I'm currently evaluating Radiator 3.6 + all current patches and up to know I got most of the things I want to do figured out. Radiator is serving NAS and VPN equipment just fine, the roblem is with the WLAN equipment.
The setup is like this:
Laptop with Intel Pro/Wireless 2100 card and WPA "certified" drivers, Odyssey client for EAP-TTLS
Cisco Aironet AP1200 access point running IOS 12.2(11)JA1
Radiator configured to do EAP-TTLS. Outer auth from SQL, inner by proxy to a radius hooked up with the W2K active directory.
After some hacking and fixing the eap_anon_hook.pl to make the accounting show the real user that connects to the AP.
The problems are with the session database functions - after studying the manual for two days straight and not finding anything that seems to help me solve them I ask for your help:
Problem #1:
The session database only shows the outer User-Name - is there a hook I can use to fix the username just like I do with accounting?
Problem #2:
If I set a Session-Timeout of 120 seconds the accesspoints request a new key by way of sending a new Access-Request with the proper credentials. Radiator processes this request ok, but one of the steps involves clearing the session table for that nas and port.
This would be the right thing to do for any "normal" nas equipment. Chances are nobody can connect to port X of the nas if there is still a connection.
With WLAN nas and regular re-keying this doesn't work anymore. At least the cisco accesspoint doesn't send a accounting start/alive/stop records after re-keying as the session is still ok, just a new encryption key has been exchanged. Is there any way to suppress the SessionDatabase Delete query? If you could set this up per client would be ok for me, a way to implement Pre/Post hooks for the session database would be even better. Oh, and I haven't found a way to make the Cisco AP send accounting records after re-keying. If you by any chance know how to do this, that would be another solution that would work for me.
Any ideas how to go about solving these things?
-- i. A. Morton Jonuschat Systemmanager Network & Security Information Services / Communications
MAXDATA AG Elbestra�e 12 - 16 D-45768 Marl Telefon: +49 2365 952-2563 Telefax: +49 2365 952-2505
www.maxdata.com
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
