[RADIATOR] Radiator EAP-TTLS and Aruba
Bob Shafer
bshafer at du.edu
Tue Jun 30 05:39:03 CDT 2009
I attempted to resolve the User-Name issue with EAP-TTLS by using the
eap-anon-hook. It worked okay, but I was not comfortable using the
supplicant's MAC level address, in the calling-station-id, and the only
consistent attribute reported in both authentication and accounting
packets, that could be used as a key.
When I contacted Aruba support they suggested this:
"Aruba controller can only review the
outer-eap-id only. On Freeradius, there is a "copy to outer tunnel"
option under eap.conf which should allow the Radius server to reply
inner-eap-id to User-Name on radius access accept packet to the Aruba
controller. There is also similar support on the Juniper's steel-belted
radius. There may be similar on radiator. Aruba controller will take
this returned User-Name attribute and replace the outer-eap-id from
client and utilize it in radius accounting as well as "show user-table"
output."
I understand what the want, and have an idea about how I might implement
this, but wondered if someone else had already invented the wheel?
If not, I'm open to ideas about how best to implement it.
Thanks,
Bob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3577 bytes
Desc: S/MIME Cryptographic Signature
Url : http://www.open.com.au/pipermail/radiator/attachments/20090630/fd10ee07/attachment.bin
More information about the radiator
mailing list