commit 4baebf8202d7db372a9ad2ce5026ec6c986f0de7
Author: Alan T. DeKok <aland <at> freeradius.org>
Date: Wed Sep 30 09:54:25 2009 +0200
Allow old-style dictionary formats, too
src/lib/dict.c | 10 +++++++++-
1 files changed, 9 insertions(+), 1 deletions(-)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
commit 751e9a39b2221a2623001a4611021a8e01cf4375
Author: Alan T. DeKok <aland <at> freeradius.org>
Date: Thu Oct 1 15:07:51 2009 +0200
Increase max_sessions
Files changed:
raddb/eap.conf | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
======================================================================
commit 382b6c2223ba1a233ca9f4d248beb888a0123f3e
Author: Alan T. DeKok <aland <at> freeradius.org>
Date: Thu Oct 1 15:06:59 2009 +0200
Print more descriptive error message for too many EAP sessions
Files changed:
src/modules/rlm_eap/mem.c | 17 ++++++++++++++---
1 files changed, 14 insertions(+), 3 deletions(-)
======================================================================
commit e237107e1dca922dab291c5b011468ee24b768c2
Author: Alan T. DeKok <aland <at> freeradius.org>
Date: Thu Oct 1 11:15:55 2009 +0200
event.c frees the listener, so we don't need to
Files changed:
src/modules/frs_control/frs_control.c | 2 --
(Continue reading)
commit 64700e41098a874581d683c8606c94f9ad23079d
Author: Alan T. DeKok <aland <at> freeradius.org>
Date: Mon Oct 5 17:32:39 2009 +0200
Check for undefined types, too
Files changed:
src/lib/radius.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
======================================================================
commit ecf751a2a662d8749f45fa77f8b023b37b01056c
Author: Alan T. DeKok <aland <at> freeradius.org>
Date: Mon Oct 5 17:12:33 2009 +0200
Set broadcast && reuseaddr before binding to socket
Files changed:
src/main/listen.c | 59 +++++++++++++++++++++++++++++++++++++++
src/modules/frs_dhcp/frs_dhcp.c | 15 ----------
2 files changed, 59 insertions(+), 15 deletions(-)
======================================================================
commit f6e2dba8a7e4dd31d36d5b8ee434d21600e3f99f
Author: Alan T. DeKok <aland <at> freeradius.org>
Date: Sun Oct 4 18:12:12 2009 +0200
Simplify the code
Files changed:
(Continue reading)
commit f2273694594b65174b30680bef077485c9372f92
Author: Alan T. DeKok <aland <at> freeradius.org>
Date: Tue Oct 6 11:28:36 2009 +0200
Forgot to include this...
Files changed:
src/include/smodule.h | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
======================================================================
commit 9261f3e0026323b2c397af13d02fbc5780908143
Author: Alan T. DeKok <aland <at> freeradius.org>
Date: Tue Oct 6 10:21:45 2009 +0200
Ensure that there is a cleanup event for proxied packets
If there was no reply, clean up, reject, etc. the request.
This doesn't matter so much for normal clients, as they will retransmit
and cause the old request to be deleted from the request hash.
But detail requests have random ports (for other reasons), so
they won't be cleaned up by new packets. Therefore, we need to clean
them up...
Files changed:
src/main/event.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
======================================================================
(Continue reading)
Hi, easy fix: diff --git a/configure.in b/configure.in index 770068d..c7d41e6 100644 --- a/configure.in +++ b/configure.in <at> <at> -75,7 +75,7 <at> <at> fi AC_ARG_WITH(system-libtldl, [ --with-system-libtldl Use the libtltdl installed in your system (default=use our own)], [ -LIBLTDL="-ltdl" +LIBLTDL="-lltdl" INCLTDL= LTDL_SUBDIRS= ], I'm not a expert in these things, so please excuse my dumb asking: Why does freeradius want to use his own libtool and libltdl? Are the ones out there that broken or is there any other reason? And are there disadvantages of using the ones included in FR? Debian seems to prefer the system's... Regards, Jakob - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html(Continue reading)
Hi,
Being part of the 'eduroam' clan we have a lot of EAP traffic proxying
about the place, even more so being part of the 'University Triangle' in
London so those peskey students and staff mooch where ever they can.
My setup is generally:
----
home_server_pool eduroam {
#type = fail-over <-- works
#type = client-balance <-- grumbles
#type = client-port-balance <-- grumbles
type = keyed-balance <-- grumbles
home_server = jrs.0
home_server = jrs.1
home_server = jrs.2
}
----
The proxy topology in eduroam (incase you do not know) is:
[us x 2] ---------- [ .ja.net proxies x 3 ] ---------- [them x 2]
<ramble>
I used 'keyed-balance' as 'client-balance'/'client-port-balance' load
balance terribly when your NAS's use the same source port and most of
our traffic comes from the same IP (the single infernal WLC 4400 we
have).
