[RADIATOR] How to differentiate between an EAP request and a normal request ?
Hugh Irvine
hugh at open.com.au
Sat Sep 26 17:04:01 CDT 2009
Hello Markus -
In that case, try this:
# EAP Handler
<Handler EAP-Message = /.+>
.....
</Handler>
# Non-EAP Handler
<Handler>
.....
</Handler>
regards
Hugh
On 26 Sep 2009, at 20:48, Markus Moeller wrote:
> The device does EAP MD5-Challenge for MAC address authentication and
> I don't think I need anything else (except the EAP command in the
> Authby FILE section)
>
> So I get from the same IP a request for username/password
> authentication and a request for EAP MD5-Challenge authentication
> and I have to handle both requests differently (e.g. use different
> databases)
>
> Markus
>
> ----- Original Message ----- From: "Hugh Irvine" <hugh at open.com.au>
> To: "Markus Moeller" <huaraz at moeller.plus.com>
> Cc: <radiator at open.com.au>
> Sent: Saturday, September 26, 2009 10:03 AM
> Subject: Re: [RADIATOR] How to differentiate between an EAP request
> and a normal request ?
>
>
>>
>> Hello Markus -
>>
>> You don't mention EAP - what devices are doing EAP?
>>
>> If you have some EAP and some not, it probably makes more sense to
>> do something like this:
>>
>> .....
>>
>> <Client n.n.n.n>
>> Identifier TheSwitchThatNeedsSomethingSpecial
>> .....
>> </Client>
>>
>> ......
>>
>> <Handler TunnelledByTTLS = 1>
>> .....
>> </Handler>
>>
>> <Handler TunneledByPEAP = 1>
>> ......
>> </Handler>
>>
>> <Handler EAP-Message = /.+>
>> .....
>> </Handler>
>>
>> <Handler Client-Identifier = TheSwitchThatNeedsSomethingSpecial>
>> .....
>> </Handler>
>>
>> <Handler>
>> .....
>> </Handler>
>>
>> .....
>>
>> regards
>>
>> Hugh
>>
>>
>> On 26 Sep 2009, at 05:38, Markus Moeller wrote:
>>
>>> I have a switch which does administrative user authentication and
>>> MAC address authentication via Radius.
>>>
>>> Is this the best way to treat the request differently ?
>>>
>>> <Handler EAP-Message=/.+/,Message-Authenticator=/.+/>
>>> AuthBy MACAuth
>>> </Handler>
>>>
>>> <Handler>
>>> AuthBy UserAuth
>>> </Handler>
>>>
>>> Thank you
>>> Markus
>>> _______________________________________________
>>> radiator mailing list
>>> radiator at open.com.au
>>> http://www.open.com.au/mailman/listinfo/radiator
>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/archives/radiator
>> )?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>> Have you checked the RadiusExpert wiki:
>> http://www.open.com.au/wiki/index.php/Main_Page
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> Includes support for reliable RADIUS transport (RadSec),
>> and DIAMETER translation agent.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator
)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list