[jira] [Commented] (GUACAMOLE-197) Implement Support for RADIUS Authentication

Mon, 05 Jun 2017 14:33:14 -0700 

    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16037634#comment-16037634
 ] 

Colin Gordon commented on GUACAMOLE-197:
----------------------------------------

[~nick.couch...@yahoo.com] Correct, it looks like it would need to be a DB + 
RADIUS implementation, since there is not a way currently to return connection 
information from a RADIUS server like with LDAP. My guess is that yes, it would 
require the creation of connection "groups" on the Guac side, then the returned 
RADIUS attributes could correspond to the groups. RADIUS accounting is not 
critical since we can grab log info via Syslog, but I support RADIUS 
interim-updates with similar Syslog-like data would be nice.

I would love to contribute code if I had the skill. I'm more of an 
implementation and systems specialist. Thanks!

> Implement Support for RADIUS Authentication
> -------------------------------------------
>
>                 Key: GUACAMOLE-197
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-197
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacamole, guacamole-client
>            Reporter: Nick Couchman
>            Assignee: Nick Couchman
>            Priority: Minor
>             Fix For: 0.9.14-incubating
>
>
> Working on implementing a RADIUS authentication module - 
> guacamole-auth-radius.  The basic implementation is completed - with a basic 
> PAP or CHAP RADIUS server, the authentication succeeds and the user is logged 
> in.
> I'm running into an issue, though, trying to implement Challenge/Response in 
> RADIUS.  I have my RADIUS server configured to talk to LinOTP for MFA/2FA, 
> and RADIUS sends the AccessChallenge package back, asking for the second 
> factor.  My issue is in my continual failure to grasp the connection between 
> the servlet side and the AngularJS web application.  I've copied the Duo 
> authentication code and tried to morph it into something that will present 
> another box for the RADIUS challenge, but I can't get my controller function 
> to actually fire.
> Once that is working, I'd like to support other RADIUS authentication 
> protocols, like EAP-TLS and EAP-TTLS, so there's a little more work to be 
> done, but right now I'm focusing on the basic protocols and the 
> challenge/response.
> Will have a repo posted here in a moment for working on this.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to