Re: Issues with Freeradius crashing after a sighup
| See the changelog for 2.2.0. The "passwd" module had issues with |older versions of the server. | |You can also reload individual modules. That will be less likely to |have issues. i.e. | |$ radmin -e "hup passwd" | And from the control-socket code # # Control socket interface. # # HIGHLY experimental! It should NOT be used in production # environments. # The servers are in a production environment. I'd really like to try just reloading the passwd module to see if it makes any difference to the server stability but not at the detriment to any security type issues A On 8 Feb 2013, at 16:09, freeradius-users-request@lists.freeradius.org wrote:
Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to freeradius-users-request@lists.freeradius.org
You can reach the person managing the list at freeradius-users-owner@lists.freeradius.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Re: Issues with Freeradius crashing after a sighup (Alan DeKok) 2. RE: [EAP/TLS] Authenfication through a certificate (vazoumana fofana) 3. Re: Session-Timeout anomalies (Bill Isaacs) 4. Re: Session-Timeout anomalies (Alan DeKok) 5. Any interoperability issues with Aruba and Freeradius (Alex Sharaz) 6. Re: MAc-Auth with EAP (Tunde Ogedengbe)
----------------------------------------------------------------------
Message: 1 Date: Fri, 08 Feb 2013 10:10:05 -0500 From: Alan DeKok <aland@deployingradius.com> To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Subject: Re: Issues with Freeradius crashing after a sighup Message-ID: <5115154D.5070804@deployingradius.com> Content-Type: text/plain; charset=ISO-8859-1
Alex Sharaz wrote:
Firstly the 2.1 servers
<shrug> Upgrade.
password files are updated every 15 mins and are followed by a "service freeradius reload" command to bring them on line.
See the changelog for 2.2.0. The "passwd" module had issues with older versions of the server.
You can also reload individual modules. That will be less likely to have issues. i.e.
$ radmin -e "hup passwd"
Anyone else seen serve crashes on a reload?
Unfortunately I've seen this before. I haven't seen enough information to track it down and fix it, though.
Alan DeKok.
------------------------------
Message: 2 Date: Fri, 8 Feb 2013 15:24:53 +0000 From: vazoumana fofana <zoumlander@hotmail.com> To: "freeradius-users@lists.freeradius.org" <freeradius-users@lists.freeradius.org> Subject: RE: [EAP/TLS] Authenfication through a certificate Message-ID: <SNT137-W406D40D7E02D3B5D51A487D2050@phx.gbl> Content-Type: text/plain; charset="iso-8859-1"
i begin setting up configuration. bit i got two problems :
client with good certificate can be authenticated even if they're not in "users" file. I assume it's due to my code. Here is under authenticate section of default :
Auth-Type eap { eap if ( "%{TLS-Client-Cert-Subject}" =~ /\/xxxxxxxx\// ) { if ( "%{TLS-Client-Cert-Subject}" =~ /\/xxxxxxxxxxx\// ) { ok } else { fail } It's like when condition is checked, it bypassed "users" file.
Maybe, i must move these lines under authorize ? anyone to confirm it ?
cheers
Date: Mon, 4 Feb 2013 10:32:22 -0500 From: aland@deployingradius.com To: freeradius-users@lists.freeradius.org Subject: Re: [EAP/TLS] Authenfication through a certificate
vazoumana fofana wrote:
i've got question about EAP/TLS and authentification for a client through a certificate ? I succeed setting up. But , i notice that freeradius matches client login with certificate CNAME. Is it possible to change it in order to match email instead of CNAME ?
Yes.
Read the eap.conf file, and the raddb/sites-available/default. This is documented.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alex Sharaz wrote:
And from the control-socket code
In older versions of the software. Version 2.2.0 does *not* have that text.
The servers are in a production environment. I'd really like to try just reloading the passwd module to see if it makes any difference to the server stability but not at the detriment to any security type issues
There are no security issues with using the control socket. Alan DeKok.
Think I just had senior moment. The server runs 2.2 code compiled from source but I copied all the configs over from the UKERNA freeradius sample and then amended them to run against our AD service. The UKERNA control-socket config does have the text. My fault Rgds Alex On 8 Feb 2013, at 17:31, Alan DeKok <aland@deployingradius.com> wrote:
Alex Sharaz wrote:
And from the control-socket code
In older versions of the software. Version 2.2.0 does *not* have that text.
The servers are in a production environment. I'd really like to try just reloading the passwd module to see if it makes any difference to the server stability but not at the detriment to any security type issues
There are no security issues with using the control socket.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Think I just had senior moment.
The server runs 2.2 code compiled from source but I copied all the configs over from the UKERNA freeradius sample and then amended them to run against our AD service. The UKERNA control-socket config does have the text. My fault
who is UKERNA? ;-) alan
Hi,
|$ radmin -e "hup passwd" |
And from the control-socket code
# # Control socket interface. # # HIGHLY experimental! It should NOT be used in production # environments. # The servers are in a production environment. I'd really like to try just reloading the passwd module to see if it makes any difference to the server stability but not at the detriment to any security type issues
Its been fine since 2.0 - I would ignore that error. I know of many sites that use it on their production servers - for a start, you need such thing if monitoring FreeRADIUS with munin etc alan
participants (3)
-
A.L.M.Buxey@lboro.ac.uk -
Alan DeKok -
Alex Sharaz