FreeRADIUS Clause Samples
FreeRADIUS. The FreeRADIUS implementation of CUI support was first done as a proof-of-concept. It has served as a basis for tests and resulting work on further extensions. This implementation has been tested within the GN3 project by several participating institutions. The implementation is also running on a busy production server in ▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇▇ University in Torun, Poland. FreeRADIUS permits extensive amounts of configuration. It has been found that all CUI related support can be done exclusively using those configuration capabilities. No code modifications have been necessary on the side of the GN3 project. The developers of FreeRADIUS added a feature in the server core to streamline the GN3 implementation. Stating that the implementation is merely configuration should not give the impression that this is a trivial task. FreeRADIUS configuration is very complex and utilises a special internal language. As in our case, the configuration language can be used to create new modules. GN3 implementation has been done in a form of a tar file which can be unpacked on top of a production server installation. A detailed README file is provided and all files are extensively commented. It has been tested that adding CUI support to a running server is not difficult and can be done quickly. The temporary database is implemented as a MySQL database. The communication between this database and the FreeRADIUS server is done as an additional module, being an instance of the generic MySQL FreeRADIUS module.
FreeRADIUS. Add the following lines in eap.conf file under eap group: gtc { } challenge = “Password: “ auth_type = LDAP The value of auth_type must correspond with the usual Auth-Type definition in the authentication stanza in the server (in this example it is ldap). In the ttls group add: ttls { } default_eap_type = gtc
FreeRADIUS eduroam is expected to be the first or one of the first federations to implement and utilise Federated TNC. A starting point for this scenario is to implement Federated TNC in FreeRADIUS, but as of this writing, there is no production-ready implementation. However, this situation is expected to improve in the future because ▇▇▇▇▇(UK) has been working on the (non-federated) Microsoft variant “Statement of Health”. JRA3 T1 is making RADIUS attributes from the ▇▇▇▇▇▇ Enterprise Object Identifier (OID) space available to ▇▇▇▇▇(UK) to permit extension of TNC to a federated scenario.