Filter OpenLDAP users account upon Freeradius 3.0.10 NAS-Port-Id
Matthew Newton
mcn4 at leicester.ac.uk
Tue Dec 15 20:37:52 CET 2015
On Tue, Dec 15, 2015 at 01:36:48PM -0500, Alan DeKok wrote:
> On Dec 15, 2015, at 1:30 PM, François Lacombe <fl.infosreseaux at gmail.com> wrote:
> > Strongswan only redirects EAP packets to the radius. The EAP packets
> > come directly from users.
>
> StrongSWAN is sending RADIUS packets to FreeRADIUS.
> StrongSWAN is the RADIUS client.
> > Nevertheless I agree that NAS-IP-Address should always be the IP of
> > strongswan server instead of the users' one.
>
> Yes. That's what the RFCs say the NAS-IP-Address should be.
In my experience setting up strongSwan and FreeRADIUS recently,
strongSwan behaved correctly with regard to RADIUS.
(Though in the end I used IKEv2 which doesn't do EAP, so I just get
RADIUS accounting.)
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list