Regarding RADIUS Authentication feature Implementation over TLS

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Mon Dec 19 11:30:29 CET 2016


hi,

>We have a project running under RADIUS under UDP that means we have an
>existing architecture and APIs to support all the user authentication to
>RADIUS server via PAP and CHAP  under UDP.

okay

>We need the same authentication to happen over a secure network where we
>need to implement RADIUS TCP/TLS  .I need to change my client configuration
>and required code changes has to be done to adapt with RADIUS server which
>supports RADIUS over TLS.


so, RADSEC.

>Is the existing PAM module any version supports RADIUS over TLS?

all you are doing is changing the transport mechanism. the basic parts of RADIUS stay exactly the same, the modules know no different (in fact, under the RADIUS TLS/TCP there is still the same old RADIUS
packet, even with the same old shared secret still lurking in there! ;-)
 
>If You have any suggestion for client configuration and file changes in
>order to adapt RADIUS over TLS,You may share.

just read the 'tls' virtual server module. configure with required certificate details, add your client details,
restart the server and then configure the client appropriately.

regarding client....I would just point the client at a local, very stripped down FR server (so its just converting the RADIUS UDP into RADIUS TLS/TCP - very very basic config... or even more basic, a local copy of radsecproxy to do the same.

alan


More information about the Freeradius-Users mailing list