Re: [RADIATOR] with Microsoft IAS BackEnd

Heikki Vatiainen Wed, 06 Feb 2013 09:05:09 -0800

On 02/06/2013 01:04 PM, Vicaretti Vincenzo (Guest) wrote:

> i want use the EAPBALANCE method for balance the access-request and
> ensure all EAP requests relating to a single session always go to the
> same target RADIUS server (Microsoft IAS)


That should work with EAPBALANCE without any extra configuration from
IAS if you are not using FarmSize (server farm) on Radiator.

> I don’t understand if the UseContentsForDuplicateDetection attribute is
> supported by Microsoft IAS.

It's quite likely not supported.

> I want use the Handler for filter the access-request packet based
> Client-Identifier and Realm
>
> <Handler Client-Identifier=switch,User-Name=/^host\/.*test$/>

The above should match requests that come from Client with 'Identifier
switch' and have User-Name 'host/<whatever>test'.

> I can use EAPBALANCE with Handler method?

You can use AuthBy EAPBALANCE with any Handler.

> The last question:
> 
> is add fake attribute on packet with hook for print the eap method on
> logfile:
> 
> PreProcessingHook sub { ${$_[0]}->add_attr('EAPType', 'EAP-TLS');}
> 
> It’s ok this approach with EAPBALANCE?

Should be. EAPBALANCE uses State attribute and Calling-Station-Id and
User-Name for the first EAP request in the EAP session, as specified in
the reference manual.

> This is my configuration:

It should be fine with IAS provided you are not using ServerFarm.

Thanks,
Heikki


> <Handler Client-Identifier=switch,User-Name=/^host\/.*test$/>
> 
>   <AuthBy EAPBALANCE>
> 
>         FailureBackoffTime 60
> 
>         RetryTimeout 1
> 
>         Retries 3
> 
>         Secret mysecretpassword
> 
>         DisableMTUDiscovery
> 
>         <Host 172.20.0.2>
> 
>             AuthPort 1812
> 
>             AcctPort 1813
> 
>         </Host>
> 
>         <Host 172.20.0.3>
> 
>             AuthPort 1812
> 
>             AcctPort 1813
> 
>         </Host>
> 
>   </AuthBy>
> 
> PreProcessingHook sub { ${$_[0]}->add_attr('EAPType', 'EAP-TLS');}
> 
> AuthLog auth-nac
> 
> </Handler>
> 
>  
> 
> _______
> 
> Vincenzo
> 
> 
> 
> _______________________________________________
> radiator mailing list
> [email protected]
> http://www.open.com.au/mailman/listinfo/radiator
> 


-- 
Heikki Vatiainen <[email protected]>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] with Microsoft IAS BackEnd

Reply via email to