[RADIATOR] <AuthBy EAPBALANCE> with Microsoft IAS BackEnd

Heikki Vatiainen hvn at open.com.au
Wed Feb 6 11:04:58 CST 2013


On 02/06/2013 01:04 PM, Vicaretti Vincenzo (Guest) wrote:

> i want use the EAPBALANCE method for balance the access-request and
> ensure all EAP requests relating to a single session always go to the
> same target RADIUS server (Microsoft IAS)

That should work with EAPBALANCE without any extra configuration from
IAS if you are not using FarmSize (server farm) on Radiator.

> I don’t understand if the UseContentsForDuplicateDetection attribute is
> supported by Microsoft IAS.

It's quite likely not supported.

> I want use the Handler for filter the access-request packet based
> Client-Identifier and Realm
>
> <Handler Client-Identifier=switch,User-Name=/^host\/.*test$/>

The above should match requests that come from Client with 'Identifier
switch' and have User-Name 'host/<whatever>test'.

> I can use EAPBALANCE with Handler method?

You can use AuthBy EAPBALANCE with any Handler.

> The last question:
> 
> is add fake attribute on packet with hook for print the eap method on
> logfile:
> 
> PreProcessingHook sub { ${$_[0]}->add_attr('EAPType', 'EAP-TLS');}
> 
> It’s ok this approach with EAPBALANCE?

Should be. EAPBALANCE uses State attribute and Calling-Station-Id and
User-Name for the first EAP request in the EAP session, as specified in
the reference manual.

> This is my configuration:

It should be fine with IAS provided you are not using ServerFarm.

Thanks,
Heikki


> <Handler Client-Identifier=switch,User-Name=/^host\/.*test$/>
> 
>   <AuthBy EAPBALANCE>
> 
>         FailureBackoffTime 60
> 
>         RetryTimeout 1
> 
>         Retries 3
> 
>         Secret mysecretpassword
> 
>         DisableMTUDiscovery
> 
>         <Host 172.20.0.2>
> 
>             AuthPort 1812
> 
>             AcctPort 1813
> 
>         </Host>
> 
>         <Host 172.20.0.3>
> 
>             AuthPort 1812
> 
>             AcctPort 1813
> 
>         </Host>
> 
>   </AuthBy>
> 
> PreProcessingHook sub { ${$_[0]}->add_attr('EAPType', 'EAP-TLS');}
> 
> AuthLog auth-nac
> 
> </Handler>
> 
>  
> 
> _______
> 
> Vincenzo
> 
> 
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
> 


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list