Access-Challenge with FreeRadius

classic Classic list List threaded Threaded
7 messages Options
| Threaded
Open this post in threaded view
|

Access-Challenge with FreeRadius

hughdavid
Hello,

I am a new user of FreeRadius (on windows)
I have the same question as this post: How to configure freeRADIUS server so it replies with a PAP "access-challenge" message on "access-request" from a client?

http://freeradius.1045715.n5.nabble.com/Help-me-with-Access-Challenge-configuration-td4296727.html

Any help is greatly appreciated! Thanks in advance

Best Regards,

Zhuoming (zhuoming.huang@gmail.com)
| Threaded
Open this post in threaded view
|

Re: Access-Challenge with FreeRadius

EsdrasCaleb
well i am working with a linux as server and don't have acess to the debug mod if i get anything I will tell to you

On Wed, Nov 9, 2011 at 3:03 PM, hughdavid <[hidden email]> wrote:
Hello,

I am a new user of FreeRadius (on windows)
I have the same question as this post: How to configure freeRADIUS server so
it replies with a PAP "access-challenge" message on "access-request" from a
client?

http://freeradius.1045715.n5.nabble.com/Help-me-with-Access-Challenge-configuration-td4296727.html

Any help is greatly appreciated! Thanks in advance

Best Regards,

Zhuoming ([hidden email])

--
View this message in context: http://freeradius.1045715.n5.nabble.com/Access-Challenge-with-FreeRadius-tp4978370p4978370.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



--

"Não se VAI à Igreja. Se É Igreja."




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Access-Challenge with FreeRadius

David Mitton
In reply to this post by hughdavid
And if you read that thread... you find that the short answer is you don't.
There is no configuration option to generate messages.

The authentication method implementation logic knows what interactions  
it supports and generates the appropriate messages.  Some auth methods  
will never use an Access-Challenge,  some always will (EAP).   Some  
vary depending on the auth.

e.g. some RADIUS servers will send A-C in PAP if they are  
authenticating SecurID.  (not recommended but it's out there)

Bottom line; you are framing the problem incorrectly and asking the  
wrong question.

Dave.




Quoting hughdavid <[hidden email]>:

> Hello,
>
> I am a new user of FreeRadius (on windows)
> I have the same question as this post: How to configure freeRADIUS server so
> it replies with a PAP "access-challenge" message on "access-request" from a
> client?
>
> http://freeradius.1045715.n5.nabble.com/Help-me-with-Access-Challenge-configuration-td4296727.html
>
> Any help is greatly appreciated! Thanks in advance
>
> Best Regards,
>
> Zhuoming ([hidden email])
>
> --
> View this message in context:  
> http://freeradius.1045715.n5.nabble.com/Access-Challenge-with-FreeRadius-tp4978370p4978370.html
> Sent from the FreeRadius - User mailing list archive at Nabble.com.
> -
> List info/subscribe/unsubscribe? See  
> http://www.freeradius.org/list/users.html
>


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Access-Challenge with FreeRadius

A.L.M.Buxey
In reply to this post by hughdavid
The thread link posted has already git several answers in it...and ends quite clearly. Why are you trying to drag this up again? Some coursework?

alan


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Access-Challenge with FreeRadius

hughdavid
In reply to this post by David Mitton
David,

Thanks for your reply, it was very clear

I thought that we can configure FreeRadius to implement the methods, that generate Access-Challenge messages for PAP protocol, and we can define some logic scenarios for these challenge exchanges

Apparently it is not possible with FreeRadius

Zhuoming

| Threaded
Open this post in threaded view
|

SecurID, Re: Access-Challenge with FreeRadius

Alan DeKok-2
In reply to this post by David Mitton
David Mitton wrote:
> e.g. some RADIUS servers will send A-C in PAP if they are authenticating
> SecurID.  (not recommended but it's out there)

  2.1.12 includes an experimental rlm_securid.  We expect to have an
approved && production-ready version for the next release.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Access-Challenge with FreeRadius

Alan DeKok-2
In reply to this post by hughdavid
hughdavid wrote:
> I thought that we can configure FreeRadius to implement the methods, that
> generate Access-Challenge messages for PAP protocol, and we can define some
> logic scenarios for these challenge exchanges
>
> Apparently it is not possible with FreeRadius

  Yes, it is.  But you need to write the code to make it do that.  There
is no pre-packaged configuration saying "implement Access-Challenge here"

  All Access-Challenge scenarios are tied to pre-existing authentication
methods.  e.g. EAP, SecurID, etc.  If you're technical enough to
implement your own Access-Challenge method, you're technical enough to
*implement* your own Access-Challenge method.

  If you can't figure out how to implement Access-Challenge in the
server (hint: there are examples), then you don't need to implement it.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html