[RADIATOR] How to differentiate between an EAP request and a normal request ?

Markus Moeller huaraz at moeller.plus.com
Sat Sep 26 05:48:41 CDT 2009


The device does EAP MD5-Challenge for MAC address authentication and I don't 
think I need anything else (except the EAP command in the Authby FILE 
section)

So I get from the same IP a request for username/password authentication and 
a request for EAP MD5-Challenge authentication and I have to handle both 
requests differently (e.g. use different databases)

Markus

----- Original Message ----- 
From: "Hugh Irvine" <hugh at open.com.au>
To: "Markus Moeller" <huaraz at moeller.plus.com>
Cc: <radiator at open.com.au>
Sent: Saturday, September 26, 2009 10:03 AM
Subject: Re: [RADIATOR] How to differentiate between an EAP request and a 
normal request ?


>
> Hello Markus -
>
> You don't mention EAP - what devices are doing EAP?
>
> If you have some EAP and some not, it probably makes more sense to do 
> something like this:
>
> .....
>
> <Client n.n.n.n>
> Identifier TheSwitchThatNeedsSomethingSpecial
> .....
> </Client>
>
> ......
>
> <Handler TunnelledByTTLS = 1>
> .....
> </Handler>
>
> <Handler TunneledByPEAP = 1>
> ......
> </Handler>
>
> <Handler EAP-Message = /.+>
> .....
> </Handler>
>
> <Handler Client-Identifier = TheSwitchThatNeedsSomethingSpecial>
> .....
> </Handler>
>
> <Handler>
> .....
> </Handler>
>
> .....
>
> regards
>
> Hugh
>
>
> On 26 Sep 2009, at 05:38, Markus Moeller wrote:
>
>> I have a switch which does administrative user authentication and  MAC 
>> address authentication via Radius.
>>
>> Is this the best way to treat the request differently ?
>>
>> <Handler EAP-Message=/.+/,Message-Authenticator=/.+/>
>>   AuthBy MACAuth
>> </Handler>
>>
>> <Handler>
>>   AuthBy UserAuth
>> </Handler>
>>
>> Thank you
>> Markus
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive 
> (www.open.com.au/archives/radiator )?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
> 




More information about the radiator mailing list