[RADIATOR] AuthByFreeRaidusSQL and EAP authentication

Brandon Shiers brandon.shiers at cerento.com
Mon Aug 3 22:46:25 UTC 2020 

Heikki,

Thank you for the reply!  I did get the certificate issue sorted out.  I am now having issues with getting reply attributes back to the radio.  

I am passing them back but the radio is only taking select options.  I think it's a firmware issue as we've had to roll out new firmware since we started this project and unfortunately I'm waiting for the vendor.  The odd thing (and I have their dictionary loaded), it will accept one of their VSA's but not the rest.  Standard things like Framed-IP-Adddress works just fine.  I am having an issue with the RADIUS DB for some reason over-writing the password when using the DB for the lookups I haven't figured that one out yet.  

Thanks,
Brandon Shiers, RF Engineer
937 West Main Street
Riverton, WY 82501
307.857.6704 (o)
307.840.2366 (c)
307.856.1499 (f)
brandon.shiers at cerento.com

-----Original Message-----
From: radiator On Behalf Of Heikki Vatiainen
Sent: Wednesday, July 29, 2020 6:34 AM
To: radiator at lists.open.com.au
Subject: Re: [RADIATOR] AuthByFreeRaidusSQL and EAP authentication

On 27.7.2020 19.16, Brandon Shiers wrote:

> Will it support EAPTLS for authentication out in front of the actual 
> database lookup for the username, password and reply attributes?

Is that EAP-TLS or EAP-TTLS? With EAP-TLS a password is not needed and SQL can be optionally be used to check that the certificate subject is known. It can also fetch reply attributes. I'm not sure I have used with Freeradius SQL but with AuthBy SQL it works.

With EAP-TTLS it should also work with SQL backend, but I don't think I've yet tried with Freeradius specific module.

The certificate problems are not related to this because they happen before SQL access.

Thanks,
Heikki


--
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory, EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
_______________________________________________
radiator mailing list
radiator at lists.open.com.au
https://lists.open.com.au/mailman/listinfo/radiator

More information about the radiator mailing list