Hi, > I've been doing some research and it seems like there has been a lot of > talk about radsec and some movement on the IETF standardization front, but > I'm unclear about the state of radsec within the freeradius codebase. I've > downloaded the current master source as of a few days ago and successfully > compiled it on CentOS 6.2 64bit. Everything seems to work save some EAP > stuff that I'm not using and was able to disable around, but I can't > figure out if the radsec is there and not documented or if it isn't in > there at all.
the 'RADSEC' (RADIUS over TLS/TCP) support is in the master branch: git clone git://git.freeradius.org/freeradius-server.git (read http://git.freeradius.org/) the stuff you are looking for is in the 'tls' virtual server - which isnt enabled by default IIRC - so just put a link from it int sites-enabled....and read the 'tls' virtual server carefully. I am a little concerned about the 'save some EAP stuff that I'm not using and was able to disable around' - you will need to ensure that OpenSSL-devel packages are installed so that you can compile in the TLS support. once you have it running, simply get a 'CA' that your RADIUS servers all trust (I'd go for a private self-signed one) and sign the servers with it....et voila! you can now do RADSEC (oh, with the caveat that all yoru servers will have to have the TCP 2083 port open and firewalls between sites sorted out etc....but i'd assume that work would get done) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html