http://blog.gmane.org/gmane.network.freenac.devel hourly 1 1901-01-01T00:00+00:00 http://gmane.org/img/gmane-25t.png http://gmane.org http://permalink.gmane.org/gmane.network.freenac.devel/35 ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________ Opennac-devel mailing list Opennac-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org https://lists.sourceforge.net/lists/listinfo/opennac-devel Sean.Boran-Zc0CTiu5wcBWk0Htik3J/w< at >public.gmane.org 2007-11-27T19:47:19 http://permalink.gmane.org/gmane.network.freenac.devel/34 JUst released v3.0.0.147/26.11.07/SB: Cannot use "*" in overview->MAC. Allow change of switch->vlan_id. Overview: Tickbox to enable patch lookups on the overview? (Speed). Allow columns to be enabled/disabled, hide most by default for simplicity. Enable vlanloc table depending on server variable. Express Quantum Grid: upgrade to v6.3 Vlan colum titles: Note that default_id is used for emergency recovery. Server log: scroll to top FYI, the pending list of issues with this GUI is now managed on http://freenac.net/en/techguide/pendingwindows Regards, Sean ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ Sean.Boran-Zc0CTiu5wcBWk0Htik3J/w< at >public.gmane.org 2007-11-26T06:46:23 http://permalink.gmane.org/gmane.network.freenac.devel/33 This allow you to search our sources.. http://sourceforge.krugle.com/kse/files?project=%22OpenNAC%22 Sean ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ Sean.Boran-Zc0CTiu5wcBWk0Htik3J/w< at >public.gmane.org 2007-04-16T19:08:16 http://permalink.gmane.org/gmane.network.freenac.devel/32 Hi, This is worrying, to say the least: PHP Security From The Inside By Federico Biancuzzi Stefan Esser is the founder of both the Hardened-PHP Project and the PHP Security Response Team (which he recently left). Federico Biancuzzi discussed with him how the PHP Security Response Team works, why he resigned from it, what features he plans to add to his own hardening patch, the interaction between Apache and PHP, the upcoming "Month of PHP bugs" initiative, and common mistakes in the design of well-known applications such as WordPress. http://www.securityfocus.com/columnists/432 Sean ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 Sean.Boran-Zc0CTiu5wcBWk0Htik3J/w< at >public.gmane.org 2007-02-09T08:40:52 http://permalink.gmane.org/gmane.network.freenac.devel/31 The perl script that handles the VMPS requests (rad2vmps) waits forever for VMPS answers: Thu Nov 2 15:25:17 2006 : Debug: modcall[authorize]: module "check_mac" returns noop for request 86 Thu Nov 2 15:25:17 2006 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 86 Thu Nov 2 15:25:17 2006 : Debug: rlm_eap: EAP packet type response id 18 length 6 Thu Nov 2 15:25:17 2006 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Thu Nov 2 15:25:17 2006 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 86 Thu Nov 2 15:25:17 2006 : Debug: modcall[authorize]: module "eap" returns updated for request 86 Thu Nov 2 15:25:17 2006 : Debug: modcall: leaving group authorize (returns updated) for request 86 Thu Nov 2 15:25:17 2006 : Debug: rad_check_password: Found Auth-Type EAP Thu Nov 2 15:25:17 2006 : Debug: auth: type "EAP" Thu Nov 2 15:25:17 2006 : Debug: Processing the authenticate section of radiusd.conf Thu Nov 2 15:25:17 2006 : Debug: modcall: entering group authenticate for request 86 Thu Nov 2 15:25:17 2006 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 86 Thu Nov 2 15:25:17 2006 : Debug: rlm_eap: Request found, released from the list Thu Nov 2 15:25:17 2006 : Debug: rlm_eap: EAP/mschapv2 Thu Nov 2 15:25:17 2006 : Debug: rlm_eap: processing type mschapv2 Thu Nov 2 15:25:17 2006 : Debug: rlm_eap: Freeing handler Thu Nov 2 15:25:17 2006 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 86 Thu Nov 2 15:25:17 2006 : Debug: modcall[authenticate]: module "eap" returns ok for request 86 Thu Nov 2 15:25:17 2006 : Debug: modcall: leaving group authenticate (returns ok) for request 86 Thu Nov 2 15:25:17 2006 : Debug: radius_xlat: 'Required attributes "Calling-Station-Id" and "NAS-IP-Address" were not found in the request.' Thu Nov 2 15:25:17 2006 : Debug: Processing the post-auth section of radiusd.conf Thu Nov 2 15:25:17 2006 : Debug: modcall: entering group post-auth for request 86 Thu Nov 2 15:25:17 2006 : Debug: modsingle[post-auth]: calling check_mac (rlm_perl) for request 86 Thu Nov 2 15:25:17 2006 : Debug: perl_pool: item 0x834a818 asigned new request. Handled so far: 42 Thu Nov 2 15:25:17 2006 : Debug: found interpetator at address 0x834a818 So: - a timeout needs to be added (its only a UDP answer, that may never come) e.g. 200ms - and a number of retries, e.g. 5 - and a second vmps server IP address - all paramets should be configurable. Sean ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 Sean.Boran-Zc0CTiu5wcBWk0Htik3J/w< at >public.gmane.org 2006-11-02T14:37:31 http://permalink.gmane.org/gmane.network.freenac.devel/30 Hi, The current stable release only works with VMPS, which is Cisco specific. We have a prototype working with 802.1x now too. We are testing with Cisco, but other vendors should work too. What vendor are you interested in? Sean ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 Sean.Boran-Zc0CTiu5wcBWk0Htik3J/w< at >public.gmane.org 2006-11-02T07:59:13 http://permalink.gmane.org/gmane.network.freenac.devel/29 Hi, Freenac gurus, I am interesting for this project, but I have one question: Is it must fro using cisco switches to realize freenac? In the other words, could it be a possible to assign dynamic vlans other than vpms in cisco world? Ok, maybe we could use 802.1x, so this could dynamic vlan assignment? instead of VPMS? If it is possible, that will be great! TIA Zhou ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 Zhen Zhou 2006-11-01T14:48:15 http://permalink.gmane.org/gmane.network.freenac.devel/28 Hi, One of the key FreeNAC components (namely OpenVMPS) suffers from a Logging Function Format String Vulnerability which affects version 1.3 running on Debian 3.0, Slackware 10.0 and Fedora Core 2. See also the advisory http://www.securityfocus.com/bid/15072/info The OpenVMPS author solved this problem in the CVS (see http://vmps.cvs.sourceforge.net/vmps/vmpsd/), but didn't published a patch for the current stable release. As regards FreeNAC.net, we are providing: a) An OpenVMPS patch, if you wish to update your OpenVMPS module: http://www.freenac.net/downloads/openvmps.patch b) If you are using the FreeNAC virtual appliance please do an "svn update" from /opt/nac to fix this vulnerabilty. c) For 'tarball' users, an updated tarball will be released next week containing this fix and some new features. Regards, the FreeNAC team ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 Hector.Ortiz-Zc0CTiu5wcBWk0Htik3J/w< at >public.gmane.org 2006-10-23T15:57:24 http://permalink.gmane.org/gmane.network.freenac.devel/28 Hi, One of the key FreeNAC components (namely OpenVMPS) suffers from a Logging Function Format String Vulnerability which affects version 1.3 running on Debian 3.0, Slackware 10.0 and Fedora Core 2. See also the advisory http://www.securityfocus.com/bid/15072/info The OpenVMPS author solved this problem in the CVS (see http://vmps.cvs.sourceforge.net/vmps/vmpsd/), but didn't published a patch for the current stable release. As regards FreeNAC.net, we are providing: a) An OpenVMPS patch, if you wish to update your OpenVMPS module: http://www.freenac.net/downloads/openvmps.patch b) If you are using the FreeNAC virtual appliance please do an "svn update" from /opt/nac to fix this vulnerabilty. c) For 'tarball' users, an updated tarball will be released next week containing this fix and some new features. Regards, the FreeNAC team ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 Hector.Ortiz-Zc0CTiu5wcBWk0Htik3J/w< at >public.gmane.org 2006-10-23T15:57:24 http://permalink.gmane.org/gmane.network.freenac.devel/27 Great. I'm on the openvmps dev list, but I didn't see any messages. This shows the importance of communications: making sure your user community is aware of changes. We must work more with the OpenVMPS author... Ok, lets test in development (HO/SB) & rollout (PB/SB). Sean ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 Sean.Boran-Zc0CTiu5wcBWk0Htik3J/w< at >public.gmane.org 2006-10-23T07:28:28 http://permalink.gmane.org/gmane.network.freenac.devel/27 Great. I'm on the openvmps dev list, but I didn't see any messages. This shows the importance of communications: making sure your user community is aware of changes. We must work more with the OpenVMPS author... Ok, lets test in development (HO/SB) & rollout (PB/SB). Sean ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 Sean.Boran-Zc0CTiu5wcBWk0Htik3J/w< at >public.gmane.org 2006-10-23T07:28:28 