[RADIATOR] Enforce EAPTLS

Markus Moeller huaraz at moeller.plus.com
Fri Dec 20 09:51:40 CST 2013


That sounds like a good idea.

Thank you
Markus

-----Original Message----- 
From: Heikki Vatiainen
Sent: Friday, December 20, 2013 3:23 PM
To: radiator at open.com.au
Subject: Re: [RADIATOR] Enforce EAPTLS

On 12/20/2013 04:40 PM, Markus Moeller wrote:

>    That might work, but accounting requests won’t have EAP-Message AV
> pairs. How could I identify them ?

You could add a separate Handler for the accounting messages.

<Handler Request-Type=Accounting-Request>

Sometimes this also makes the configuration easier to understand since
the Handler does not have to be configured for both authentication and
accounting.

Maybe something like this:

# All accounting handled here
<Handler Request-Type=Accounting-Request>

# Only EAP is handled here
<Handler AuthType="radius", EAP-Message=/.+/>

# This handles rest of requests with AuthType="radius"
<Handler AuthType="radius">

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
radiator at open.com.au
http://www.open.com.au/mailman/listinfo/radiator




More information about the radiator mailing list