[RADIATOR] Enforce EAPTLS

Heikki Vatiainen hvn at open.com.au
Fri Dec 20 09:23:24 CST 2013


On 12/20/2013 04:40 PM, Markus Moeller wrote:

>    That might work, but accounting requests won’t have EAP-Message AV
> pairs. How could I identify them ?

You could add a separate Handler for the accounting messages.

<Handler Request-Type=Accounting-Request>

Sometimes this also makes the configuration easier to understand since
the Handler does not have to be configured for both authentication and
accounting.

Maybe something like this:

# All accounting handled here
<Handler Request-Type=Accounting-Request>

# Only EAP is handled here
<Handler AuthType="radius", EAP-Message=/.+/>

# This handles rest of requests with AuthType="radius"
<Handler AuthType="radius">

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list