Hello Alan, Good Afternmoon.It is good to see your reply and thank you for your valuable time.
so, RADSEC. Yes You are right it must be a RADSEC.
all you are doing is changing the transport mechanism. the basic parts of RADIUS stay exactly the same, the modules know no different (in fact, under the RADIUS TLS/TCP there is still the same old RADIUS packet, even with the same old shared secret still lurking in there! ;-) I agree with you.
just read the 'tls' virtual server module. configure with required certificate details, add your client details, restart the server and then configure the client appropriately.
Would you like to elaborate a bit .what do you mean by configuring client appropriately? What will be the client side changes?
regarding client....I would just point the client at a local, very stripped down FR server (so its just converting the RADIUS UDP into RADIUS TLS/TCP - very very basic config... or even more basic, a local copy of radsecproxy to do the same.
Is this you ment we can download thye pakage of radsecproxy and will use the same as client side program? & I couldn’t understnd FR server? Any opensource codebase can be helpful to download the client side code? Thanks in Advance ,It helps a lot. Javed Akhtar Technical Lead jaakhtar@cisco.com Tel: Cisco Systems, Inc. India cisco.com Think before you print. This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. Please click here for Company Registration Information. -----Original Message----- From: Freeradius-Users [mailto:freeradius-users-bounces+jaakhtar=cisco.com@lists.freeradius.org] On Behalf Of Alan Buxey Sent: 19 December 2016 16:00 To: Freeradius-Devel@lists.freeradius.org; freeradius-users@lists.freeradius.org Subject: Re: Regarding RADIUS Authentication feature Implementation over TLS hi,
We have a project running under RADIUS under UDP that means we have an existing architecture and APIs to support all the user authentication to RADIUS server via PAP and CHAP under UDP.
okay
We need the same authentication to happen over a secure network where we need to implement RADIUS TCP/TLS .I need to change my client configuration and required code changes has to be done to adapt with RADIUS server which supports RADIUS over TLS.
so, RADSEC.
Is the existing PAM module any version supports RADIUS over TLS?
all you are doing is changing the transport mechanism. the basic parts of RADIUS stay exactly the same, the modules know no different (in fact, under the RADIUS TLS/TCP there is still the same old RADIUS packet, even with the same old shared secret still lurking in there! ;-)
If You have any suggestion for client configuration and file changes in order to adapt RADIUS over TLS,You may share.
just read the 'tls' virtual server module. configure with required certificate details, add your client details, restart the server and then configure the client appropriately. regarding client....I would just point the client at a local, very stripped down FR server (so its just converting the RADIUS UDP into RADIUS TLS/TCP - very very basic config... or even more basic, a local copy of radsecproxy to do the same. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html