TCP/TLS - radsec / application

Brian Julin BJulin at clarku.edu
Fri Mar 23 18:38:10 CET 2012


> Jason Rohm wrote:
> I'm unclear about the state of 
> radsec within the freeradius codebase. I've downloaded the 
> current master source as of a few days ago and successfully 
> compiled it on CentOS 6.2 64bit. Everything seems to work 
> save some EAP stuff that I'm not using and was able to 
> disable around, but I can't figure out if the radsec is there 
> and not documented or if it isn't in there at all.

> -Is the radsec code included in the mainline git repo?
> -If not, where do I get it?

The repository code has it, I have it up and working to our
federation server, where they run radiator.  Over
the last few weeks some bugs have surfaced, but some have
been patched already and I suspect the rest of the 
patches should land in the repository before too long.

> -If so, does anyone have any quick and dirty doc somewhere or 
> a working example?

The docs don't plaster the word "RadSec" everywhere it is just 
setting the protocol on home servers or listen directives to
TCP and setting some additional options, as documented in 
etc/raddb/sites-available/tls (in the git tree, of course)

(Dealing with the cert stuff is the most fiddly part of it
and will help to have openssl expertise on hand.)

> -Am I nuts for even trying this?

Only if your timeline does not allow several months for
performance and long-term stability testing/patching,
because you'll be bleeding edge at this point.



More information about the Freeradius-Users mailing list