0

free radius and configure eap or pap with rest

i want use strongswan with free radius and rest module,

i see sql and eap work together, how can configure eap with rest ?

the important part is strongswan not send password to radius server. server os centos 7 free radius and strongswan is in same server

Received Access-Request Id 192 from 127.0.0.1:41400 to 127.0.0.1:1812 length 144 (0) User-Name = "t9" (0) NAS-Port-Type = Virtual (0) Service-Type = Framed-User (0) NAS-Port = 48 (0) NAS-Port-Id = "ios-ikev2-vpn" (0) NAS-IP-Address = 13......14 (0) Called-Station-Id = "138......14[4500]" (0) Calling-Station-Id = "89......1.63[35268]" (0) EAP-Message = 0x02000007017439 (0) NAS-Identifier = "strongSwan" (0) Message-Authenticator = 0xb05e9bf86c4a562d21473e1f75deb7e5 (0) # Executing section authorize from file /etc/raddb/sites-enabled/default

user3652881
  • 1
  • 1
  • The common EAP methods are based on challenge response protocols. So neither the RADIUS server, nor strongSwan receive the plaintext password from the client. – ecdsa May 26 '20 at 08:48
  • so how sql work with eap ? i want do with rest , instead of sql – user3652881 May 26 '20 at 19:14
  • The SQL database stores the plaintext passwords (or with EAP-MSCHAPv2 perhaps an NT-Hash), which allows the RADIUS server to compute the same hash the client did, based on the random challenges, and compare the results. Any authentication method that requires plaintext passwords (e.g. if passwords are stored as hashes) can't be used with most VPN clients as they only support challenge-response EAP methods (strongSwan clients can send plaintext passwords to the server via EAP-GTC, but many other clients don't support that method). – ecdsa May 27 '20 at 08:17
  • thank you ............ – user3652881 May 27 '20 at 21:30

0 Answers0