dynamic-authorization with TLS

murugesh pitchaiah murugesh.pitchaiah at gmail.com
Mon Dec 21 09:56:38 CET 2020


Thanks Alan. Upgraded to 3.0.21 from 3.0.16. Done by adding the - deb
https://packages.networkradius.com/releases/ubuntu-bionic bionic main.

But unable to see coa-relay. Should i get source and build myself ?

freeradius -v
radiusd: FreeRADIUS Version 3.0.21 (git #af428abda), for host
x86_64-pc-linux-gnu
FreeRADIUS Version 3.0.21
Copyright (C) 1999-2019 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT

:/etc/freeradius/3.0/sites-available$
/etc/freeradius/3.0/sites-available$ ls
abfab-tls     channel_bindings  copy-acct-to-home-server  dhcp.relay
    originate-coa            soh                  vmps
abfab-tr-idp  check-eap-tls     decoupled-accounting
dynamic-clients  proxy-inner-tunnel       status
buffered-sql  coa               default                   example
    README                   tls
challenge     control-socket    dhcp                      inner-tunnel
    robust-proxy-accounting  virtual.example.com


Thanks.






On 12/21/20, Alan DeKok <aland at deployingradius.com> wrote:
> On Dec 20, 2020, at 1:17 PM, murugesh pitchaiah
> <murugesh.pitchaiah at gmail.com> wrote:
>>
>> My understanding is freeradius should receive the coa packets. And then it
>> just forwards same to the NAS. Am I right?
>
>   It can do that if you configure it.  See sites-available/coa-relay in
> recent releases.  You night need to use the v3.0.x branch from GitHub,
> though.  It has some fixes for CoA and TLS.
>
>> In that case there should be some originator of the coa packets who has
>> TLS
>> connection with freeradius server. Please advise if any well known
>> application exist.
>
>   No, that's not necessary.  FreeRADIUS can receive packets over plain UDP,
> and proxy them to the NAS over TLS.
>
>> I see the originate-coa site in freeradius can do same. But not sure if
>> that supports TLS.
>
>   See the v3.0.x branch on GitHub.  It has fixes for this.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list