Quick question about RFC 3579 2.6.5
a.goftari at yahoo.com
Fri Jan 25 13:29:21 CET 2013
Thanks for your answer; I've been testing FreerRadius authentication against Active Directory with Microsoft RRAS setting FreeRadius as the RADIUS server for it and the authentication worked and as for the next step I'll go on configuring my Fortigate firewall to use FreeRadius as a RADIUS server; I'll send the output from radiusd -X for you.
By the way, right now I'm testing something else called ZeroShell which as well is using FreeRadius (config files at /etc/raddv.v2). It has a nice web interface and includes the accounting feature I'm looking for. Anyone knows how to get it integrated with Active Directory?
> From: "A.L.M.Buxey at lboro.ac.uk" <A.L.M.Buxey at lboro.ac.uk>
>To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
>Sent: Friday, January 25, 2013 2:40 PM
>Subject: Re: Quick question about RFC 3579 2.6.5
>> Well, RFC 3579 2.6.5 says : If EAP-Message, then there MUST not be a
>> Reply-Message. I understand the point on this based on the RFC.
>check RFC 5080 - which updates that RFC. however, your reply message is
>not going on as part of the EAP conversation....you are sending the reply
>message to the outer-tunnel as part of the reject...no within the inner-tunnel
>EAP session...so there shouldnt be any EAP message around (but hey, who knows? ! ;-) )
>just run in debug mode (radiusd -X) and check/see what packets and contents
>you are sending
>dont worry too much - some RADIUS servers break all the specs with regards to
>contents of some packets...at least FreeRADIUS gives you the chance to behave
>( I assume you are running the attr filter on access requests to keep the contents
>legal? ;-) )
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freeradius-Users