Filtering RADIUS request to only allow EAP-TTLS in a proxying-only server?
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Wed Sep 24 19:50:52 CEST 2008
Hi,
> One thing I'd like to achive in the "EDUROAM"-responsible RADIUS
> "router" (server) is to make sure that *only* EAP-TTLS requests are
> forwarded to the RADIUS server doing the real user authentication.
the inner, or the whole request? if only the inner, then please
note that this will break new EAP RFCs
> Ie, I would like to make sure that it will reject requests that
> come in from the outside with user+password stuff sent in cleartext.
>
> (And also make sure itself won't send out such requests).
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
visitors to your site might be using any type of EAP - thats
down to their home site...so you'll have to let all EAP
out..once again, as previous answer, in plain user/auth,
there are many fields missing... but what kit at
your site would even be attempting a plain user/pass
login?
alan
More information about the Freeradius-Users
mailing list