On 29 Jan 2015, at 04:26, Daniel Smith <danielesmith@gmail.com> wrote:
Hi,
My organization has a FreeRADIUS server set up to authenticate wifi users with their Google Apps email address and generated app password. It accepts them over EAP in plain text and then runs them against the ClientLogin API in a perl script.
Google has deprecated ClientLogin and is cutting it off in April this year. I have consulted with a couple cloud radius providers and they say they can keep this system working as it currently does
They probably use FreeRADIUS as a backend. I know Cloudessa does at least. They don't support the project in any way though.
- users create a Google app password, sign into the WiFi network with it, and they get on the network. This is ideal since we can just direct our existing server's IP to the cloud provider, and our hundreds of clients keep working without a single change.
Is there any way FreeRADIUS can authenticate against Google with an app password, without ClientLogin being around anymore? I looked into OAuth2 but it looks like that will require all existing clients to manually sign in again and change details, since it'll require interaction to create the first refresh token.
I don't know how they're doing it. But if you have any requests like extra HMAC functions and want to try something with Oauth2, i'd be happy to help out. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2