Started off just using it on our ORPS systems so proxying auth requests off to remote sites inbound auths using winbind -> our AD system. Basically eap-peap/mschapv2, eap-tls and proxying. Back end database postgresql with buffered-sql virtual server. EAP caching switched on, OCSP for EAP-TLS pointing at our XpressConnect ES server After my fights with built in RADSEC( which I lost), got that working using radsecproxy, means I can auth on uni eduroam using alex@sharaz.info which has auth chain of clearpass-><UoY ORPS> -> radsec/ipv6 -> my server in the cloud-> radsec/ipv6-> gateway to home net->FR 3.0.12 /ipv6 on os/x. (having issues with the final open directory bit, but I'm sure that's just a config thing). Will continue the battle next week. It's going to be something really silly, but at least I know I can do the stuff with radsecproxy. Up till this week, been running 3.0.13 on one of our Tier 2 servers doing eap-tls, eap-peap/mschapv2 mac auth buffered-sql -> postgres database. Also using MySQL for back end db that contains list of quarantined MAC addresses ( stored procedure isQuarantined(%{Calling-Station-Id}) returns true/false. Access-Accept packet contents tailored to type of device performing auths.Some static values some pulled form db. Last Friday started upgrading remaining 2 2.2.9 servers to 3.0.13. Seems to be working just fine. Security team pleased we've moved away from MySQL, no ones world has ended by moving to 3.0.13 :-) A On 10 January 2017 at 10:08, <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
Been running 30.13 for months just fine
ditto. perhaps we need some stability feedback mechanism, reports what modules you are using etc?
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html