Hello Aman, On Monday 10 January 2011 04:11:55 pm Aman Arneja wrote: > Thanx Heikki > > 2 more questions from my clients are as follows > > 1.) When we talk about about Client auth in phase 1, what we meant was that > can there be an EAP TLS Mutual authentication in phase 1 ( Server auth + > Client auth)
Yes, EAP-LS requires that by default. With EAP-TTLS and EAP-PEAP it is not required by default, but it can be enabled by setting EAPTLS_RequireClientCert > > 2.) Also does radiator support Key Agility extensions as defined at > http://tools.ietf.org/html/draft-hanna-eap-ttls-agility-00 No. > > With respect to method chaining and other questions, my client is in the > process of building a client side implementation and thus wanted to know > what all is supported, specially since we have zeroed in on buying radiator > server we just wanted to atleast match u guys in configuration. Hope that helps. Cheers. > > Thanx > > Aman Arneja > > On Sat, Jan 8, 2011 at 3:10 PM, Heikki Vatiainen <h...@open.com.au> wrote: > > On 01/07/2011 01:51 PM, Aman Arneja wrote: > > > I also need some information regarding your ttls support since i am > > > > looking > > > > > at a radius server that can service both SIM and TTLS requests, i need > > > > the > > > > > answers to the following questions. > > > > Good questions. Please see below for answers. > > > > > Features > > > Non-EAP inner methods - Which methods are supported? > > > > There are plenty: the basic ones are PAP, CHAP, MSCHAP ja MSCHAPv2. > > > > The way Radiator has been built makes supporting different inner methods > > easy. The inner method messages are dispatched as new RADIUS messages > > and can be handled in the configuration as their own, not within TTLS. > > > > In other words there is a lot of flexibility with the inner protocols, > > and the ones mentioned above are usually supported and used by clients. > > > > Do you have any specific methods in mind? > > > > > Client auth during phase 1 - Supported, Not/Supported > > > > Supported. The phase 1 message is available for authentication. You can > > for example, first validate MAC address or check WLAN SSID in the outer > > request and only then proceed to continue with phase 2. > > > > > Can identity privacy be explicitly enabled or disabled - on the client > > > > side > > > > > Can session resumption be explicitly enabled or disable - on the client > > > > side > > > > Yes for both. The outer identity can be different from the inner > > identity. Session resumption is supported by Radiator by default and can > > be disabled from the client side. > > > > > Method chaining in Phase 2 > > > > For this you would need to use Radiator with e.g., EAP-FAST where method > > chaining has been well defined. With TTLS methods can in theory be > > chained with clever configuration, but I do not think Radiator has been > > tested or used in such a configuration. > > > > If you have something specific in mind, please let us know. > > > > > Allowing tunnel method as inner method (FAST, PEAP) > > > > This may not been ever tested and I can not verify if this works. If you > > know a client that can do this, we would be very interested to know > > about it. > > > > > Also if you have any competitor analysis on this , like with free > > > radius etc, that would be great !! > > > > Please take a look Radiator technical information at > > http://www.open.com.au/radiator/technical.html > > > > I will check what analysis type of information we may also have. > > > > > Thanx > > > > > > Aman Arneja > > > > Thanks! > > > > Heikki Vatiainen > > > > -- > > Heikki Vatiainen <h...@open.com.au> > > > > Radiator: the most portable, flexible and configurable RADIUS server > > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > > DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, > > NetWare etc. -- Mike McCauley mi...@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
