how many clients use TCP Radius
Florin Andrei
florin at andrei.myip.org
Wed May 4 03:01:38 CEST 2016
On 2016-05-03 17:56, Alan DeKok wrote:
> On May 3, 2016, at 8:45 PM, Florin Andrei <florin at andrei.myip.org>
> wrote:
>>
>> What clients actually use Radius over TCP? I can't find anything out
>> there that's widely deployed and can query a Radius server over TCP.
>> E.g. the Cisco documentation for routers, etc. seems to indicate that
>> they only do UDP.
>
> Most things only do UDP.
>
>> The reason why I'm asking - I'm looking into setting up authentication
>> for a variety of clients, with Radius used as a transport protocol,
>> and I'm wondering if it's worth the trouble to even think about
>> enabling TCP, or promising I could offer TCP.
>
> Don't use TCP. Use TLS over TCP. The RADIUS over TCP RFC says this
> explicitly.
Yup. I was looking at Radsec the other day. The problem is, if a lot of
clients out there only do UDP, then Radsec is not really an option,
unfortunately.
I can't find even a single example of a client that can connect to a
Radius server via TCP. Not custom-written clients that someone wrote
specifically to do that, but devices or apps that are in fairly common
use and just employ Radius for authentication.
--
Florin Andrei
http://florin.myip.org/
More information about the Freeradius-Users
mailing list