This however is not important, as I only started to use 'keyed-balance'
(Continue reading)
Hi, > I used 'keyed-balance' as 'client-balance'/'client-port-balance' load > balance terribly when your NAS's use the same source port and most of > our traffic comes from the same IP (the single infernal WLC 4400 we > have). yep - especially when a certain vendor is always using the same port(Continue reading)> moved to 'fail-over' and everything started working. Alas I cannot > leave it on 'fail-over' otherwise Alan Buxey gets grumbly.
a name check will always get my attention... okay..not quite 'grumbly' but if everyone used such a a method then we'd have to look at loads from each end site and email them about what order they should do their National Proxies in... at least with some reasonable client balance thet architecture might get used fairly and evenly. heck...maybe someday Status-Server will find its way a little more fully into the system and then if NRPS get busy they can just dynamically tell clients tthat they arent well and bother another box
> 'currently_outstanding' or 'fr_rand()' when there is EAP traffic; I > decided to add the clause !HOME_POOL_LOAD_BALANCE; things now work. ouch. that should already be inherent within the EAP balance? > What do you think of the following patch, I think there is sound > reasoning behind it, however of course I am just a network monkey? doesnt this patch just make the 'balance' system become exactly
Alan Buxey <A.L.M.Buxey <at> lboro.ac.uk> wrote:
>
>> 'currently_outstanding' or 'fr_rand()' when there is EAP traffic; I
>> decided to add the clause !HOME_POOL_LOAD_BALANCE; things now work.
>
> ouch. that should already be inherent within the EAP balance?
>
Looking at the code, it's the sort of thing I would have overlooked
>> What do you think of the following patch, I think there is sound
>> reasoning behind it, however of course I am just a network monkey?
>
> doesnt this patch just make the 'balance' system become exactly
> the same as the fail-over system? ie, find a live one and stick with it
> for all times...
>
Look in the top half of that function (honkingly large switch(){}
statement), you will see the hashing algorithm (the 'start'ing hint)
depends on what load balancing algorithm you want.
As a offtopic note, for FreeRADIUS 'eduroam' users we might want to
start touting the following to be dropped into 'authorize[}':
----
if (Realm == "DEFAULT") {
# workaround crappy load-balancing, thanks to Cisco's static src port
update control {
Load-Balance-Key := "%{NAS-IP-Address} %{NAS-Port} %{User-Name} %{Calling-Station-ID}"
}
handled
(Continue reading)
I noticed[1] that detail listeners refuse to write detail entries to files, even if the destination filename is different from the source filename. The attached patch fixes that. It also centralizes the listen_detail_t definition, removing the 'stub' definition in src/main/event.c. john [1] https://lists.freeradius.org/pipermail/freeradius-users/2009-October/msg00182.html -- -- John Morrissey _o /\ ---- __o jwm <at> horde.net _-< \_ / \ ---- < \, www.horde.net/ __(_)/_(_)________/ \_______(_) /_(_)__
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
Alexander Clouter wrote: > <ramble> > I used 'keyed-balance' as 'client-balance'/'client-port-balance' load > balance terribly when your NAS's use the same source port and most of > our traffic comes from the same IP (the single infernal WLC 4400 we > have). They're meant to be used with more than one client. > Looking closer at the detail logs I saw that mid-EAP conversation the > packets started to get proxied to different national proxies which > resulted (expectedly) with a Access-Reject; also explaining why my > counterparts never saw an inner authentication. Ah. If they're going through different proxies, but making back to the *same* home server, that will be an issue. > Looks like MS IAS does not really care where the proxied packets come > from, it only key's on Proxy-State (I'm guessing here); FreeRADIUS being > a lot more picky...which is just what I like :) With this in mind I > moved to 'fail-over' and everything started working. Alas I cannot > leave it on 'fail-over' otherwise Alan Buxey gets grumbly. I won't speak ill of another Alan. > The conclusion, we should not be paying any attention to > 'currently_outstanding' or 'fr_rand()' when there is EAP traffic; I > decided to add the clause !HOME_POOL_LOAD_BALANCE; things now work. > > What do you think of the following patch, I think there is sound(Continue reading)
RSS Feed93 | |
|---|---|
138 | |
101 | |
132 | |
180 | |
90 | |
166 | |
104 | |
135 | |
146 | |
61 | |
19 | |
50 | |
44 | |
25 | |
12 | |
78 | |
99 | |
9 | |
96 | |
128 | |
69 | |
69 | |
90 | |
104 | |
99 | |
38 | |
69 | |
17 | |
52 | |
41 | |
64 | |
18 | |
46 | |
44 | |
31 | |
52 | |
45 | |
66 | |
28 | |
113 | |
19 | |
67 | |
30 | |
53 | |
103 | |
122 | |
55 | |
36 | |
64 | |
81 | |
98 | |
85 | |
79 | |
22 | |
26 | |
51 | |
60 | |
53 | |
53 | |
44 | |
50 | |
63 | |
60 | |
43 | |
93 | |
57 | |
111 | |
84 | |
107 | |
142 | |
236 | |
77 | |
211 | |
95 | |
119 | |
116 | |
114 | |
36 | |
114 | |
90 | |
146 | |
196 | |
88 | |
100 | |
90 | |
115 | |
92 | |
114 | |
195 | |
86 | |
101 | |
101 | |
150 | |
162 | |
79 | |
106 | |
144 | |
112 | |
171 | |
99 | |
80 | |
8 |
