We here at Minnesota have been very happy with Radiator for wireless auth. We also use it for Cisco tacacs sort of functions. We are more of a mschap-v2 to the central Ldap (and eduroam) , and don't do OCSP.
/daniel/ daniel westacott On Wed, Apr 17, 2013 at 2:10 PM, Turner, Ryan H <[email protected]>wrote: > We are switching to EAP-TLS for wireless authentication, and have > everything in place with the exception of a Certificate Revocation Checking > process. We would prefer to use OCSP, but it appears that freeRadius isn’t > supporting OCSP very well (it is either buggy or not feature rich). > Specifically, it would appear that if you don’t specify a URL (a responder > override), freeRadius will not correctly pull the responder URL from the > certificate. Verification then fails, and thus the user connection will > not be established. We have multiple CAs, so hard coding in a single > responder URL is not optimal. The other issue, is that a fail open option > for freeradius also doesn’t look to be officially supported, and is only > provided via some user patch that won’t likely work when the code is > upgraded. A soft fail would allow users to be authenticated if a responder > is unavailable, and presumably we can set some time out that is less than a > user connection time out for this to occur. **** > > ** ** > > With all of this preface, I have been looking for commercially supported > radius platforms, and Radiator looks to be a really good option. I am not > entirely they support the above options, but have inquired. Anyone have > some good opinions on Radiator?**** > > ** ** > > As to our actual problems, we could be messing up the config, but I don’t > think so J**** > > ** ** > > Thanks,**** > > Ryan Turner**** > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
