[RADIATOR] AuthByFreeRaidusSQL and EAP authentication

Brandon Shiers brandon.shiers at cerento.com
Mon Aug 3 22:46:25 UTC 2020


Thank you for the reply!  I did get the certificate issue sorted out.  I am now having issues with getting reply attributes back to the radio.  

I am passing them back but the radio is only taking select options.  I think it's a firmware issue as we've had to roll out new firmware since we started this project and unfortunately I'm waiting for the vendor.  The odd thing (and I have their dictionary loaded), it will accept one of their VSA's but not the rest.  Standard things like Framed-IP-Adddress works just fine.  I am having an issue with the RADIUS DB for some reason over-writing the password when using the DB for the lookups I haven't figured that one out yet.  

Brandon Shiers, RF Engineer
937 West Main Street
Riverton, WY 82501
307.857.6704 (o)
307.840.2366 (c)
307.856.1499 (f)
brandon.shiers at cerento.com

-----Original Message-----
From: radiator On Behalf Of Heikki Vatiainen
Sent: Wednesday, July 29, 2020 6:34 AM
To: radiator at lists.open.com.au
Subject: Re: [RADIATOR] AuthByFreeRaidusSQL and EAP authentication

On 27.7.2020 19.16, Brandon Shiers wrote:

> Will it support EAPTLS for authentication out in front of the actual 
> database lookup for the username, password and reply attributes?

Is that EAP-TLS or EAP-TTLS? With EAP-TLS a password is not needed and SQL can be optionally be used to check that the certificate subject is known. It can also fetch reply attributes. I'm not sure I have used with Freeradius SQL but with AuthBy SQL it works.

With EAP-TTLS it should also work with SQL backend, but I don't think I've yet tried with Freeradius specific module.

The certificate problems are not related to this because they happen before SQL access.


Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory, EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
radiator mailing list
radiator at lists.open.com.au

More information about the radiator mailing list