I see thats what I thought, I also confirmed its all clear text with tcpdump. If I were to switch my backend to an ldap system would I have encrypted traffic for user authentication with freeradius remote ldap/backend setup? Also is there a nas/radacct table equivalent in the ldap solution or is it strictly for user authentication? Message: 9 Date: Mon, 26 Apr 2010 15:04:17 -0400 From: John Dennis <jdennis@redhat.com> Subject: Re: Remote MySQL backend encryption To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Message-ID: <4BD5E3B1.8060706@redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed On 04/26/2010 01:57 PM, Eric.Hernandez@allegiantair.com wrote:
Hi,
I am trying to figure out if need to encrypt my traffic from a FreeRadius server to a remote MySQL backend.
I have the following setup.
FreeRadius/MySQL (Server1)
FreeRadius/MySQL (Server2) Both Server1 and Server2 are doing MySQL Master to Master (ssl) Replication
Now I want to add a third FreeRadius server without a local MySQL Backend.
So this third server will point to either Server1 or Server2 which runs MySQL but will these request be sent to the remote MySQL Servers in clear text?
This has nothing to do with how many MySQL servers you've got or how you're doing replication, encryption occurs on a per connection basis (e.g. connections established via rlm_sql_mysql). rlm_sql_mysql never opens an encrypted session with it's server because rlm_sql_mysql does not have an option to set SSL/TLS transport (e.g. does not call mysql_ssl_set()). That probably would be a good feature to add. -- John Dennis <jdennis@redhat.com> Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ------------------------------ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html