Help needed to configure FreeRADIUS for eduroam
alan buxey
A.L.M.Buxey at lboro.ac.uk
Thu Jun 28 13:07:31 CEST 2012
Hi,
> For some reason, it is working now, I did only tiny changes though.
well..you made changes... obviously they were beneficial
> - the differences between the WiKi
> https://confluence.terena.org/display/H2eduroam/How+to+deploy+eduroam+on-site+or+on+campus
> and the cookbook
> http://www.eduroam.org/downloads/docs/GN2-08-230-DJ5.1.5.3-eduroamCookbook.pdf.
> The configuration files are slightly different.
the wiki is up to date. the cookbook is printed material...and is from GEANT2 days - so older
> - the inner logic behind the virtual servers eduroam and server
> eduroam-inner-tunnel; how it is working; how packets are passed from
> one to the other.
eduroam server passes EAP stuff into eduroam inner-tunnel - just like, by default, the default server passes
things into the inner-tunnel..
how does stuff go into eduroam VS? well, usually via an entry in client.conf which says
to put traffic from a particular NAS into a particualr virtual server
> - how to implement anonymous outer identity? What to configure in
> Radius? Is there any configuration needed in the suplicant?
the RADIUS server will just handle it - it will get to the EAP part and open the tunnel
to see the good stuff inside. be aware that if you have made ANY assumptions about ID based
on the outerID then those can be abused/miscontrued.
anonymous ID ability is based on the supplicant - some supplicants can set it, others cant. some
can set a different realm ini the outer ID, some cant.
alan
More information about the Freeradius-Users
mailing list