Hi Jake, As we have both EAP and the captive portal in our system, we (obviously) had to set up radius for both modes. EAP authentication has always worked well once we configured radius to work with our ldap system but the CP side of it was dodgy, at best. We have recently set up a second 'inner-tunnel' to channel the radius traffic to ldap.
This, of course, doesn't address your point of traffic between PF and radius but I think that it's another encrypted channel between radius and the ldap side of things ... We have a dedicated radius installation on the PF server itself ; all traffic between the two is therefore loopback and I don't think it can at all be seen from outside the box. (Please let me know if this is a misconception !) Thanks for the input ... Best, Chris On Thu 27.Jan'11 at 22:25:31 +0000, Sallee, Stephen (Jake) wrote: > I can attest that the RADIUS auth works for the captive portal, but it would > be nice if the RADIUS module would use some form of encryption for > communicating with the RADIUS server. > > As it stands anyone watching the debug output of the radius server can see > the usernames and passwords of all the users using the captive portal in > clear text! It is highly unlikely that anyone would be able to sniff the > traffic between the PF server and the RADIUS server but if they did your > users' info would be amazingly easy to steal. > > Jake Sallee > Godfather Of Bandwidth > Network Engineer > > Fone: 254-295-4658 > Phax: 254-295-4221 > > > -----Original Message----- > From: Olivier Bilodeau [mailto:[email protected]] > Sent: Thursday, January 27, 2011 4:05 PM > To: [email protected] > Subject: [Packetfence-users] What's the status with Captive portal RADIUS > Authentication ? > > Hi, > > Not so long ago someone reported that they couldn't get the > authentication::radius module to work with their captive portal. I can't > recall the exact details but I wasn't provided a specific error aside from > "it doesn't work". > > At the time, I filed a ticket for it here: #1093: regression in > authentication::radius > http://www.packetfence.org/bugs/view.php?id=1093 > > Since then I saw the module used successfully in action. > > My question is: what's the status? can I close the ticket? > > Cheers! > -- > Olivier Bilodeau > [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse > inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence > (www.packetfence.org) > > ------------------------------------------------------------------------------ > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! > Finally, a world-class log management solution at an even better price-free! > Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, > so secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsight-sfd2d > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ------------------------------------------------------------------------------ > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! > Finally, a world-class log management solution at an even better price-free! > Download using promo code Free_Logger_4_Dev2Dev. Offer expires > February 28th, so secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsight-sfd2d > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
