Hello All,
I would like to let me know abt my requirement first,
We have a project running under RADIUS under UDP that means we have a existing architecture and APIs to support all the user authentication to RADIUS server via PAP and CHAP under UDP.
We are running on top of FreeBSD OS.
Requirment:
We need the same authentication to happen over a secure network where we need to implement RADIUS TCP/TLS .I need to change my client configuration and required code changes has to be done to adapt with RADIUS server so wher I can be getting client side code to implement RADIUS over TLS.
Queries:
What should I start with?
Is RadSecProxy will be helpful for me at any point of view?
How and where should I implement RADIUS/TLS and client configuration and codes.
Your reply will be much appreciated.
Thanks & Regards,
Javed Akhtar
Technical Lead
mailto:jaakhtar@cisco.com jaakhtar@cisco.com
Tel:
Cisco Systems, Inc.
India cisco.com
Think before you print.
This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message.
Please http://www.cisco.com/web/about/doing_business/legal/cri/index.html click here for Company Registration Information.
Javed jaakhtar@cisco.com wrote Fri, 16 Dec 2016 10:07:32 +0530:
Hello All,
Hello Javed.
We need the same authentication to happen over a secure network where we need to implement RADIUS TCP/TLS .I need to change my client configuration and required code changes has to be done to adapt with RADIUS server so wher I can be getting client side code to implement RADIUS over TLS.
Do I understand you correctly if I think that you have a RADIUS-over-UDP client that you would like to turn into a RADIUS-over-TLS (aka RadSec) client?
What should I start with?
Is RadSecProxy will be helpful for me at any point of view?
For source code to use in your program? It might. But libradsec [0] is probably even more useful to you.
[0] https://git.nordu.net/?p=libradsec.git;a=summary
How and where should I implement RADIUS/TLS and client configuration and codes.
I'm afraid I don't understand the question fully. Can you elaborate a bit?
Yes You are right.
And it is not to convert but we will be giving options if UDP requests are coming then it has to be serve UDP and if TCP communication is happening we need to implement the same over TLS certificate exchange implementation.
Is there anything you can suggest?
Javed Akhtar Technical Lead jaakhtar@cisco.com Tel: Cisco Systems, Inc.
India cisco.com
Think before you print. This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. Please click here for Company Registration Information.
-----Original Message----- From: Linus Nordberg [mailto:linus@nordu.net] Sent: 16 December 2016 13:21 To: Javed jaakhtar@cisco.com Cc: radsecproxy@lists.nordu.net Subject: Re: [radsecproxy] RADIUS TLS implementation
Javed jaakhtar@cisco.com wrote Fri, 16 Dec 2016 10:07:32 +0530:
Hello All,
Hello Javed.
We need the same authentication to happen over a secure network where we need to implement RADIUS TCP/TLS .I need to change my client configuration and required code changes has to be done to adapt with RADIUS server so wher I can be getting client side code to implement
RADIUS over TLS.
Do I understand you correctly if I think that you have a RADIUS-over-UDP client that you would like to turn into a RADIUS-over-TLS (aka RadSec) client?
What should I start with?
Is RadSecProxy will be helpful for me at any point of view?
For source code to use in your program? It might. But libradsec [0] is probably even more useful to you.
[0] https://git.nordu.net/?p=libradsec.git;a=summary
How and where should I implement RADIUS/TLS and client configuration and codes.
I'm afraid I don't understand the question fully. Can you elaborate a bit?
Hello Linus,
Radius v3.x.x has to be implemented in server side and I think it is already available, we need the client side implementation to adapt RADIUS/TLS implementation to initiate request and to handle the access-reply and to authenticate user via certificate exchange.
Is there any package and modules we just can use and instead of writing many files and codes if you can suggest me any exiting template which can b helpful to implement client side configuration and changes.
Kindly let me know if you have any doubts or queries.
Happy to see your reply. Thanks in advance
Javed Akhtar Technical Lead jaakhtar@cisco.com Tel: Cisco Systems, Inc.
India cisco.com
Think before you print. This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. Please click here for Company Registration Information.
-----Original Message----- From: Linus Nordberg [mailto:linus@nordu.net] Sent: 16 December 2016 13:21 To: Javed jaakhtar@cisco.com Cc: radsecproxy@lists.nordu.net Subject: Re: [radsecproxy] RADIUS TLS implementation
Javed jaakhtar@cisco.com wrote Fri, 16 Dec 2016 10:07:32 +0530:
Hello All,
Hello Javed.
We need the same authentication to happen over a secure network where we need to implement RADIUS TCP/TLS .I need to change my client configuration and required code changes has to be done to adapt with RADIUS server so wher I can be getting client side code to implement
RADIUS over TLS.
Do I understand you correctly if I think that you have a RADIUS-over-UDP client that you would like to turn into a RADIUS-over-TLS (aka RadSec) client?
What should I start with?
Is RadSecProxy will be helpful for me at any point of view?
For source code to use in your program? It might. But libradsec [0] is probably even more useful to you.
[0] https://git.nordu.net/?p=libradsec.git;a=summary
How and where should I implement RADIUS/TLS and client configuration and codes.
I'm afraid I don't understand the question fully. Can you elaborate a bit?
-
Javed -
Linus Nordberg