(RADIATOR) Secure reliable Radius? Now available for beta testing.

Wed Feb 9 14:51:43 CST 2005

Hello Ray,

On Thursday 10 February 2005 05:08, Ray Van Dolson wrote:
> So probably the best scenario for this would to have a Radiator server in
> each of our remote "locations" running in normal UDP mode since the NAS's
> obviously don't support your protocol.  Then the Radiator server would
> proxy the requests onward to the central one via TCP ... correct?

Yes, that would be a reasonable scenario.

>
> Would anyone at the Radiator offices be interested in contracting to
> rewrite the Radius client that comes with pppd (free from the Samba
> project) to support your new protocol and be a bit more robust in general?
> :-)
That smiley makes me think you are not serious, but yes.

Cheers.

>
> Ray
>
> On Tue, Feb 08, 2005 at 08:55:45PM +1000, Mike McCauley wrote:
> > Hello again,
> >
> > Thanks to all for the responses to this idea.
> >
> > We now have a Radiator implementation available for beta testing.
> >
> > The new protocol is called RadSec.
> >
> > The beta code provides a TCP (or SCTP) connection between a Radiator
> > <AuthBy RADSEC> client and a Radiator <ServerRADSEC> server. It allows
> > any type of radius request to be proxied from the AuthBy RADSEC to the
> > ServerRADSEC  and then handled as configured in the RadSec server.
> > Replies will be carried back to the RadSec client and thence to the
> > original requester. WE have tried to make it as much like AuthBy RADIUS
> > as possible and sensible.
> >
> > The beta copes with disconnections by trying to reconnect at intervals.
> > It can handle IPV4 or IPV6 addresses. The server can listen on multiple
> > BindAddresses. The server can accept connections from multiple clients.
> >
> > The RadSec connection can optionally be encrypted with TLS and optionally
> > requires mutual authentication of client and server using PKI
> > certificates.
> >
> > There are sample config files radsec-client.cfg which shows how to
> > configure to proxy to radsec-server.cfg. If you have Net::SSLeay
> > available, you can also enable UseTLS and use the Radiator sample
> > certificates to encrypt the TLS traffic.
> >
> > The beta code and example config files are now available in the Radiator
> > 3.11 patch set. It has been tested so far on Linux, Solaris, NetBSD,
> > Windows XP and Server 2003 and with Perl 5.6 and 5.8, and on x86 and
> > Sparc processors.
> >
> > Beta testers are invited to test this code in a real-world environment
> > and report issues and suggestions direct to me.
> >
> > Hope some people find this useful.
> >
> > On behalf of the development team:
> > Cheers.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.