ocserv 0.9.0
Nikos Mavrogiannopoulos
nmav at gnutls.org
Thu Jan 22 04:52:46 PST 2015
On Thu, Jan 22, 2015 at 1:02 PM, Niels Peen <niels at peen.ch> wrote:
>> - Added native support for radius. That adds the new auth configuration
>> option "radius", which has as parameters the freeradius-client
>> configuration file and optionally the groupconfig option which
>> instructs to read configuration from radius; the stats-report-time
>> option enables interim-updates. That adds the dependency to
>> freeradius-client (see doc/README.radius).
> Working very well so far!
Thank you for testing.
> Is there any way to do radius accounting for those who authenticate
> using certificates? I imagine accounting packets could be sent using
> the username derived from the 'cert-user-oid' setting.
As it is now unfortunately no. The only way is to add radius
authentication in addition to certificate authentication, and have
these users enter a password as well (even if it is empty). For that
to be possible authentication and accounting will have to be split in
ocserv. That looks like a nice improvement, but I don't know how easy
implementation could be.
regards,
Nikos
More information about the openconnect-devel
mailing list