http://permalink.gmane.org/gmane.network.freenac.devel/26 See http://sourceforge.net/tracker/index.php?func=detail&aid=1438319&group_i d=47375&atid=449286 So we should also open a bug on out SF page, and create a patch ourselves, it dates since January. Volonteers? Sean ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 Sean.Boran-Zc0CTiu5wcBWk0Htik3J/w< at >public.gmane.org 2006-10-23T07:05:28 http://permalink.gmane.org/gmane.network.freenac.devel/26 See http://sourceforge.net/tracker/index.php?func=detail&aid=1438319&group_i d=47375&atid=449286 So we should also open a bug on out SF page, and create a patch ourselves, it dates since January. Volonteers? Sean ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 Sean.Boran-Zc0CTiu5wcBWk0Htik3J/w< at >public.gmane.org 2006-10-23T07:05:28 http://permalink.gmane.org/gmane.network.freenac.devel/25 Just found an exploit for openvmps, http://www.securityfocus.com/bid/15072/info Which of you can do an anaylsis and maybe even come up with a patch? I'm not sure that the OpenVMPS autor is still actively maintaining. Regards, Sean ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 Sean.Boran-Zc0CTiu5wcBWk0Htik3J/w< at >public.gmane.org 2006-10-22T15:59:54 http://permalink.gmane.org/gmane.network.freenac.devel/25 Just found an exploit for openvmps, http://www.securityfocus.com/bid/15072/info Which of you can do an anaylsis and maybe even come up with a patch? I'm not sure that the OpenVMPS autor is still actively maintaining. Regards, Sean ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 Sean.Boran-Zc0CTiu5wcBWk0Htik3J/w< at >public.gmane.org 2006-10-22T15:59:54 http://permalink.gmane.org/gmane.network.freenac.devel/24 Hi, I've found the next advisory: OpenVMPS is affected by a remote format-string vulnerability. The application fails to properly sanitize user-supplied input before using it as the format specifier in a system-log entry. Info and the exploit can be found at: http://www.securityfocus.com/bid/15072/info I've tested the exploit and seems to affect OpenVMPSd v1.3 (the one we use) running on Slackware 10.0, Debian 3.0 and Fedora Core 2. The exploit failed when I tested it in the development server, since we are running on a different distro. No patches have been released for this vulnerability. ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 Hector.Ortiz-Zc0CTiu5wcBWk0Htik3J/w< at >public.gmane.org 2006-10-22T12:37:29 http://permalink.gmane.org/gmane.network.freenac.devel/24 Hi, I've found the next advisory: OpenVMPS is affected by a remote format-string vulnerability. The application fails to properly sanitize user-supplied input before using it as the format specifier in a system-log entry. Info and the exploit can be found at: http://www.securityfocus.com/bid/15072/info I've tested the exploit and seems to affect OpenVMPSd v1.3 (the one we use) running on Slackware 10.0, Debian 3.0 and Fedora Core 2. The exploit failed when I tested it in the development server, since we are running on a different distro. No patches have been released for this vulnerability. ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 Hector.Ortiz-Zc0CTiu5wcBWk0Htik3J/w< at >public.gmane.org 2006-10-22T12:37:29 http://permalink.gmane.org/gmane.network.freenac.devel/23 After Freeradius what would be your next choice? gnu or Open? ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 Sean.Boran-Zc0CTiu5wcBWk0Htik3J/w< at >public.gmane.org 2006-10-17T17:24:52 http://permalink.gmane.org/gmane.network.freenac.devel/23 After Freeradius what would be your next choice? gnu or Open? ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 Sean.Boran-Zc0CTiu5wcBWk0Htik3J/w< at >public.gmane.org 2006-10-17T17:24:52 http://permalink.gmane.org/gmane.network.freenac.devel/22 Hi, here is a short discussion about all the OpenSource RADIUS servers available to tie in 802.1X support in FreeNAC. Cistron RADIUS It is the predecessor of FreeRadius. It is still maintained because lots of people still use it, but it will not get any major new functionality (SQL, LDAP, etc) as FreeRadius. ICRADIUS A variant of Cistron, with MySQL support, and a web-based front end. Not much info available at the moment (web site has some technical difficulties). XtRADIUS Another Cistron variant, with extension for running external programs for accounting or authentication. This RADIUS performs authentication using either a radius users file, or the system password file, or an external script. Documentation is scarce and it doesn't appear to be actively maintained. OpenRADIUS Support for LDAP, SQL. The authentication can be fully customizable. Everything is a pluggable, completely under the control of the administrator. Lacks some documentation though. GNU-radius Authentication schemes somewhat limited (system database, internal database, SQL auth, PAM auth). Allows for SNMP management. Ability to rewrite RADIUS requests from various NASs to normalize them to a more understandable format, as well as the ability to completely customize the behavior of radius authentication and accounting based on NAS and user attributes. Mailing list not very active. Yard RADIUS Derived from the original Livingston radius server. It doesn't support MySQL and LDAP.Development seems not very active at the moment. Doesn't support multi-threading. JRADIUS It is not a standalone server, it's a java plugin for FreeRadius which talks to a Java server, allowing you to write RADIUS handlers in Java. FreeRadius Includes a PAM authentication module and Apache authentication modules. Comes with a PHP-based web user administration tool, support for LDAP, MySQL, PostgreSQL, Oracle, EAP, EAP-MD5, EAP-SIM, EAP-TLS, EAP-TTLS, EAP-PEAP and Cisco LEAP. Supports proxying, failover and load balancing. Support for writing own auth modules. Mailing list is pretty active. Documentation can be a pain in the ass though. There are some others (ie. PowerRadius, WinRadius) but they are not opensource :( It seems that the best option we have is FreeRadius. Does anyboby have a different point of view? Héctor ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 Hector.Ortiz-Zc0CTiu5wcBWk0Htik3J/w< at >public.gmane.org 2006-10-17T10:01:44 http://permalink.gmane.org/gmane.network.freenac.devel/22 Hi, here is a short discussion about all the OpenSource RADIUS servers available to tie in 802.1X support in FreeNAC. Cistron RADIUS It is the predecessor of FreeRadius. It is still maintained because lots of people still use it, but it will not get any major new functionality (SQL, LDAP, etc) as FreeRadius. ICRADIUS A variant of Cistron, with MySQL support, and a web-based front end. Not much info available at the moment (web site has some technical difficulties). XtRADIUS Another Cistron variant, with extension for running external programs for accounting or authentication. This RADIUS performs authentication using either a radius users file, or the system password file, or an external script. Documentation is scarce and it doesn't appear to be actively maintained. OpenRADIUS Support for LDAP, SQL. The authentication can be fully customizable. Everything is a pluggable, completely under the control of the administrator. Lacks some documentation though. GNU-radius Authentication schemes somewhat limited (system database, internal database, SQL auth, PAM auth). Allows for SNMP management. Ability to rewrite RADIUS requests from various NASs to normalize them to a more understandable format, as well as the ability to completely customize the behavior of radius authentication and accounting based on NAS and user attributes. Mailing list not very active. Yard RADIUS Derived from the original Livingston radius server. It doesn't support MySQL and LDAP.Development seems not very active at the moment. Doesn't support multi-threading. JRADIUS It is not a standalone server, it's a java plugin for FreeRadius which talks to a Java server, allowing you to write RADIUS handlers in Java. FreeRadius Includes a PAM authentication module and Apache authentication modules. Comes with a PHP-based web user administration tool, support for LDAP, MySQL, PostgreSQL, Oracle, EAP, EAP-MD5, EAP-SIM, EAP-TLS, EAP-TTLS, EAP-PEAP and Cisco LEAP. Supports proxying, failover and load balancing. Support for writing own auth modules. Mailing list is pretty active. Documentation can be a pain in the ass though. There are some others (ie. PowerRadius, WinRadius) but they are not opensource :( It seems that the best option we have is FreeRadius. Does anyboby have a different point of view? Héctor ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 Hector.Ortiz-Zc0CTiu5wcBWk0Htik3J/w< at >public.gmane.org 2006-10-17T10:01:44 Search the mailing list at Gmane query http://search.gmane.org/?group=$group=gmane.network.freenac.devel