[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Authenticator -to- RADIUS connection
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2021-10-05 17:49:29
Message-ID: 3FDAEFEE-1B4C-4F5D-87F1-FD5BC28B82EF () deployingradius ! com
[Download RAW message or body]

On Oct 5, 2021, at 1:00 PM, Turner, Randy <Randy.Turner@landisgyr.com> wrote:
> We are using a package called "hostapd" to talk to FreeRADIUS – in some of the \
> hostapd documentation they refer to hostapd as an 802.1x "authenticator"

  Yes.  802.1X != RADIUS.  They use different terminology, because they are different \
protocols, and do different (but related) things.

  And why not just say from the start that you're using hostap?  It's *always* better \
to be precise.  Especially if you're not familiar with the technology.

> This was the term I used in my original question which may have readers thinking I \
> meant the actual device that was trying to access the network.

  I didn't know what you meant.  Because as soon as someone uses the wrong \
terminology, all bets are off.

> In FreeRADIUS parlance, I think hostapd is called a NAS – it's the \
> NAS-to-FreeRADIUS connection I was referring to.

  This is not "FreeRADIUS parlance".   The term "NAS" goes back to at least 1993, and \
the first RADIUS standards.  A little bit of reading on the basic terminology would \
help.

  So you're still confused about which things are involved, and what they do.  I'm \
still not sure what you're asking.

 The "NAS to FreeRADIUS" connection uses RADIUS.  You can't use any other protocol \
there.

  The "end user to hostap" connection uses 802.1X, which includes EAP.  The EAP \
packets are then placed inside of RADIUS by the NAS, sent to FreeRADIUS.

  EAP can carry many different kinds of authentication.  EAP-TLS, EAP-TTLS, etc.

  All of this information is available on the net (including Wikipedia) if you go \
look.

  What is frustrating here is not just using the wrong terminology, it's also \
metering out of additional information all through the conversation.  It would have \
been very simple to say "I have a computer using WiFi, I have hostap, and I want to \
authenticate the user device via FreeRADIUS".  That would have given us *useful* \
information.

  Instead, it's a vague question using incorrect terms, followed by "Oh yeah, I'm \
using this, too".  This is frustrating.

  Spend an hour or so reading the Wikipedia pages on RADIUS and EAP.  That should \
clarify a lot of issues.  And PLEASE give useful information in messages.  That helps \
enormously.  
  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]