<html><body>
<p><tt><font size="2">I see thats what I thought, I also confirmed its all clear text with tcpdump.</font></tt><br>
<br>
<tt><font size="2">If I were to switch my backend to an ldap system would I have encrypted traffic for user authentication with freeradius remote ldap/backend setup?</font></tt><br>
<br>
<tt><font size="2">Also is there a nas/radacct table equivalent in the ldap solution or is it strictly for user authentication? </font></tt><br>
<br>
<br>
<tt><font size="2">Message: 9<br>
Date: Mon, 26 Apr 2010 15:04:17 -0400<br>
From: John Dennis <jdennis@redhat.com><br>
Subject: Re: Remote MySQL backend encryption<br>
To: FreeRadius users mailing list<br>
<freeradius-users@lists.freeradius.org><br>
Message-ID: <4BD5E3B1.8060706@redhat.com><br>
Content-Type: text/plain; charset=UTF-8; format=flowed<br>
<br>
On 04/26/2010 01:57 PM, Eric.Hernandez@allegiantair.com wrote:<br>
> Hi,<br>
><br>
> I am trying to figure out if need to encrypt my traffic from a<br>
> FreeRadius server to a remote MySQL backend.<br>
><br>
> I have the following setup.<br>
><br>
> FreeRadius/MySQL (Server1)<br>
><br>
> FreeRadius/MySQL (Server2) Both Server1 and Server2 are doing MySQL<br>
> Master to Master (ssl) Replication<br>
><br>
> Now I want to add a third FreeRadius server without a local MySQL Backend.<br>
><br>
> So this third server will point to either Server1 or Server2 which runs<br>
> MySQL but will these request be sent to the remote MySQL Servers in<br>
> clear text?<br>
<br>
This has nothing to do with how many MySQL servers you've got or how <br>
you're doing replication, encryption occurs on a per connection basis <br>
(e.g. connections established via rlm_sql_mysql). rlm_sql_mysql never <br>
opens an encrypted session with it's server because rlm_sql_mysql does <br>
not have an option to set SSL/TLS transport (e.g. does not call <br>
mysql_ssl_set()). That probably would be a good feature to add.<br>
<br>
-- <br>
John Dennis <jdennis@redhat.com><br>
<br>
Looking to carve out IT costs?<br>
</font></tt><tt><font size="2">www.redhat.com/carveoutcosts/</font></tt><tt><font size="2"><br>
<br>
<br>
------------------------------<br>
<br>
-<br>
List info/subscribe/unsubscribe? See </font></tt><tt><font size="2"><a href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a></font></tt><br>
</body></html>