[RADIATOR] Enforce EAPTLS
Markus Moeller
huaraz at moeller.plus.com
Fri Dec 20 09:51:40 CST 2013
That sounds like a good idea.
Thank you
Markus
-----Original Message-----
From: Heikki Vatiainen
Sent: Friday, December 20, 2013 3:23 PM
To: radiator at open.com.au
Subject: Re: [RADIATOR] Enforce EAPTLS
On 12/20/2013 04:40 PM, Markus Moeller wrote:
> That might work, but accounting requests won’t have EAP-Message AV
> pairs. How could I identify them ?
You could add a separate Handler for the accounting messages.
<Handler Request-Type=Accounting-Request>
Sometimes this also makes the configuration easier to understand since
the Handler does not have to be configured for both authentication and
accounting.
Maybe something like this:
# All accounting handled here
<Handler Request-Type=Accounting-Request>
# Only EAP is handled here
<Handler AuthType="radius", EAP-Message=/.+/>
# This handles rest of requests with AuthType="radius"
<Handler AuthType="radius">
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
radiator at open.com.au
http://www.open.com.au/mailman/listinfo/radiator
More information about the radiator
mailing list