Proxy-tester nagios check for Freeradius

Alan DeKok aland at deployingradius.com
Tue Feb 5 13:59:41 CET 2019


On Feb 5, 2019, at 5:58 AM, Fekete Tamás <fektom at gmail.com> wrote:
> 
> I would like to make a proxy-tester Nagios check for Freeradius and would
> like to ask some help for debugging as I experience some problem with using
> eapol_test.
> 
> The design is that a user wants to authenticate at realm "A" with
> credentials stored at realm "B".
> The infrastructure already set up for proxying based on the realm names and
> the Access-Requests are do forwarded.

  OK...

> I tried this proxy scenario with radtest. And with radtest it works.
> 
> However, I have some questions regarding this developer work.
> Maybe you can help me.
> 
> The first is: is it true, that radtest doesn't encrypt it's messages so
> proxy requests will contain the password in a recoverable manner?

  The User-Password attribute is protected "on the wire".  The passwords are recoverable, because the home server has to check them.

  See RFC 2865 Section 5.2 for more information.

  Alan DeKok.




More information about the Freeradius-Users mailing list