[RADIATOR] Enhancement for AuthDNSROAM/EduRoam and goodies suggestion
Mike McCauley
mikem at open.com.au
Mon Apr 2 16:42:59 CDT 2012
Hi Bjoern and others,
thanks for your patch. It is now in the latest patch set.
I take it you would like to see the included AllowInReply parameter included
in the sample goodies/dnsroam.cfg?
If you have other suggestions for improving the example goodies/dnsroam.cfg I
would welcome that too.
Ceers.
On Thursday, March 29, 2012 05:04:13 PM Bjoern A. Zeeb wrote:
> Hi Mike, all,
>
> A patch and a suggestion for goodies below.
>
> A lot of people seem to use Radiator with EduRoam and after two
> debugging sessions, the first to find the cause why it's not working
> for a user and the 2nd to apply the below patch, things are significantly
> starting to improve for a couple of users who's IdPs send out weird
> atttributed incl. VLAN asignments etc.
>
> Not sure if we should pass down all section 5.7.18 ref.pdf options
> down from the AuthDNSROAM patch below, but these two seem essential
> as having them in and not working might lead to unexpected results.
>
> My somehow excessive attribute filter list fuer Eduroam currently is
> AllowInReply User-Name, \
> Class, \
> Framed-Protocol, \
> Service-Type, \
> EAP-Message, \
> Message-Authenticator, \
> MS-MPPE-Send-Key, \
> MS-MPPE-Recv-Key, \
> MS-CHAP-Domain, \
> MS-CHAP2-Success, \
> Proxy-State
>
> with Framed-Protocol at least being excessive and should
> probably be static and Service-Type probably be restricted.
>
> I wonder if others have a comment on that list; I have been told
> another (open source) radius software comes with a pre-defined
> list but have not checked, so I think putting that into goodies,
> if not there yet, for AuthDNSRoam/Eduraom samples would be an
> excellent idea:)
>
>
> Special thanks go to Stefan Winter and Ronald van der Pol for
> the debugging sessions to figure out the VLAN problem while here
> at IETF83.
>
> Apart from that Radiator seems to do great wrt to DNSRoam and
> I am looking forward for the draft to be updated and the latest
> things that have been offically assigned to be sorted. Great!
> Thanks a lot for that!
>
> Thanks,
> /bz
>
> --- AuthDNSROAM.pm.orig 2011-09-29 21:51:05.000000000 +0000
> +++ AuthDNSROAM.pm 2012-03-29 16:16:09.000000000 +0000
> @@ -285,6 +285,7 @@ sub addRoute
> (qw(Address Transport Protocol Port UseTLS SRVName
>
> StripFromRequest AddToRequest ReplyHook ReplyHook.compiled
> NoReplyHook NoReplyHook.compiled + StripFromReply AllowInReply
> NoForwardAuthentication NoForwardAccounting AllowInRequest
>
> NoreplyTimeout IgnoreReject
> @@ -390,6 +391,7 @@ sub handle_request
> (map {defined $self->{$_} ? ($_ => $self->{$_}) : ()}
> (qw(Port Secret
> StripFromRequest AddToRequest ReplyHook
> ReplyHook.compiled NoReplyHook NoReplyHook.compiled +
> StripFromReply AllowInReply
> NoForwardAuthentication NoForwardAccounting
> AllowInRequest NoreplyTimeout IgnoreReject
> IgnoreAccountingResponse MaxBufferSize
> @@ -414,6 +416,7 @@ sub handle_request
> # Copy parameters from $self:
> (map {defined $self->{$_} ? ($_ => $self->{$_}) : ()}
> (qw(StripFromRequest AddToRequest ReplyHook
> ReplyHook.compiled NoReplyHook NoReplyHook.compiled +
> StripFromReply AllowInReply
> NoForwardAuthentication NoForwardAccounting
> AllowInRequest AuthPort AcctPort Secret Retries RetryTimeout
> UseOldAscendPasswords ServerHasBrokenPortNumbers ServerHasBrokenAddresses
> IgnoreReplySignature
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
More information about the radiator
mailing list