SlideShare a Scribd company logo

TNC19 Radiator Technical Workshop -- Meet Radiator developers

Radiator Software
Radiator Software

TNC19 Radiator technical workshop presentation about Radiator AAA server software's new features and fine tuning tips.

Software
1 of 25
Download to read offline
Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software TNC19 Radiator Technical Workshop Meet Radiator developers
Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Radiator Software ● Former (Australian) Open System Consultants and (Finnish) Arch Red ● Maker of Radiator AAA server ○ Formerly Radiator RADIUS server
Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Hi! ● Senior Software Engineer at Radiator Software 1. Radiator fine tuning and configuration hints Radiator reference manual: https://www.open.com.au/radiator/ref 2. Use cases 3. Open discussion, questions, feature requests, etc.
Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Radiator fine tuning: Config and logging ● Use Identifiers in configuration stanzas, e.g. <Client 10.20.30.40> Identifier SomeClient ... </Client> <AuthBy LDAP2> Identifier MyLDAPauthN ... </AuthBy> <Handler Client-Identifier=SomeClient> Identifier MyFirstHandler ... # Refer to AuthBy "MyLDAPauthN" AuthBy MyLDAPauthN </Handler> DEBUG: Handling request with Handler 'Client-Identifier=SomeClient', Identifier 'MyFirstHandler' ... DEBUG: Handling with Radius::AuthLDAP2: MyLDAPauthN
Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Radiator fine tuning: Config and logging ● Include microsecond timestamp in log messages with LogMicroseconds ● Include per request identifier in log messages with LogTraceId ● Include FarmSize process number (not PID) in log messages with LogFarmInstance
Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Radiator fine tuning: Config and logging 0 00000000 Wed Jun 19 12:02:22 2019 848353: NOTICE: Server started: Radiator 4.23 on MacBook.local 0 00000000 Wed Jun 19 12:02:22 2019 848723: DEBUG: Forking server farm instance 1 0 00000000 Wed Jun 19 12:02:22 2019 850548: DEBUG: Forking server farm instance 2 ... 1 d6ee82e0 Wed Jun 19 12:02:25 2019 326192: DEBUG: Handling request with Handler 'Client-Identifier=DefaultClient', Identifier 'MyFirstHandler' 1 d6ee82e0 Wed Jun 19 12:02:25 2019 329508: DEBUG: Handling with Radius::AuthLDAP2: MyLDAPauthN ... 1 d6ee82e0 Wed Jun 19 12:02:25 2019 336772: DEBUG: Access accepted for mikem ... 2 429ddd20 Wed Jun 19 12:02:46 2019 291892: DEBUG: Handling request with Handler 'Client-Identifier=DefaultClient', Identifier 'MyFirstHandler' 2 429ddd20 Wed Jun 19 12:02:46 2019 297315: DEBUG: Handling with Radius::AuthLDAP2: MyLDAPauthN ... 2 429ddd20 Wed Jun 19 12:02:46 2019 308468: DEBUG: Access accepted for mikem
Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Radiator fine tuning: Config and logging ● Logging to a file is faster than logging to Syslog or SQL ○ Output format can also be JSON, but make sure to use XS for speed # This auth logger logs both success and failure to a file in # JSON format. The JSON Perl module must be installed. <AuthLog FILE> Identifier myauthlogger-json Filename %L/authlog.json LogFormatHook sub { Radius::LogFormat::format_authlog_json(@_); } LogSuccess 1 LogFailure 1 LogIgnore 1 </AuthLog> {"username":"mikem","type":"authentication","source_host":"MacBook.local", "timestamp":"Wed Jun 19 12:13:13 2019", "Trace_id":"75b0de60","result":"accept","nas_port":"1234", "Called_station_id":"123456789","time":1560935593.70994, "Nas_ip_address":"203.63.154.1","nas_identifier":"203.63.154.1", "calling_station_id":"987654321"}
Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Radiator fine tuning: Config and logging ● Logging to a file is faster than logging to Syslog or SQL ○ Output format can also be JSON, but make sure to use XS for speed # This acct logger logs accounting to a file in # JSON format. The JSON Perl module must be installed. <AcctLog FILE> Identifier myacctlogger-json OutputFormat JSON Filename %L/acctlog.json # Use RADIUS attribute as JSON field name #AcctLogOutputDef Connect-Info # Map attribute to JSON field #AcctLogOutputDef Custom-Event-Timestamp, Event-Timestamp # Use special variables #AcctLogOutputDef Custom-Original-Username, %u #AcctLogOutputDef Custom-User-Name, %n </AcctLog> {"Acct-Delay-Time":"0","Acct-Input-Octets":"20000","NAS-Port":"1234", "type":"accounting","timestamp":"Wed Jun 19 14:15:22 2019", "NAS-Port-Type":"Async","User-Name":"mikem", "Calling-Station-Id":"987654321","time":1560942922.2841, "Service-Type":"Framed-User","trace_id":"405e1d10", "NAS-IP-Address":"203.63.154.1","Acct-Status-Type":"Stop", "Acct-Output-Octets":"30000","Event-Timestamp":"1560942921", "Called-Station-Id":"123456789","source_host":"MacBook.local", "Timestamp":"1560942921","NAS-Identifier":"203.63.154.1", "result":"accept","Acct-Session-Time":"1000", "Acct-Session-Id":"00001234"}
Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Radiator fine tuning: Config and logging ● Include a reject reason in <AuthLog> <AuthLog FILE> Identifier authlog-file Filename %L/authentication.log ... SuccessFormat %l trace_id='%2' user='%u' client='%c/%{Client:Identifier}' nas='%N/%{NAS-Identifier}' handler='%{Handler:Identifier}' calling-station='%{Request:Calling-Station-Id}' called-station='%{Called-Station-Id}' result='OK' FailureFormat %l trace_id='%2' user='%u' client='%c/%{Client:Identifier}' nas='%N/%{NAS-Identifier}' handler='%{Handler:Identifier}' calling-station='%{Request:Calling-Station-Id}' called-station='%{Called-Station-Id}' reason='%1' result='FAIL' IgnoreFormat %l trace_id='%2' user='%u' client='%c/%{Client:Identifier}' nas='%N/%{NAS-Identifier}' handler='%{Handler:Identifier}' calling-station='%{Request:Calling-Station-Id}' called-station='%{Called-Station-Id}' reason='%1' result='IGNORE' </AuthLog>
Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Radiator fine tuning: Config and logging % tail -n 2 authentication.log Wed Jun 19 12:22:37 2019 trace_id='70077480' user='mikem' client='127.0.0.1/loopback-client' nas='203.63.154.1/203.63.154.1' handler='default-handler' calling-station='987654321' called-station='123456789' reason='Bad Password' result='FAIL' Wed Jun 19 12:28:40 2019 trace_id='2c9218b0' user='mikem' client='127.0.0.1/loopback-client' nas='203.63.154.1/203.63.154.1' handler='default-handler' calling-station='987654321' called-station='123456789' reason='User database access error' result='IGNORE' %
Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Radiator fine tuning: Config and logging ● Use ResponseTimeThreshold to define a response time threshold # Log if request handling takes more than 0.1 seconds ResponseTimeThreshold 100 0 0c886b10 Wed Jun 19 13:57:32 2019 174079: WARNING: Response time 1012.875 ms for Access-Request id 105 exceeded 100 ms. (User: 'mikem', Client: 'DEFAULT' (DefaultClient), Handler: 'Client-Identifier=DefaultClient' (MyFirstHandler), Last AuthBy: 'LDAP2' (MyLDAPauthN))
Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Configuration hints: SessionDatabase ● Configure <SessionDatabase NULL> to disable SessionDatabase # Disable SessionDatabase <SessionDatabase NULL> Identifier SessDBNull </SessionDatabase> ● By default in-memory <SessionDatabase INTERNAL> is used ... 2c9218b0 Wed Jun 19 12:28:40 2019 194849: DEBUG: Handling request with Handler '', Identifier 'MyFirstHandler' 2c9218b0 Wed Jun 19 12:28:40 2019 195350: DEBUG: SessINTERNAL: Deleting session for mikem, 203.63.154.1, 1234 2c9218b0 Wed Jun 19 12:28:40 2019 195712: DEBUG: Handling with Radius::AuthLDAP2: MyLDAPauthN ...
Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Configuration hints: AuthN protocols ● Use AuthenProto in <AuthBy> to allow only certain authN protocols, e.g. only PAP or only EAP. <AuthBy LDAP2> Identifier MyLDAPauthN … # Allow only EAP and MSCHAPv2 AuthenProto EAP, MSCHAPv2 </AuthBy> … 1 c70b33d0 Wed Jun 19 12:48:08 2019 858532: DEBUG: Handling request with Handler 'Client-Identifier=DefaultClient', Identifier 'MyFirstHandler' 1 c70b33d0 Wed Jun 19 12:48:08 2019 862880: DEBUG: Handling with Radius::AuthLDAP2: MyLDAPauthN 1 c70b33d0 Wed Jun 19 12:48:08 2019 864139: DEBUG: AuthBy FILE result: REJECT, Authentication protocol PAP not allowed by AuthenProto configuration parameter 1 c70b33d0 Wed Jun 19 12:48:08 2019 865404: INFO: Access rejected for mikem: Authentication protocol PAP not allowed by AuthenProto configuration parameter ...
Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Configuration hints: Usernames and realms ● Use UsernameCharset to refuse username with garbage bytes # Permit only alphanumeric, period, underscore, the @-sign, and dash UsernameCharset a-zA-Z0-9._@- ● Use RewriteUsername and RewriteFunction hook to rewrite username realms before authenticating against the backend # Rewrite user realms with “domain.local” before authentication RewriteUsername s/^([^@]+)@.*/$1@domain.local/ ● <AuthBy LSA> has LSARewriteHook to rewrite NTLM username realm with “domain.local” before AD LSA authentication
Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Configuration hints: Proxy health check ● Instead of Status-Server keepalives, Access-Request can be used to check proxy server health with RADIUS PAP authentication <AuthBy RADIUS> Identifier SomeProxyServer Host 20.30.40.50 ... # Send Access-Request as keepalive probe UseStatusServerForFailureDetect KeepaliveTimeout 15 KeepaliveRequestType Access-Request AddToKeepaliveRequest User-Name=mikem,User-Password=fred KeepaliveNoreplyTimeout 3 Retries 2 RetryTimeout 5 FailureBackoffTime 900 MaxFailedRequests 3 MaxFailedGraceTime 60 </AuthBy>
Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Configuration hints: Combining AuthBys ● Add Asynchronous to <AuthBy RADIUS> and <AuthBy RADSEC> when combined with other AuthBys <Handler ...> Identifier ProxyAndAuthorize <AuthBy RADSEC> Identifier UpstreamProxy Asynchronous </AuthBy> # Local SQL for authZ and/or reply attributes (VLAN ID etc.) <AuthBy SQL> Identifier AuthorizeLocally NoCheckPassword NoDefault … </AuthBy> </Handler>
Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Configuration hints: EAP ● Use separate <Handler ...> for outer and inner EAP ○ <AuthLog> in inner <Handler> can log the real EAP identity! # Inner EAP <Handler TunnelledByPEAP=1> Identifier Inner-EAP <AuthBy LDAP2> ... EAPType MSCHAP-V2 </AuthBy> AuthLog MyAuthLog </Handler> # Outer EAP (will match just PEAP) <Handler EAPTypeName=PEAP> Identifier Outer-EAP <AuthBy FILE> Identifier Terminate-PEAP EAPType PEAP ... </AuthBy> AuthLog MyAuthLog </Handler> # Handle everything by a single handler <Handler> <AuthBy ...> EAPType PEAP, MSCHAP-V2 </AuthBy> </Handler> NOT LIKE THIS
Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Configuration hints: EAP contexts ● Use EAPContextTimeout to configure max time for EAP authentications ● Unfinished PEAP, EAP-TLS, EAP-TTLS authentications often caused by EAP client failing to verify AAA server’s certificate. % tail -n 1 authentication.log Wed Jun 19 13:51:12 2019 trace_id='786c3290' user='anonuser' client='127.0.0.1/' nas='127.0.0.1/' handler='' calling-station='02-00-00-00-00-01' called-station='' reason='Cleared expired unfinished EAP-PEAP context, elapsed time 10.10998. Client never finished authentication.' result='FAIL' %
Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Configuration hints: EAP contexts ● Use EAP_UseState to use RADIUS State attr. for identifying EAP contexts Wed Jun 19 13:40:49 2019: DEBUG: Access challenged for anonuser: EAP PEAP Challenge Wed Jun 19 13:40:49 2019: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 55851 .... Code: Access-Challenge Identifier: 0 Authentic: <0>(<13>u<194><185>9b<30><152><7><231><8><0><10>_ Attributes: EAP-Message = <1><1><0><6><25> State = 01:d41d8cd98f00b204e9800998ecf8427e:23b104f0:6d524d61854712704f5b88abe726dd1d: Message-Authenticator = yQFMjhK<229><31><179><250><219>YeA<160> Wed Jun 19 13:40:49 2019: DEBUG: Packet dump: *** Received from 127.0.0.1 port 55851 .... Code: Access-Request Identifier: 1 Authentic: <191><26>&<191>)<173><145><212><190><248><174><225><247>[L<230> Attributes: User-Name = "anonuser" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-IEEE-802-11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = <2><1><1>F<25><128><0><0><1>...*redacted* State = 01:d41d8cd98f00b204e9800998ecf8427e:23b104f0:6d524d61854712704f5b88abe726dd1d: Message-Authenticator = Z<157>$k<239><160><9><181><233>@<144><200><128>6O<240>
Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Configuration hints: Statistics ● Use <StatsLog …> for monitoring Radiator usage <StatsLog FILE> Identifier MyStatsLogFILE Interval 600 Filename %L/radiator.statistics-%Y-%m-%d # Don't print headers #Header # Output format either text or json OutputFormat text # Counters type can be either # cumulative, derivative, or packet_rate StatsType derivative </StatsLog> #*StatsLog FILE header redacted from here* 1012954338:ServerConfig:server1:46:0:0:46:90:90:0:0:0:0:0:0:0:0:0:0:0:0:0:136:0.0634664733232673 1012954338:Client:DEFAULT:46:0:0:46:90:90:0:0:0:0:0:0:0:0:0:0:0:0:0:136:0.0634664733232673 1012954338:Client:10.20.30.40:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 1012954338:Handler:Realm=DEFAULT:46:0:0:46:90:90:0:0:0:0:0:0:0:0:0:0:0:0:0:136:0.0634664733232673 1012954338:AuthBy:id1:46:0:0:46:90:90:0:0:0:0:0:0:0:0:0:0:0:0:0:136:0.0634664733232673 1012954338:Handler:Realm=my.realm:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 1012954338:AuthBy:id2:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 ...
Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Use case examples: Group based VLAN ID ● User group based VLAN ID assignment ○ goodies/authorize-group1.cfg ○ goodies/authorize-group2.cfg
Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Use case examples: TACACS+ server ● <ServerTACACSPLUS> stanza enables Radiator to work as TACACS+ server for network device authN/authZ/acct ○ goodies/tacacsplusserver.cfg
Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Use case examples: Standard TOTP 2FA ● Combining different <AuthBy>(s) for authN and authZ ● E.g. Using standard TOTP/HOTP 2FA with LDAP or SQL ○ goodies/radmin_totp.cfg (password format used: <password><totp_code>, E.g. “my#Secret!Password654321”) Time based TOTP code
Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Use case examples: Chef and Ansible ● Radiator Chef cookbook https://supermarket.chef.io/cookbooks/radiator ● Radiator Ansible role to be published https://galaxy.ansible.com/
Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Questions, comments, stories? ● Your experience and feedback? ● Missing features big and small? ● Radiator container images?

