[ previous ] [ next ] [ threads ]
 
 From:  "Jonathan De Graeve" <Jonathan dot De dot Graeve at imelda dot be>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RADIUS requirements, expectations, help....
 Date:  Tue, 20 Sep 2005 19:04:48 +0200
Hello,

I'm almost finished with the restyle of the radius_authentication.inc
page and want to know what people do expect from the new radius
authentcation system.

I currently changed the $auth_val from simple integer to an array where
$auth_val_array['authstatus'] will be the same as the previous $auth_val
value and followed by the rest of retrieved radius attributes (you can
do whatever you want with them)

For example:

When no correct host was configured:

Auth_list['error'] => Error message: : host not found

Or when authentication did succeed:

Radius Auth succeeded
Auth_list=> ( [authstatus] => 2[framed_protocol] => 1 [class] =>
1869954377 [Login failure] => Account Disabled [filter_id] => permit all
[service_type] => 2 )

So as you can see you can do what you want with the retrieved
attributes.

There's also support for multiple radius servers, I saw that there is
radiusservers[][] so I want to know how to add multiple radiusservers
into the xml config.

For the accounting part (which is yet at 15% of coding) I need to know
if the ipf stats are 64 or 32bit counters since this will be the
decision maker if I'm going to implement gigawords values or not.


I also included support for MSCHAPV1 and MSCHAPV2 authentication so that
PPTP challenges can be directly fetched from the radius-server (don't
know how its implemented at the moment, didn't have a look yet) and
maybe used for the later implementation of enterprise WPA/WPA2

Any help/information would be appreciated.

J.