(RADIATOR) PAP authentication amidst various EAP types
Hugh Irvine
hugh at open.com.au
Tue Jan 30 00:45:48 CST 2007
Hello Peter -
Your default Handler can do something like this:
<Handler>
AuthByPolicy ContinueUntilAccept
<AuthBy FILE>
# do your local check
Filename %D/......
</AuthBy>
<AuthBy RADIUS>
# proxy everything else
.....
</AuthBy>
</Handler>
hope that helps
regards
Hugh
On 29 Jan 2007, at 22:49, Peter Bates wrote:
>
> Hello all...
>
> Apologies for the bad subject, I couldn't really think of anything
> very clear.
>
> We have an institutional Radius server (Radiator 3.16) which is used
> as part of a National (and wider) system to authenticate users to
> our wireless network.
>
> My first Handlers in the radius configuration are client specific,
> so I'll ignore those.
>
> We then have
>
> <Handler TunnelledByPEAP=1>
> xxx
> xxx
> </Handler>
>
> <Handler TunnelledByTTLS=1>
> xxx
> xxx
> </Handler>
>
> <Handler Realm=lshtm.ac.uk>
> AuthBy TUNNEL (which unpacks the EAP requests)
> </Handler>
>
> <Handler Realm= >
> AuthBy TUNNEL (ditto)
> </Handler>
>
> <Handler>
> AuthBy ... other requests are proxied out to another RADIUS server
> </Handler>
>
> I would like to handle PAP/cleartext requests from a known client,
> but then all other requests from that same client hit the same
> handler.
> I tried using 'TunnelledByTTLS=0' for example in my handler to no
> avail.
>
> I appreciate this is a bit convoluted but any suggestions
> gratefully received.
>
>
>
> --
>
> ----------------------------------------------------------------------
> ----------------------------->
> Peter Bates, Systems Support Officer, IT Services.
> London School of Hygiene & Tropical Medicine.
> Telephone:0207-958 8353 / Fax: 0207- 636 9838
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list