[RADIATOR] Handler Match on Secret?
Hugh Irvine
hugh at open.com.au
Tue Aug 27 05:19:22 UTC 2019
Hi Cassidy -
You can use wildcards or even DEFAULT to match multiple client devices, but our recommendation is to always maintain the complete list of devices.
A few hundred devices is not that many and maintaining the complete list will avoid multiple potential headaches.
regards
Hugh
> On 27 Aug 2019, at 14:43, Cassidy B. Larson <alandaluz at gmail.com> wrote:
>
> We have a few hundred devices we want to enable radius authentication on, a couple of different vendors and they could be any sort of random/unique IPs sourcing the auth request packets.
>
> I was thinking if Vendor A had its own unique radius secret, and vendor B had it's unique secret to its own set of devices we could key off of that. I'd prefer not to add each individual IP to the clients table, I was hoping to just key off of the secret to force the appropriate Handler to be used. Make sense?
>
> Any way of accomplishing what I want without having to add each client IP/secret set? Seems like it'd be a pain to maintain.
>
> Thanks,
>
> Cassidy
>
> On Mon, Aug 26, 2019 at 3:54 PM Hugh Irvine <hugh at open.com.au> wrote:
>
> Hello Cassidy -
>
> I’m not sure I understand the requirement - if you don’t have a Client device listed, Radiator will ignore any RADIUS requests coming from it.
>
> The usual way to do this sort of thing is with Identifier’s in the Client clauses, with Handler’s to match.
>
> Maybe give us a bit more detail on what you want to accomplish?
>
> regards
>
> Hugh
>
> > On 27 Aug 2019, at 06:27, Cassidy B. Larson <alandaluz at gmail.com> wrote:
> >
> > Is there a way to do a Handler match based on the Secret?
> >
> > We have a number of different devices that I'd like to segregate into separate Handlers based on their Secret. I'd rather not have to update the ClientListSQL database each time I add a new one.
> >
> > Any thoughts?
> >
> > Thanks!
> >
> > -c
> > _______________________________________________
> > radiator mailing list
> > radiator at lists.open.com.au
> > https://lists.open.com.au/mailman/listinfo/radiator
>
>
> --
>
> Hugh Irvine
> hugh at open.com.au
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER, SIM, etc.
> Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc.
>
> _______________________________________________
> radiator mailing list
> radiator at lists.open.com.au
> https://lists.open.com.au/mailman/listinfo/radiator
--
Hugh Irvine
hugh at open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc.
Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc.
More information about the radiator
mailing list