Hello Stefan -
You will need to configure both an AuthBy RADSEC clause *and* an AuthBy
RADIUS clause.
You can't do both in the AuthBy RADSEC clause.
regards
Hugh
On 18/12/2024 09:42, Stefan Paetow (OpenSource) via radiator wrote:
Hi,
We're trying to implement a mixed AuthBy where we try Radsec
(RADIUS/TLS) first on the host(s) defined for a specific realm, and
when they time out, retry on plain old RADIUS.
Can I do something like this, or will there be a clash between the two
sets of Host clauses?
<AuthBy RADSEC>
MaxFailedRequests 5
FailureBackoffTime 180
NoreplyTimeout 5
TLS_Protocols TLSv1.3, TLSv1.2
TLS_CAFile %D/cafile.crt
TLS_CertificateFile %D/certfile.crt
TLS_CertificateType PEM
TLS_PrivateKeyFile %D/certfile.key
TLS_PolicyOID [oid redacted]
Secret radsec
Port 2083
ConnectOnDemand
ProxyAlgorithm HashBalance
Asynchronous
Host fe80::44bc:f9ff:fea8:ab02
Host fe80::44bc:f9ff:fea8:ab04
<Host fe80::44bc:f9ff:fea8:ab02>
Secret this_secret_329847247
Port 1812
UseTLS 0
</Host>
<Host fe80::44bc:f9ff:fea8:ab04>
Secret this_secret_3298423657
Port 1812
UseTLS 0
</Host>
</AuthBy>
Based on the documentation (and one of the examples in the docs, not
in the goodies), this *should* be possible, but I thought I'd check
first?
If this does not work, is it because the Host clauses clash?
Kind regards
Stefan
_______________________________________________
radiator mailing list
[email protected]
https://lists.open.com.au/mailman/listinfo/radiator
_______________________________________________
radiator mailing list
[email protected]
https://lists.open.com.au/mailman/listinfo/radiator
