Authenticator -to- RADIUS connection

Alan DeKok aland at deployingradius.com
Tue Oct 5 19:49:29 CEST 2021 

On Oct 5, 2021, at 1:00 PM, Turner, Randy <Randy.Turner at landisgyr.com> wrote:
> We are using a package called “hostapd” to talk to FreeRADIUS – in some of the hostapd documentation they refer to hostapd as an 802.1x “authenticator”

  Yes.  802.1X != RADIUS.  They use different terminology, because they are different protocols, and do different (but related) things.

  And why not just say from the start that you're using hostap?  It's *always* better to be precise.  Especially if you're not familiar with the technology.

> This was the term I used in my original question which may have readers thinking I meant the actual device that was trying to access the network.

  I didn't know what you meant.  Because as soon as someone uses the wrong terminology, all bets are off.

> In FreeRADIUS parlance, I think hostapd is called a NAS – it’s the NAS-to-FreeRADIUS connection I was referring to.

  This is not "FreeRADIUS parlance".   The term "NAS" goes back to at least 1993, and the first RADIUS standards.  A little bit of reading on the basic terminology would help.

  So you're still confused about which things are involved, and what they do.  I'm still not sure what you're asking.

 The "NAS to FreeRADIUS" connection uses RADIUS.  You can't use any other protocol there.

  The "end user to hostap" connection uses 802.1X, which includes EAP.  The EAP packets are then placed inside of RADIUS by the NAS, sent to FreeRADIUS.

  EAP can carry many different kinds of authentication.  EAP-TLS, EAP-TTLS, etc.

  All of this information is available on the net (including Wikipedia) if you go look.

  What is frustrating here is not just using the wrong terminology, it's also metering out of additional information all through the conversation.  It would have been very simple to say "I have a computer using WiFi, I have hostap, and I want to authenticate the user device via FreeRADIUS".  That would have given us *useful* information.

  Instead, it's a vague question using incorrect terms, followed by "Oh yeah, I'm using this, too".  This is frustrating.

  Spend an hour or so reading the Wikipedia pages on RADIUS and EAP.  That should clarify a lot of issues.  And PLEASE give useful information in messages.  That helps enormously.
 
  Alan DeKok.

More information about the Freeradius-Users mailing list