[RADIATOR] EAP iKev2 support in radiator 3.13

2013-02-26 Thread Arya, Manish Kumar 
Hi,

  We are currently running Radiator 3.13. I want to confirm if we can use EAP 
iKev2 with this radius server.
if not then does the latest version of radiator supports this authentication 
method ?


Regards,
-Manish
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] EAP iKev2 support in radiator 3.13

2013-02-26 Thread Alexander Hartmaier 
That's because IKEv2 is no EAP method but an IPSec phase 1 standard.

Best regards, Alex

On 2013-02-26 11:02, Arya, Manish Kumar wrote:
Hi,

  We are currently running Radiator 3.13. I want to confirm if we can use EAP 
iKev2 with this radius server.
if not then does the latest version of radiator supports this authentication 
method ?

Regards,
-Manish



___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator



*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be 
privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

[RADIATOR] Fwd: Re: EAP iKev2 support in radiator 3.13

2013-02-26 Thread Alexander Hartmaier 
Forgot to reply also to the list.

 Original Message 
Subject:Re: [RADIATOR] EAP iKev2 support in radiator 3.13
Date:   Tue, 26 Feb 2013 13:04:37 +0100
From:   Alexander Hartmaier 
Organization:   T-Systems Austria GesmbH
To: Arya, Manish Kumar 



Hi Manish,
I suggest you upgrade to the latest version, Radiator is very backward
compatible, I can't remember a software upgrade that broke our configs
and we're running Radiator since before 2000.
Also check the patches if any of the fixes apply to you.
You can find the list of supported EAP types in the reference manual in
section 5.20.23 EAPType.

Best regards, Alex

On 2013-02-26 12:59, Arya, Manish Kumar wrote:
> Hi Alex,
>
>So Radiator 3.13 can support EAP ? or we should upgrade it ?
>
> Regards,
> -Manish
>
>
> 
> *From:* Alexander Hartmaier 
> *To:* radiator@open.com.au
> *Sent:* Tuesday, February 26, 2013 3:56 PM
> *Subject:* Re: [RADIATOR] EAP iKev2 support in radiator 3.13
>
> That's because IKEv2 is no EAP method but an IPSec phase 1 standard.
> Best regards, Alex
> On 2013-02-26 11:02, Arya, Manish Kumar wrote:
>> Hi,
>>
>>   We are currently running Radiator 3.13. I want to confirm if we can
>> use EAP iKev2 with this radius server.
>> if not then does the latest version of radiator supports this
>> authentication method ?
>>
>> Regards,
>> -Manish
>>
>>
>> ___
>> radiator mailing list
>> radiator@open.com.au 
>> http://www.open.com.au/mailman/listinfo/radiator
>
>
>
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
> Handelsgericht Wien, FN 79340b
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> Notice: This e-mail contains information that is confidential and may
> be privileged.
> If you are not the intended recipient, please notify the sender and then
> delete this e-mail immediately.
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
>
> ___
> radiator mailing list
> radiator@open.com.au 
> http://www.open.com.au/mailman/listinfo/radiator
>



___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

[RADIATOR] ERR: Attribute number 146 (vendor 3076) is not defined in your dictionary aka Cisco bought Altiga in 2000

2013-02-26 Thread Alexander Hartmaier 
After some googling I've found the answer to this question [1] asked on
this list in 2003 [2]
Seems Cisco ASAs, which where called PIX before, where called Altiga
before [3]

The current dictionary that ships with Radiator has the attributes up to
number 137.
The names in the Cisco ASA doc have some common attributes but also
changed and new ones.
I'd replace all Altiga definitions with Cisco-ASA- attributes with their
names from the table in [2] and submit it to the list for replacement in
the default dictionary, does that sound sane after 13 years?

[1]
http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CDIQFjAA&url=http%3A%2F%2Fwww.open.com.au%2Fpipermail%2Fradiator%2F2003-October%2F008053.html&ei=LOksUebXOsvRsgaPpoDQCw&usg=AFQjCNGveQ6v-u4hYtw6RZA5hP8FD_TlUg&sig2=7pknyx-Cqi079pJBCP_SqA&bvm=bv.42965579,d.Yms&cad=rja
[2]
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ref_extserver.html#wp1753749
[3] http://www.networkworld.com/news/2000/0119cistiga.html

--
Best regards, Alex



*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be 
privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] ERR: Attribute number 146 (vendor 3076) is not defined in your dictionary aka Cisco bought Altiga in 2000

2013-02-26 Thread Heikki Vatiainen 
On 02/26/2013 07:04 PM, Alexander Hartmaier wrote:

> After some googling I've found the answer to this question [1] asked on
> this list in 2003 [2]
> Seems Cisco ASAs, which where called PIX before, where called Altiga
> before [3]
> 
> The current dictionary that ships with Radiator has the attributes up to
> number 137.
> The names in the Cisco ASA doc have some common attributes but also
> changed and new ones.
> I'd replace all Altiga definitions with Cisco-ASA- attributes with their
> names from the table in [2] and submit it to the list for replacement in
> the default dictionary, does that sound sane after 13 years?

Since the attributes are in use currently, the updated entries could be
shipped at least as a separate dictionary file for those who need to use
the latest definitions. I have also seen Altiga attributes used in
current Cisco VPN deployments, so I think it would be a good idea to
have the current definitions available too.

If you have the entries, it would be good to see them and then consider
what would be the best way to include them. If there are conflicting
entries, then care would be needed when considering how to add them.
Otherwise any users that may have equipment using them would have an
unfortunate surprise.

Thanks!
Heikki

> [1]
> http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CDIQFjAA&url=http%3A%2F%2Fwww.open.com.au%2Fpipermail%2Fradiator%2F2003-October%2F008053.html&ei=LOksUebXOsvRsgaPpoDQCw&usg=AFQjCNGveQ6v-u4hYtw6RZA5hP8FD_TlUg&sig2=7pknyx-Cqi079pJBCP_SqA&bvm=bv.42965579,d.Yms&cad=rja
> [2]
> http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ref_extserver.html#wp1753749
> [3] http://www.networkworld.com/news/2000/0119cistiga.html
> 
> --
> Best regards, Alex
> 
> 
> 
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
> Handelsgericht Wien, FN 79340b
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> Notice: This e-mail contains information that is confidential and may be 
> privileged.
> If you are not the intended recipient, please notify the sender and then
> delete this e-mail immediately.
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
> 


-- 
Heikki Vatiainen 

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] EAP iKev2 support in radiator 3.13

2013-02-26 Thread Heikki Vatiainen 
On 02/26/2013 12:02 PM, Arya, Manish Kumar wrote:

>   We are currently running Radiator 3.13. I want to confirm if we can
> use EAP iKev2 with this radius server.
> if not then does the latest version of radiator supports this
> authentication method ?

Hello Manish,

Alexander already mentioned how to find out which EAP methods Radiator
supports. If I understand correctly, this is what you are looking for:

  http://tools.ietf.org/html/rfc5106

But as you can see from the reference manual it is not supported by
Radiator.

I am not aware of clients that support this method. It would be
interesting to hear which client you have or how do you plan to use this
EAP method.

Thanks,
Heikki


-- 
Heikki Vatiainen 

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator