Hi Hugh, Thank you for clarification! Also, does using 'Asynchronous' make sure that AuthBy RADSEC gets executed first (and waits for a response) before falling back to AuthBy RADIUS? The documentation implies so.
With kind regards Stefan On Wed, 18 Dec 2024 at 06:14, Hugh Irvine <[email protected]> wrote: > > Hello Stefan - > > You will need to configure both an AuthBy RADSEC clause *and* an AuthBy > RADIUS clause. > > You can't do both in the AuthBy RADSEC clause. > > regards > > Hugh > > > On 18/12/2024 09:42, Stefan Paetow (OpenSource) via radiator wrote: > > Hi, > > > > We're trying to implement a mixed AuthBy where we try Radsec > > (RADIUS/TLS) first on the host(s) defined for a specific realm, and > > when they time out, retry on plain old RADIUS. > > > > Can I do something like this, or will there be a clash between the two > > sets of Host clauses? > > > > <AuthBy RADSEC> > > MaxFailedRequests 5 > > FailureBackoffTime 180 > > NoreplyTimeout 5 > > > > TLS_Protocols TLSv1.3, TLSv1.2 > > TLS_CAFile %D/cafile.crt > > TLS_CertificateFile %D/certfile.crt > > TLS_CertificateType PEM > > TLS_PrivateKeyFile %D/certfile.key > > TLS_PolicyOID [oid redacted] > > > > Secret radsec > > Port 2083 > > ConnectOnDemand > > ProxyAlgorithm HashBalance > > Asynchronous > > > > Host fe80::44bc:f9ff:fea8:ab02 > > Host fe80::44bc:f9ff:fea8:ab04 > > <Host fe80::44bc:f9ff:fea8:ab02> > > Secret this_secret_329847247 > > Port 1812 > > UseTLS 0 > > </Host> > > <Host fe80::44bc:f9ff:fea8:ab04> > > Secret this_secret_3298423657 > > Port 1812 > > UseTLS 0 > > </Host> > > </AuthBy> > > > > Based on the documentation (and one of the examples in the docs, not > > in the goodies), this *should* be possible, but I thought I'd check > > first? > > > > If this does not work, is it because the Host clauses clash? > > > > Kind regards > > > > Stefan > > > > > > _______________________________________________ > > radiator mailing list > > [email protected] > > https://lists.open.com.au/mailman/listinfo/radiator >
_______________________________________________ radiator mailing list [email protected] https://lists.open.com.au/mailman/listinfo/radiator
