[RADIATOR] How to differentiate between an EAP request and a normal request ?

Hugh Irvine hugh at open.com.au
Sat Sep 26 17:04:01 CDT 2009


Hello Markus -

In that case, try this:


# EAP Handler

<Handler EAP-Message = /.+>
.....
</Handler>

# Non-EAP Handler

<Handler>
.....
</Handler>


regards

Hugh


On 26 Sep 2009, at 20:48, Markus Moeller wrote:

> The device does EAP MD5-Challenge for MAC address authentication and  
> I don't think I need anything else (except the EAP command in the  
> Authby FILE section)
>
> So I get from the same IP a request for username/password  
> authentication and a request for EAP MD5-Challenge authentication  
> and I have to handle both requests differently (e.g. use different  
> databases)
>
> Markus
>
> ----- Original Message ----- From: "Hugh Irvine" <hugh at open.com.au>
> To: "Markus Moeller" <huaraz at moeller.plus.com>
> Cc: <radiator at open.com.au>
> Sent: Saturday, September 26, 2009 10:03 AM
> Subject: Re: [RADIATOR] How to differentiate between an EAP request  
> and a normal request ?
>
>
>>
>> Hello Markus -
>>
>> You don't mention EAP - what devices are doing EAP?
>>
>> If you have some EAP and some not, it probably makes more sense to  
>> do something like this:
>>
>> .....
>>
>> <Client n.n.n.n>
>> Identifier TheSwitchThatNeedsSomethingSpecial
>> .....
>> </Client>
>>
>> ......
>>
>> <Handler TunnelledByTTLS = 1>
>> .....
>> </Handler>
>>
>> <Handler TunneledByPEAP = 1>
>> ......
>> </Handler>
>>
>> <Handler EAP-Message = /.+>
>> .....
>> </Handler>
>>
>> <Handler Client-Identifier = TheSwitchThatNeedsSomethingSpecial>
>> .....
>> </Handler>
>>
>> <Handler>
>> .....
>> </Handler>
>>
>> .....
>>
>> regards
>>
>> Hugh
>>
>>
>> On 26 Sep 2009, at 05:38, Markus Moeller wrote:
>>
>>> I have a switch which does administrative user authentication and   
>>> MAC address authentication via Radius.
>>>
>>> Is this the best way to treat the request differently ?
>>>
>>> <Handler EAP-Message=/.+/,Message-Authenticator=/.+/>
>>>  AuthBy MACAuth
>>> </Handler>
>>>
>>> <Handler>
>>>  AuthBy UserAuth
>>> </Handler>
>>>
>>> Thank you
>>> Markus
>>> _______________________________________________
>>> radiator mailing list
>>> radiator at open.com.au
>>> http://www.open.com.au/mailman/listinfo/radiator
>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/archives/radiator 
>>  )?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>> Have you checked the RadiusExpert wiki:
>> http://www.open.com.au/wiki/index.php/Main_Page
>>
>> -- 
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> Includes support for reliable RADIUS transport (RadSec),
>> and DIAMETER translation agent.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>
>



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator 
)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.




More information about the radiator mailing list