(RADIATOR) chap and multiple radius proxying

Hugh Irvine hugh at open.com.au
Sat Apr 30 03:00:34 CDT 2005 

Hello Tariq -

I suggest you do some experiments to find out (it should work).

regards

Hugh


On 29 Apr 2005, at 23:23, Tariq Rashid wrote:

>
> hi,
>
> will CHAP authentication work though radius proxying - multiple 
> proxying
> even.
>
> PAP will, but with CHAP you have a challenge sent back to the client - 
> in
> theory it should make its way back to the client, which then responds 
> to the
> challenge. does this work in practise?
>
> a further complication is that a first layer of proxy radius servers 
> will
> forward the request to one of a group of secondary radius servers, 
> before
> finally sending the request to the target home servers. the issue i 
> see is
> that the reponse to the challenge may go via a different second layer 
> - even
> though it should still reach the target home server.
>
> does anyone have experience in this?
>
> diagram:
>
>   <client> ----> <proxy 1> ----> <proxy A> -------> <target radius>
>                         |                          /
>                         \------> <proxy B? -------
>
> the problem i see is that the initial request goes via proxy1 and 
> proxyA to
> the target, which sends back a challenge, which makes its way back to 
> the
> client. the client responds but this time the proxy1 balances the 
> request to
> proxyB - will te target radius fail or ignore this final step of the 
> CHAP
> handshake?
>
> tariq
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive 
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list