[RADIATOR] AuthRADSEC and radsecproxy are incompatible!
Heikki Vatiainen
hvn at open.com.au
Thu Jul 18 08:22:10 CDT 2013
On 07/18/2013 03:09 PM, Stefan Winter wrote:
> Yes, I believe this is where your aversion really comes from: Radiator
> is pretty much exclusively used in its server and proxy role; it doesn't
> usually take the NAS role. So you probably have code which
> unconditionally always adds a Proxy-State.
Indeed. It was assumed Proxy-State can always be added if it is turned
on for the next hop server, AuthBy etc.
> It's probably unprecedented
> in the code that Radiator finds itself in a situation where it's not
> supposed to do that. Well, it's a new feature - so adding new code to do
> it right is basically a "That's life" situation.
Yes, adding new code solves this. Relying on Proxy-State being available
would have been nice but that will not work.
Does anyone know if creating secondary, tertiary, ... TCP connections
has worked fine? I'm thinking of the alternatives at hand: sticking with
Proxy-State extented IDs (using one TCP connection) or using the port
numbers (multiple TCP connections) for ID space extension?
Thanks for your input!
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list