Releasing 3.0.13 soon?
Alex Sharaz
alex.sharaz at york.ac.uk
Tue Jan 10 11:53:07 CET 2017
Started off just using it on our ORPS systems so
proxying auth requests off to remote sites
inbound auths using winbind -> our AD system.
Basically eap-peap/mschapv2, eap-tls and proxying.
Back end database postgresql with buffered-sql virtual server.
EAP caching switched on,
OCSP for EAP-TLS pointing at our XpressConnect ES server
After my fights with built in RADSEC( which I lost), got that working using
radsecproxy, means I can auth on uni eduroam using alex at sharaz.info which
has auth chain of
clearpass-><UoY ORPS> -> radsec/ipv6 -> my server in the cloud->
radsec/ipv6-> gateway to home net->FR 3.0.12 /ipv6 on os/x. (having issues
with the final open directory bit, but I'm sure that's just a config thing).
Will continue the battle next week. It's going to be something really
silly, but at least I know I can do the stuff with radsecproxy.
Up till this week, been running 3.0.13 on one of our Tier 2 servers doing
eap-tls, eap-peap/mschapv2 mac auth buffered-sql -> postgres database.
Also using MySQL for back end db that contains list of quarantined MAC
addresses ( stored procedure isQuarantined(%{Calling-Station-Id}) returns
true/false.
Access-Accept packet contents tailored to type of device performing
auths.Some static values some pulled form db.
Last Friday started upgrading remaining 2 2.2.9 servers to 3.0.13. Seems to
be working just fine. Security team pleased we've moved away from MySQL, no
ones world has ended by moving to 3.0.13 :-)
A
On 10 January 2017 at 10:08, <A.L.M.Buxey at lboro.ac.uk> wrote:
> Hi,
> > Been running 30.13 for months just fine
>
> ditto. perhaps we need some stability feedback mechanism, reports what
> modules
> you are using etc?
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>
More information about the Freeradius-Users
mailing list