0

free radius and configure eap or pap with rest

i want use strongswan with free radius and rest module,

i see sql and eap work together, how can configure eap with rest ?

the important part is strongswan not send password to radius server. server os centos 7 free radius and strongswan is in same server

Received Access-Request Id 192 from 127.0.0.1:41400 to 127.0.0.1:1812 length 144 (0) User-Name = "t9" (0) NAS-Port-Type = Virtual (0) Service-Type = Framed-User (0) NAS-Port = 48 (0) NAS-Port-Id = "ios-ikev2-vpn" (0) NAS-IP-Address = 13......14 (0) Called-Station-Id = "138......14[4500]" (0) Calling-Station-Id = "89......1.63[35268]" (0) EAP-Message = 0x02000007017439 (0) NAS-Identifier = "strongSwan" (0) Message-Authenticator = 0xb05e9bf86c4a562d21473e1f75deb7e5 (0) # Executing section authorize from file /etc/raddb/sites-enabled/default

4
  • The common EAP methods are based on challenge response protocols. So neither the RADIUS server, nor strongSwan receive the plaintext password from the client.
    – ecdsa
    Commented May 26, 2020 at 8:48
  • so how sql work with eap ? i want do with rest , instead of sql Commented May 26, 2020 at 19:14
  • The SQL database stores the plaintext passwords (or with EAP-MSCHAPv2 perhaps an NT-Hash), which allows the RADIUS server to compute the same hash the client did, based on the random challenges, and compare the results. Any authentication method that requires plaintext passwords (e.g. if passwords are stored as hashes) can't be used with most VPN clients as they only support challenge-response EAP methods (strongSwan clients can send plaintext passwords to the server via EAP-GTC, but many other clients don't support that method).
    – ecdsa
    Commented May 27, 2020 at 8:17
  • thank you ............ Commented May 27, 2020 at 21:30

0

You must log in to answer this question.

Browse other questions tagged .