[RADIATOR] blank outer identity - best practice
Hugh Irvine
hugh at open.com.au
Fri Dec 11 17:09:34 CST 2009
Hello Alan -
I'm not sure I understand the question, as the outer identity (I'm assuming you mean User-Name?) doesn't really matter.
For EAP the outer Handler is only responsible for setting up the tunnel - it doesn't do any username checking.
You would typically have different Handlers, with the outer Handler just using an AuthBy FILE clause:
.....
<Handler TunnelledByPEAP = 1>
.....
</Handler>
<Handler TunnelledByTTLS = 1>
.....
</Handler>
<Handler>
<AuthBy FILE>
.....
Filename %D/anonymous.user
</AuthBy>
</Handler>
File "%D/anonymous.user" would just contain something like this:
# anonymous.user
# this is just a placeholder
anonymous Encrypted-Password = _this_will_never_match_anything_
hope that helps
regards
Hugh
On 11 Dec 2009, at 22:26, Alan Buxey wrote:
> hi,
>
> sorry for what appears to be a newbie question but I am seeking
> clarification on a configuration question - what is the best way of dealing
> with a (legal) blank outer identity for EAP requests? just a blank
> entry in %D/users or a handler/perl combination?
>
> many thanks
>
> alan
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list