(RADIATOR) chap and multiple radius proxying
Hugh Irvine
hugh at open.com.au
Sat Apr 30 03:00:34 CDT 2005
Hello Tariq -
I suggest you do some experiments to find out (it should work).
regards
Hugh
On 29 Apr 2005, at 23:23, Tariq Rashid wrote:
>
> hi,
>
> will CHAP authentication work though radius proxying - multiple
> proxying
> even.
>
> PAP will, but with CHAP you have a challenge sent back to the client -
> in
> theory it should make its way back to the client, which then responds
> to the
> challenge. does this work in practise?
>
> a further complication is that a first layer of proxy radius servers
> will
> forward the request to one of a group of secondary radius servers,
> before
> finally sending the request to the target home servers. the issue i
> see is
> that the reponse to the challenge may go via a different second layer
> - even
> though it should still reach the target home server.
>
> does anyone have experience in this?
>
> diagram:
>
> <client> ----> <proxy 1> ----> <proxy A> -------> <target radius>
> | /
> \------> <proxy B? -------
>
> the problem i see is that the initial request goes via proxy1 and
> proxyA to
> the target, which sends back a challenge, which makes its way back to
> the
> client. the client responds but this time the proxy1 balances the
> request to
> proxyB - will te target radius fail or ignore this final step of the
> CHAP
> handshake?
>
> tariq
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list