(RADIATOR) Secure reliable Radius? Now available for beta testing.

Ray Van Dolson rayvd at corp.digitalpath.net
Wed Feb 9 13:08:28 CST 2005


So probably the best scenario for this would to have a Radiator server in each
of our remote "locations" running in normal UDP mode since the NAS's obviously
don't support your protocol.  Then the Radiator server would proxy the
requests onward to the central one via TCP ... correct?

Would anyone at the Radiator offices be interested in contracting to rewrite
the Radius client that comes with pppd (free from the Samba project) to
support your new protocol and be a bit more robust in general? :-)

Ray

On Tue, Feb 08, 2005 at 08:55:45PM +1000, Mike McCauley wrote:
> Hello again,
> 
> Thanks to all for the responses to this idea.
> 
> We now have a Radiator implementation available for beta testing.
> 
> The new protocol is called RadSec.
> 
> The beta code provides a TCP (or SCTP) connection between a Radiator <AuthBy 
> RADSEC> client and a Radiator <ServerRADSEC> server. It allows any type of 
> radius request to be proxied from the AuthBy RADSEC to the ServerRADSEC  and 
> then handled as configured in the RadSec server. Replies will be carried back 
> to the RadSec client and thence to the original requester. WE have tried to 
> make it as much like AuthBy RADIUS as possible and sensible.
> 
> The beta copes with disconnections by trying to reconnect at intervals. It can 
> handle IPV4 or IPV6 addresses. The server can listen on multiple 
> BindAddresses. The server can accept connections from multiple clients.
> 
> The RadSec connection can optionally be encrypted with TLS and optionally 
> requires mutual authentication of client and server using PKI certificates.
> 
> There are sample config files radsec-client.cfg which shows how to configure 
> to proxy to radsec-server.cfg. If you have Net::SSLeay available, you can 
> also enable UseTLS and use the Radiator sample certificates to encrypt the 
> TLS traffic.
> 
> The beta code and example config files are now available in the Radiator 3.11 
> patch set. It has been tested so far on Linux, Solaris, NetBSD, Windows XP 
> and Server 2003 and with Perl 5.6 and 5.8, and on x86 and Sparc processors.
> 
> Beta testers are invited to test this code in a real-world environment and 
> report issues and suggestions direct to me.
> 
> Hope some people find this useful.
> 
> On behalf of the development team:
> Cheers.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list