[RADIATOR] Trying to use an AuthBy to try Radsec and RADIUS on the same host
Hugh Irvine
hugh at radiatorsoftware.com
Wed Dec 18 06:14:32 UTC 2024
Hello Stefan -
You will need to configure both an AuthBy RADSEC clause *and* an AuthBy
RADIUS clause.
You can't do both in the AuthBy RADSEC clause.
regards
Hugh
On 18/12/2024 09:42, Stefan Paetow (OpenSource) via radiator wrote:
> Hi,
>
> We're trying to implement a mixed AuthBy where we try Radsec
> (RADIUS/TLS) first on the host(s) defined for a specific realm, and
> when they time out, retry on plain old RADIUS.
>
> Can I do something like this, or will there be a clash between the two
> sets of Host clauses?
>
> <AuthBy RADSEC>
> MaxFailedRequests 5
> FailureBackoffTime 180
> NoreplyTimeout 5
>
> TLS_Protocols TLSv1.3, TLSv1.2
> TLS_CAFile %D/cafile.crt
> TLS_CertificateFile %D/certfile.crt
> TLS_CertificateType PEM
> TLS_PrivateKeyFile %D/certfile.key
> TLS_PolicyOID [oid redacted]
>
> Secret radsec
> Port 2083
> ConnectOnDemand
> ProxyAlgorithm HashBalance
> Asynchronous
>
> Host fe80::44bc:f9ff:fea8:ab02
> Host fe80::44bc:f9ff:fea8:ab04
> <Host fe80::44bc:f9ff:fea8:ab02>
> Secret this_secret_329847247
> Port 1812
> UseTLS 0
> </Host>
> <Host fe80::44bc:f9ff:fea8:ab04>
> Secret this_secret_3298423657
> Port 1812
> UseTLS 0
> </Host>
> </AuthBy>
>
> Based on the documentation (and one of the examples in the docs, not
> in the goodies), this *should* be possible, but I thought I'd check
> first?
>
> If this does not work, is it because the Host clauses clash?
>
> Kind regards
>
> Stefan
>
>
> _______________________________________________
> radiator mailing list
> radiator at lists.open.com.au
> https://lists.open.com.au/mailman/listinfo/radiator
More information about the radiator
mailing list