Version 2.0.2 has been released.
People using EAP should definitely upgrade. Feature improvements * Added notes on how to debug the server in radiusd.conf * Moved all "log_*" in radiusd.conf to log{} section. The old configurations are still accepted, though. * Added ca.der target in raddb/certs/Makefile. This is needed for importing CA certs into Windows. * Added ability send raw attributes via "Raw-Attribute = 0x0102..." This is available only debug builds. It can be used to create invalid packets! Use it with care. * Permit "unlang" policies inside of Auth-Type{} sub-sections of the authenticate{} section. This makes some policies easier to implement. * "listen" sections can now have "type = proxy". This lets you control which IP is used for sending proxied requests. * Added note on SSL performance to raddb/certs/README Bug fixes * Fixed reading of "detail" files. * Allow inner EAP tunneled sessions to be proxied. * Corrected MySQL schemas * syslog now works in log{} section. * Corrected typo in raddb/certs/client.cnf * Updated raddb/sites-available/proxy-inner-tunnel to permit authentication to work. * Ignore zero-length attributes in received packets. * Correct memcpy when dealing with unknown attributes. * Corrected debugging messages in attr_rewrite. * Corrected generation of State attribute in EAP. This fixes the "failed to remember handler" issues. * Fall back to DEFAULT realm if no realm was found. Based on a patch from Vincent Magnin. * Updated example raddb/sites-available/proxy-inner-tunnel * Corrected behavior of attr_filter to match documentation. This is NOT backwards compatible with previous versions! See "man rlm_attr_filter" for details.
With 2.0.2 I tried a performance test with eap authentications. At one point I get : Thu Feb 14 15:10:30 2008 : Error: rlm_eap: No EAP session matching the State variable. Thu Feb 14 15:10:30 2008 : Error: rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request Is this the normal message when the server is too busy? Norbert Wegener Alan T DeKok schrieb:
People using EAP should definitely upgrade.
Feature improvements * Added notes on how to debug the server in radiusd.conf * Moved all "log_*" in radiusd.conf to log{} section. The old configurations are still accepted, though. * Added ca.der target in raddb/certs/Makefile. This is needed for importing CA certs into Windows. * Added ability send raw attributes via "Raw-Attribute = 0x0102..." This is available only debug builds. It can be used to create invalid packets! Use it with care. * Permit "unlang" policies inside of Auth-Type{} sub-sections of the authenticate{} section. This makes some policies easier to implement. * "listen" sections can now have "type = proxy". This lets you control which IP is used for sending proxied requests. * Added note on SSL performance to raddb/certs/README
Bug fixes * Fixed reading of "detail" files. * Allow inner EAP tunneled sessions to be proxied. * Corrected MySQL schemas * syslog now works in log{} section. * Corrected typo in raddb/certs/client.cnf * Updated raddb/sites-available/proxy-inner-tunnel to permit authentication to work. * Ignore zero-length attributes in received packets. * Correct memcpy when dealing with unknown attributes. * Corrected debugging messages in attr_rewrite. * Corrected generation of State attribute in EAP. This fixes the "failed to remember handler" issues. * Fall back to DEFAULT realm if no realm was found. Based on a patch from Vincent Magnin. * Updated example raddb/sites-available/proxy-inner-tunnel * Corrected behavior of attr_filter to match documentation. This is NOT backwards compatible with previous versions! See "man rlm_attr_filter" for details. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hey Alan, is the LDAP_DEPRECATED stuff all fixed in 2.0.2? just wanna double check before i compile it and don't pass that option myself... Thanks, Joe Vieira UNIX Systems Administrator Clark University - ITS Norbert Wegener wrote:
With 2.0.2 I tried a performance test with eap authentications. At one point I get :
Thu Feb 14 15:10:30 2008 : Error: rlm_eap: No EAP session matching the State variable. Thu Feb 14 15:10:30 2008 : Error: rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request
Is this the normal message when the server is too busy?
Norbert Wegener
Alan T DeKok schrieb:
People using EAP should definitely upgrade.
Feature improvements * Added notes on how to debug the server in radiusd.conf * Moved all "log_*" in radiusd.conf to log{} section. The old configurations are still accepted, though. * Added ca.der target in raddb/certs/Makefile. This is needed for importing CA certs into Windows. * Added ability send raw attributes via "Raw-Attribute = 0x0102..." This is available only debug builds. It can be used to create invalid packets! Use it with care. * Permit "unlang" policies inside of Auth-Type{} sub-sections of the authenticate{} section. This makes some policies easier to implement. * "listen" sections can now have "type = proxy". This lets you control which IP is used for sending proxied requests. * Added note on SSL performance to raddb/certs/README
Bug fixes * Fixed reading of "detail" files. * Allow inner EAP tunneled sessions to be proxied. * Corrected MySQL schemas * syslog now works in log{} section. * Corrected typo in raddb/certs/client.cnf * Updated raddb/sites-available/proxy-inner-tunnel to permit authentication to work. * Ignore zero-length attributes in received packets. * Correct memcpy when dealing with unknown attributes. * Corrected debugging messages in attr_rewrite. * Corrected generation of State attribute in EAP. This fixes the "failed to remember handler" issues. * Fall back to DEFAULT realm if no realm was found. Based on a patch from Vincent Magnin. * Updated example raddb/sites-available/proxy-inner-tunnel * Corrected behavior of attr_filter to match documentation. This is NOT backwards compatible with previous versions! See "man rlm_attr_filter" for details. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Norbert Wegener wrote:
With 2.0.2 I tried a performance test with eap authentications. At one point I get :
Thu Feb 14 15:10:30 2008 : Error: rlm_eap: No EAP session matching the State variable. Thu Feb 14 15:10:30 2008 : Error: rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request
Is this the normal message when the server is too busy?
Only if there is an interval of 60 seconds between EAP packets for one session. Alan DeKok.
participants (4)
-
Alan DeKok -
Alan T DeKok -
Joe Vieira -
Norbert Wegener