(RADIATOR) PAP authentication amidst various EAP types

Hugh Irvine hugh at open.com.au
Tue Jan 30 00:45:48 CST 2007


Hello Peter -

Your default Handler can do something like this:


<Handler>

	AuthByPolicy ContinueUntilAccept

	<AuthBy FILE>
		# do your local check
		Filename %D/......
	</AuthBy>

	<AuthBy RADIUS>
		# proxy everything else
		.....
	</AuthBy>

</Handler>


hope that helps

regards

Hugh


On 29 Jan 2007, at 22:49, Peter Bates wrote:

>
> Hello all...
>
> Apologies for the bad subject, I couldn't really think of anything  
> very clear.
>
> We have an institutional Radius server (Radiator 3.16) which is used
> as part of a National (and wider) system to authenticate users to  
> our wireless network.
>
> My first Handlers in the radius configuration are client specific,  
> so I'll ignore those.
>
> We then have
>
> <Handler TunnelledByPEAP=1>
> xxx
> xxx
> </Handler>
>
> <Handler TunnelledByTTLS=1>
> xxx
> xxx
> </Handler>
>
> <Handler Realm=lshtm.ac.uk>
> AuthBy TUNNEL (which unpacks the EAP requests)
> </Handler>
>
> <Handler Realm= >
> AuthBy TUNNEL (ditto)
> </Handler>
>
> <Handler>
> AuthBy ... other requests are proxied out to another RADIUS server
> </Handler>
>
> I would like to handle PAP/cleartext requests from a known client,
> but then all other requests from that same client hit the same  
> handler.
> I tried using 'TunnelledByTTLS=0' for example in my handler to no  
> avail.
>
> I appreciate this is a bit convoluted but any suggestions  
> gratefully received.
>
>
>
> -- 
>
> ---------------------------------------------------------------------- 
> ----------------------------->
> Peter Bates, Systems Support Officer, IT Services.
> London School of Hygiene & Tropical Medicine.
> Telephone:0207-958 8353 / Fax: 0207- 636 9838
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list