| See the changelog for 2.2.0. The "passwd" module had issues with |older versions of the server. | |You can also reload individual modules. That will be less likely to |have issues. i.e. | |$ radmin -e "hup passwd" | And from the control-socket code # # Control socket interface. # # HIGHLY experimental! It should NOT be used in production # environments. # The servers are in a production environment. I'd really like to try just reloading the passwd module to see if it makes any difference to the server stability but not at the detriment to any security type issues A On 8 Feb 2013, at 16:09, freeradius-users-request@lists.freeradius.org wrote:
Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to freeradius-users-request@lists.freeradius.org
You can reach the person managing the list at freeradius-users-owner@lists.freeradius.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Re: Issues with Freeradius crashing after a sighup (Alan DeKok) 2. RE: [EAP/TLS] Authenfication through a certificate (vazoumana fofana) 3. Re: Session-Timeout anomalies (Bill Isaacs) 4. Re: Session-Timeout anomalies (Alan DeKok) 5. Any interoperability issues with Aruba and Freeradius (Alex Sharaz) 6. Re: MAc-Auth with EAP (Tunde Ogedengbe)
----------------------------------------------------------------------
Message: 1 Date: Fri, 08 Feb 2013 10:10:05 -0500 From: Alan DeKok <aland@deployingradius.com> To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Subject: Re: Issues with Freeradius crashing after a sighup Message-ID: <5115154D.5070804@deployingradius.com> Content-Type: text/plain; charset=ISO-8859-1
Alex Sharaz wrote:
Firstly the 2.1 servers
<shrug> Upgrade.
password files are updated every 15 mins and are followed by a "service freeradius reload" command to bring them on line.
See the changelog for 2.2.0. The "passwd" module had issues with older versions of the server.
You can also reload individual modules. That will be less likely to have issues. i.e.
$ radmin -e "hup passwd"
Anyone else seen serve crashes on a reload?
Unfortunately I've seen this before. I haven't seen enough information to track it down and fix it, though.
Alan DeKok.
------------------------------
Message: 2 Date: Fri, 8 Feb 2013 15:24:53 +0000 From: vazoumana fofana <zoumlander@hotmail.com> To: "freeradius-users@lists.freeradius.org" <freeradius-users@lists.freeradius.org> Subject: RE: [EAP/TLS] Authenfication through a certificate Message-ID: <SNT137-W406D40D7E02D3B5D51A487D2050@phx.gbl> Content-Type: text/plain; charset="iso-8859-1"
i begin setting up configuration. bit i got two problems :
client with good certificate can be authenticated even if they're not in "users" file. I assume it's due to my code. Here is under authenticate section of default :
Auth-Type eap { eap if ( "%{TLS-Client-Cert-Subject}" =~ /\/xxxxxxxx\// ) { if ( "%{TLS-Client-Cert-Subject}" =~ /\/xxxxxxxxxxx\// ) { ok } else { fail } It's like when condition is checked, it bypassed "users" file.
Maybe, i must move these lines under authorize ? anyone to confirm it ?
cheers
Date: Mon, 4 Feb 2013 10:32:22 -0500 From: aland@deployingradius.com To: freeradius-users@lists.freeradius.org Subject: Re: [EAP/TLS] Authenfication through a certificate
vazoumana fofana wrote:
i've got question about EAP/TLS and authentification for a client through a certificate ? I succeed setting up. But , i notice that freeradius matches client login with certificate CNAME. Is it possible to change it in order to match email instead of CNAME ?
Yes.
Read the eap.conf file, and the raddb/sites-available/default. This is documented.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html