Hello Prasoon,
If I understood correctly, in user_auth you are authenticating user and
in service_auth you just want to add attributes to reply?
If this is the case, then you should use paramaters:
NoEAP and NoCheckPassword.
See 5.20.57 NoCheckPassword and 5.20.59 NoEAP from reference manual.
Best Regards,
Sami
12.06.2013 13:35, Prasoon Majumdar kirjoitti:
> Hi All,
>
> This is regarding service provisioning scenario that we observed with
> EAP MD5 protocol in radiator configuration, find the details below:
>
> <AuthBy LDAP2>
> NoDefault
> Identifier user_auth
> Host 10.91.118.24
> Port 389
> AuthDN cn=directory manager
> AuthPassword tcpip123
> BaseDN %{User-Base}
> Scope one
> SearchFilter (uid=%U)
> UsernameAttr uid
> PasswordAttr coltplainpasswd
> EAPType MD5-Challenge
> AuthAttrDef radius-framed-ip-address,Framed-IP-Address,reply
> AuthAttrDef radius-framed-ip-netmask,Framed-IP-Netmask,reply
> Debug 255
> </AuthBy>
>
>
> <AuthBy LDAP2>
> Identifier service_auth
> Host 10.91.118.24
> Port 389
> AuthDN cn=directory manager
> AuthPassword tcpip123
> BaseDN %{Service-Dn}
> Scope subtree
> SearchFilter radiusdomains=%W
> PasswordAttr
> # EAPType MD5-Challenge
> AuthAttrDef radius-cisco-avpair,Cisco-AVPair,reply
> AuthAttrDef radius-Framed-Protocol,Framed-Protocol,reply
> AuthAttrDef radius-service-type,Service-Type,reply
> AuthAttrDef
> radius-Tunnel-Client-Auth-ID,Tunnel-Client-Auth-ID,reply
> AuthAttrDef
> radius-Tunnel-Client-Endpoint,Tunnel-Client-Endpoint,reply
> AuthAttrDef radius-Tunnel-Medium-Type,Tunnel-Medium-Type,reply
> AuthAttrDef radius-Tunnel-Password,Tunnel-Password,reply
> AuthAttrDef
> radius-Tunnel-Server-Endpoint,Tunnel-Server-Endpoint,reply
> AddToReplyIfNotExist Framed-Protocol=PPP,Service-Type=2
> Debug 255
> </AuthBy>
>
>
>
> In this scenario, we are taking the default hanlders to understand EAP
> communication and observed that the userauthentication with EAP is going
> fine but the service authentication with EAP is not required but still
> radiator is requesting for EAP communication, so how can we disable EAP
> for service authentication and if its explicitly required , what are the
> parameters need to be taken care of.
>
> Usually by default, service provisioning should be devoid of any such
> protocols.
>
> Can anyone give us some hand here.
>
> Regards,
> Prasoon
>
>
> --
> Regards,
> Prasoon Majumdar
>
>
> _______________________________________________
> radiator mailing list
> [email protected]
> http://www.open.com.au/mailman/listinfo/radiator
>
--
Sami Keski-Kasari <[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
