Hi, I'd want to know if anyone there is using freeradius along with a xmpp server. I'd like to read experiences about it. Thanks in advance! -- -- Sergio Belkin http://www.sergiobelkin.com Watch More TV http://sebelk.blogspot.com LPIC-2 Certified - http://www.lpi.org
2011/5/27 Phil Mayers <p.mayers@imperial.ac.uk>:
On 27/05/11 16:31, Sergio Belkin wrote:
Hi,
I'd want to know if anyone there is using freeradius along with a xmpp server.
I mean use a xmppserver as a NAS. I think that it provide more flexibility to choose based on what attributes is performed the authentication. -- -- Sergio Belkin http://www.sergiobelkin.com Watch More TV http://sebelk.blogspot.com LPIC-2 Certified - http://www.lpi.org
On 27/05/11 16:58, Sergio Belkin wrote:
I mean use a xmppserver as a NAS. I think that it provide more flexibility to choose based on what attributes is performed the authentication.
So, would the idea be that: * client connects to XMPP server * client sends username/password * XMPP server sends PAP request * radius server replies with yes/no The easiest way is probably PAM and pam_radius, but it only does authentication. But I assume you want to do something more complex?
2011/5/27 Phil Mayers <p.mayers@imperial.ac.uk>:
On 27/05/11 16:58, Sergio Belkin wrote:
I mean use a xmppserver as a NAS. I think that it provide more flexibility to choose based on what attributes is performed the authentication.
So, would the idea be that:
* client connects to XMPP server * client sends username/password * XMPP server sends PAP request * radius server replies with yes/no
The easiest way is probably PAM and pam_radius, but it only does authentication.
But I assume you want to do something more complex? -
The Idea is: * client connects to XMPP server * client sends uid/radiusPassword (see below) * XMPP server sends MSChapv2 request * radius server replies with yes/no radiusPassword is an attribute alternative that we created instead userPassword. We use it instead of userPassword which is used for mail and intranet access. I was testing openfire but it can't choose the attribute, only uses userPassword, and has a radius plugin a bit outdated... -- -- Sergio Belkin http://www.sergiobelkin.com Watch More TV http://sebelk.blogspot.com LPIC-2 Certified - http://www.lpi.org
The Idea is:
* client connects to XMPP server * client sends uid/radiusPassword (see below) * XMPP server sends MSChapv2 request * radius server replies with yes/no
Interesting. Since the client is sending user/password, why do you want to translate that to an MSCHAP request?
radiusPassword is an attribute alternative that we created instead userPassword. We use it instead of userPassword which is used for mail and intranet access.
This is an attribute where? In a radius packet?
I was testing openfire but it can't choose the attribute, only uses userPassword, and has a radius plugin a bit outdated...
Have you tried PAM and pam_radius?
2011/5/27 Phil Mayers <p.mayers@imperial.ac.uk>:
The Idea is:
* client connects to XMPP server * client sends uid/radiusPassword (see below) * XMPP server sends MSChapv2 request * radius server replies with yes/no
Interesting. Since the client is sending user/password, why do you want to translate that to an MSCHAP request?
Well, I don't know really but there was a plugin from jradius that could do that, but as I said is somewhat dated
radiusPassword is an attribute alternative that we created instead userPassword. We use it instead of userPassword which is used for mail and intranet access.
This is an attribute where? In a radius packet?
Is an ldap attribute and AFAIK is a checkiTem, I have the following in ldap.attrmap: checkItem Cleartext-Password radiusPassword
I was testing openfire but it can't choose the attribute, only uses userPassword, and has a radius plugin a bit outdated...
Have you tried PAM and pam_radius? -
No yet :) -- -- Sergio Belkin http://www.sergiobelkin.com Watch More TV http://sebelk.blogspot.com LPIC-2 Certified - http://www.lpi.org
participants (3)
-
Alan DeKok -
Phil Mayers -
Sergio Belkin