contains that information. Have I missed it?
------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest, Vol 17, Issue 8
***********************************************
============================================================================================================================
Tech Mahindra, formerly Mahindra-British Telecom.
Disclaimer:
This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review at <a href="http://www.techmahindra.com/Disclaimer.html">http://www.techmahindra.com/Disclaimer.html</a> externally and <a href="http://tim.techmahindra.com/Disclaimer.html">http://tim.techmahindra.com/Disclaimer.html</a> internally within Tech Mahindra.
============================================================================================================================
More information about the Freeradius-Users
mailing list