[RADIATOR] Trying to use an AuthBy to try Radsec and RADIUS on the same host

Stefan Paetow (OpenSource) oss at eons.net
Wed Dec 18 09:50:43 UTC 2024 

Hi Hugh,

Thank you for clarification! Also, does using 'Asynchronous' make sure that
AuthBy RADSEC gets executed first (and waits for a response) before falling
back to AuthBy RADIUS? The documentation implies so.

With kind regards

Stefan


On Wed, 18 Dec 2024 at 06:14, Hugh Irvine <hugh at radiatorsoftware.com> wrote:

>
> Hello Stefan -
>
> You will need to configure both an AuthBy RADSEC clause *and* an AuthBy
> RADIUS clause.
>
> You can't do both in the AuthBy RADSEC clause.
>
> regards
>
> Hugh
>
>
> On 18/12/2024 09:42, Stefan Paetow (OpenSource) via radiator wrote:
> > Hi,
> >
> > We're trying to implement a mixed AuthBy where we try Radsec
> > (RADIUS/TLS) first on the host(s) defined for a specific realm, and
> > when they time out, retry on plain old RADIUS.
> >
> > Can I do something like this, or will there be a clash between the two
> > sets of Host clauses?
> >
> >     <AuthBy RADSEC>
> >         MaxFailedRequests 5
> >         FailureBackoffTime 180
> >         NoreplyTimeout 5
> >
> >         TLS_Protocols TLSv1.3, TLSv1.2
> >         TLS_CAFile %D/cafile.crt
> >         TLS_CertificateFile %D/certfile.crt
> >         TLS_CertificateType PEM
> >         TLS_PrivateKeyFile %D/certfile.key
> >         TLS_PolicyOID [oid redacted]
> >
> >         Secret radsec
> >         Port 2083
> >         ConnectOnDemand
> >         ProxyAlgorithm HashBalance
> >         Asynchronous
> >
> >         Host fe80::44bc:f9ff:fea8:ab02
> >         Host fe80::44bc:f9ff:fea8:ab04
> >         <Host fe80::44bc:f9ff:fea8:ab02>
> >             Secret this_secret_329847247
> >             Port 1812
> >             UseTLS 0
> >         </Host>
> >         <Host fe80::44bc:f9ff:fea8:ab04>
> >             Secret this_secret_3298423657
> >             Port 1812
> >             UseTLS 0
> >         </Host>
> >     </AuthBy>
> >
> > Based on the documentation (and one of the examples in the docs, not
> > in the goodies), this *should* be possible, but I thought I'd check
> > first?
> >
> > If this does not work, is it because the Host clauses clash?
> >
> > Kind regards
> >
> > Stefan
> >
> >
> > _______________________________________________
> > radiator mailing list
> > radiator at lists.open.com.au
> > https://lists.open.com.au/mailman/listinfo/radiator
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20241218/6a6ed71e/attachment.html>

More information about the radiator mailing list