[RADIATOR] 802.1x , EAP error

Heikki Vatiainen hvn at open.com.au
Tue Apr 2 05:22:23 CDT 2013


On 03/31/2013 02:24 PM, Jeffrey Lee wrote:
> Hi Alan,
> 
> Thanks for the reply... was referring to proxy for EAP authentication,
> not the usual proxy AAA.

When looking at RADIUS requests, the EAP authentication is just data in
EAP-Message attribute. You can proxy it like any other RADIUS request.

> Hi Heikki,
> 
> It seems that if I forward all EAP request to foreign AAA, I won't be
> able to capture the accounting logs since my proxy server won't be able
> to see the inner request.

No, you will not see the inner request when proxying RADIUS messages
carrying e.g., PEAP. However, the Accounting messages that follow
successful authentication are not tunnelled. They are simply plain old
RADIUS accounting messages.

> Would setting up EAP authentication on my AAA be a better option and
> only forward AAA (without EAP) to the foreign AAA?
> If so, how do I configure this, assuming it's EAP-PEAP ?

Hmm, not sure about what you mean here, but maybe considering the above
clarifies how EAP authentication with RADIUS transport and the
subsequent accounting sessions are related.

Thanks,
Heikki

> 
> Thanks,
> Jeff
> 
> 
> 
> On Sat, Mar 30, 2013 at 10:24 PM, <A.L.M.Buxey at lboro.ac.uk
> <mailto:A.L.M.Buxey at lboro.ac.uk>> wrote:
> 
>     Hi,
> 
>     >    If I'm trying to relay an 802.1x authentication to another
>     proxy AAA
>     >    server, can I just proxy without processing EAP request (to
>     find the inner
>     >    EAP request info?)
> 
>     yes... eg
> 
>     <Handler Realm = "realm.org <http://realm.org>">
>             <AuthBy RADIUS>
>                     <Host 192.168.1.1>
>                     Secret topsecret
>                     </Host>
>                     <Host 192.168.4.5>
>                     Secret youllnever know
>                     </Host>
>             </AuthBy>
>     </Handler>
> 
> 
>     or just a plain
> 
>     <Realm realm.org <http://realm.org>> wrapper
> 
> 
>     read proxy.cfg and proxyalgorithm.cfg in goodies
> 
>     alan
> 
> 


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list