On 14.08.2017 17:17, Karl Gaissmaier wrote:
we need it especially for RADSEC (Server AND AuthBy) because we can't
decode the sniffered but encrypted RADSEC traffic without the TLS
session keys.
Yes, that certainly helps. There's now an update in Radiator 4.19
patches that adds support for logging outgoing RadSec messages with
MessageLog.
RADIUS traffic can be sniffed and decoded by wireshark without any
elaborated tricks.
Sometimes doing this from within the application has its advantages: For
example, you see the messages that were actually received by the
application with better understanding when their processing started.
This can be useful when comparing to wire view to see if anything was
dropped and how long the messages were buffered by kernel.
Thanks,
Heikki
--
Heikki Vatiainen <[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
http://lists.open.com.au/mailman/listinfo/radiator
