[RADIATOR] EAP service provisioning issues

Sami Keski-Kasari samikk at open.com.au
Thu Jun 13 04:43:09 CDT 2013 

Hello Prasoon,

If I understood correctly, in user_auth you are authenticating user and 
in service_auth you just want to add attributes to reply?

If this is the case, then you should use paramaters:
NoEAP and NoCheckPassword.
See 5.20.57 NoCheckPassword and 5.20.59 NoEAP from reference manual.

Best Regards,
  Sami


12.06.2013 13:35, Prasoon Majumdar kirjoitti:
> Hi All,
>
> This is regarding service provisioning scenario that we observed with
> EAP MD5 protocol in radiator configuration, find the details below:
>
> <AuthBy LDAP2>
>          NoDefault
>          Identifier      user_auth
>          Host            10.91.118.24
>          Port            389
>          AuthDN          cn=directory manager
>          AuthPassword    tcpip123
>          BaseDN          %{User-Base}
>          Scope           one
>          SearchFilter    (uid=%U)
>          UsernameAttr    uid
>          PasswordAttr    coltplainpasswd
>          EAPType         MD5-Challenge
>          AuthAttrDef     radius-framed-ip-address,Framed-IP-Address,reply
>          AuthAttrDef     radius-framed-ip-netmask,Framed-IP-Netmask,reply
>          Debug           255
> </AuthBy>
>
>
> <AuthBy LDAP2>
>          Identifier      service_auth
>          Host            10.91.118.24
>          Port            389
>          AuthDN          cn=directory manager
>          AuthPassword    tcpip123
>          BaseDN          %{Service-Dn}
>          Scope           subtree
>          SearchFilter    radiusdomains=%W
>          PasswordAttr
> #        EAPType         MD5-Challenge
>          AuthAttrDef     radius-cisco-avpair,Cisco-AVPair,reply
>          AuthAttrDef     radius-Framed-Protocol,Framed-Protocol,reply
>          AuthAttrDef     radius-service-type,Service-Type,reply
>          AuthAttrDef
> radius-Tunnel-Client-Auth-ID,Tunnel-Client-Auth-ID,reply
>          AuthAttrDef
> radius-Tunnel-Client-Endpoint,Tunnel-Client-Endpoint,reply
>          AuthAttrDef     radius-Tunnel-Medium-Type,Tunnel-Medium-Type,reply
>          AuthAttrDef     radius-Tunnel-Password,Tunnel-Password,reply
>          AuthAttrDef
> radius-Tunnel-Server-Endpoint,Tunnel-Server-Endpoint,reply
>          AddToReplyIfNotExist    Framed-Protocol=PPP,Service-Type=2
>          Debug           255
> </AuthBy>
>
>
>
> In this scenario, we are taking the default hanlders to understand EAP
> communication and observed that the userauthentication with EAP is going
> fine but the service authentication with EAP is not required but still
> radiator is requesting for EAP communication, so how can we disable EAP
> for service authentication and if its explicitly required , what are the
> parameters need to be taken care of.
>
> Usually by default, service provisioning should be devoid of any such
> protocols.
>
> Can anyone give us some hand here.
>
> Regards,
> Prasoon
>
>
> --
> Regards,
> Prasoon Majumdar
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>


-- 
Sami Keski-Kasari <samikk at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list