[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: Authenticator -to- RADIUS connection
From: Alan DeKok <aland () deployingradius ! com>
Date: 2021-10-05 17:49:29
Message-ID: 3FDAEFEE-1B4C-4F5D-87F1-FD5BC28B82EF () deployingradius ! com
[Download RAW message or body]
On Oct 5, 2021, at 1:00 PM, Turner, Randy <Randy.Turner@landisgyr.com> wrote:
> We are using a package called "hostapd" to talk to FreeRADIUS – in some of the \
> hostapd documentation they refer to hostapd as an 802.1x "authenticator"
Yes. 802.1X != RADIUS. They use different terminology, because they are different \
protocols, and do different (but related) things.
And why not just say from the start that you're using hostap? It's *always* better \
to be precise. Especially if you're not familiar with the technology.
> This was the term I used in my original question which may have readers thinking I \
> meant the actual device that was trying to access the network.
I didn't know what you meant. Because as soon as someone uses the wrong \
terminology, all bets are off.
> In FreeRADIUS parlance, I think hostapd is called a NAS – it's the \
> NAS-to-FreeRADIUS connection I was referring to.
This is not "FreeRADIUS parlance". The term "NAS" goes back to at least 1993, and \
the first RADIUS standards. A little bit of reading on the basic terminology would \
help.
So you're still confused about which things are involved, and what they do. I'm \
still not sure what you're asking.
The "NAS to FreeRADIUS" connection uses RADIUS. You can't use any other protocol \
there.
The "end user to hostap" connection uses 802.1X, which includes EAP. The EAP \
packets are then placed inside of RADIUS by the NAS, sent to FreeRADIUS.
EAP can carry many different kinds of authentication. EAP-TLS, EAP-TTLS, etc.
All of this information is available on the net (including Wikipedia) if you go \
look.
What is frustrating here is not just using the wrong terminology, it's also \
metering out of additional information all through the conversation. It would have \
been very simple to say "I have a computer using WiFi, I have hostap, and I want to \
authenticate the user device via FreeRADIUS". That would have given us *useful* \
information.
Instead, it's a vague question using incorrect terms, followed by "Oh yeah, I'm \
using this, too". This is frustrating.
Spend an hour or so reading the Wikipedia pages on RADIUS and EAP. That should \
clarify a lot of issues. And PLEASE give useful information in messages. That helps \
enormously.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic