Releasing 3.0.13 soon?

Alex Sharaz alex.sharaz at
Tue Jan 10 11:53:07 CET 2017

Started off just using it on our ORPS systems so
proxying auth requests off to remote sites
 inbound auths using winbind -> our AD system.

Basically eap-peap/mschapv2, eap-tls and  proxying.
Back end database postgresql with buffered-sql virtual server.
EAP caching switched on,
OCSP for EAP-TLS pointing at our XpressConnect ES server

After my fights with built in RADSEC( which I lost), got that working using
radsecproxy, means I can  auth on uni eduroam  using alex at which
has auth chain of

clearpass-><UoY ORPS> -> radsec/ipv6 -> my server in the cloud->
radsec/ipv6-> gateway to home net->FR 3.0.12 /ipv6 on os/x. (having issues
with the final open directory bit, but I'm sure that's just a config thing).

Will continue the battle next week. It's going to be something really
silly, but at least I know I can do the stuff with radsecproxy.

Up till this week, been running 3.0.13 on one of our Tier 2 servers doing
eap-tls, eap-peap/mschapv2 mac auth buffered-sql  -> postgres database.
Also using MySQL for back end db that contains list of quarantined MAC
addresses ( stored procedure isQuarantined(%{Calling-Station-Id}) returns

Access-Accept packet contents tailored to type of device performing
auths.Some static values some pulled form db.

Last Friday started upgrading remaining 2 2.2.9 servers to 3.0.13. Seems to
be working just fine. Security team pleased we've moved away from MySQL, no
ones world has ended by moving to 3.0.13  :-)


On 10 January 2017 at 10:08, <A.L.M.Buxey at> wrote:

> Hi,
> > Been running 30.13 for months just fine
> ditto.   perhaps we need some stability feedback mechanism, reports what
> modules
> you are using etc?
> alan
> -
> List info/subscribe/unsubscribe? See
> list/users.html

More information about the Freeradius-Users mailing list