(RADIATOR) EAP-TTLS and Radmin accounting
Hugh Irvine
hugh at open.com.au
Fri Apr 15 17:40:10 CDT 2005
Hello Nacho -
You should probably just use Handlers instead of mixing Realms and
Handlers.
<Handler TunnelledByTTLS=1, Realm=wireless>
.....
</Handler>
<Handler Realm=wireless>
.....
</Handler>
In general it is not a good idea to mix Realms and Handlers in the same
configuration file (for the reasons you have discovered).
regards
Hugh
On 16 Apr 2005, at 02:11, Nacho Paredes wrote:
> Hello all,
>
> I want EAP-TTLS authentication and Radmin administration and
> accounting.
>
> Firstly I made a rough approach to the config file as follows:
>
> <Realm wireless>
> <AuthBy File>
> Filename /etc...
>
> (EAP Options)
>
> </AuthBy>
> </Realm>
>
> <Handler TunnelledByTTLS=1>
> AuthByPolicy ContinueWhileAccept
>
> <AuthBy RADMIN>
> blah, blah, blah
> </AuthBy>
> </Handler>
>
> I append @wireless to every request coming from the access point. So
> the
> outer authentication is handled by <Realm wireless>. I created a
> simple user
> file which just contains an anonymous user with no password, so it
> always
> authenticates.
>
> Then the inner authentication is handled by the TunnelledByttls which
> goes
> against the Radmin database.
>
> This works fine with authentication, but since the accounting requests
> will
> be handled by <Realm wireless>, nothing will go to the Radmin database.
> So I've replaced the <AuthBy File> with another <AuthBy Radmin> (and
> added
> an anonymous user to the Radmin database)
> Now, despite some problems with the hooks for the anonymous
> accounting, it
> works fine, but I find the following problems:
>
> It is not very elegant
> An user which logs as anonymous is always authenticated
>
> Could you please tell me what am I missing to get a propoer EAP-TTLS
> authentication and Radmin accounting?
>
> Thanks on advance
>
> --------------------------------------------------------------------
> Ignacio Paredes | email: iparedes at eurocomercial.es
> Eurocomercial I&C, S.A. | Tel: +34 98 5195703
> Ezcurdia, 194 - Gijon (AS) | Fax: +34 98 5132596
> --------------------------------------------------------------------
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list