Recommended

IBM - Hey FIDO, Meet Passkey!.pptx
IBM - Hey FIDO, Meet Passkey!.pptxIBM - Hey FIDO, Meet Passkey!.pptx
IBM - Hey FIDO, Meet Passkey!.pptxFIDO Alliance
 
swampUP: Over-The-Air (OTA) firmware upgrades for Internet of Things devices ...
swampUP: Over-The-Air (OTA) firmware upgrades for Internet of Things devices ...swampUP: Over-The-Air (OTA) firmware upgrades for Internet of Things devices ...
swampUP: Over-The-Air (OTA) firmware upgrades for Internet of Things devices ...Ivan Kravets
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentestingn|u - The Open Security Community
 
WebAuthn and Security Keys
WebAuthn and Security KeysWebAuthn and Security Keys
WebAuthn and Security KeysFIDO Alliance
 
A5-Security misconfiguration-OWASP 2013
A5-Security misconfiguration-OWASP 2013 A5-Security misconfiguration-OWASP 2013
A5-Security misconfiguration-OWASP 2013 Sorina Chirilă
 
Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthnFIDO Alliance
 
富士通によるFIDOソリューションの展開について
富士通によるFIDOソリューションの展開について富士通によるFIDOソリューションの展開について
富士通によるFIDOソリューションの展開についてFIDO Alliance
 
Burp suite
Burp suiteBurp suite
Burp suitepenetration Tester
 

Recommended

IBM - Hey FIDO, Meet Passkey!.pptx
IBM - Hey FIDO, Meet Passkey!.pptxIBM - Hey FIDO, Meet Passkey!.pptx
IBM - Hey FIDO, Meet Passkey!.pptxFIDO Alliance
 
swampUP: Over-The-Air (OTA) firmware upgrades for Internet of Things devices ...
swampUP: Over-The-Air (OTA) firmware upgrades for Internet of Things devices ...swampUP: Over-The-Air (OTA) firmware upgrades for Internet of Things devices ...
swampUP: Over-The-Air (OTA) firmware upgrades for Internet of Things devices ...Ivan Kravets
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentestingn|u - The Open Security Community
 
WebAuthn and Security Keys
WebAuthn and Security KeysWebAuthn and Security Keys
WebAuthn and Security KeysFIDO Alliance
 
A5-Security misconfiguration-OWASP 2013
A5-Security misconfiguration-OWASP 2013 A5-Security misconfiguration-OWASP 2013
A5-Security misconfiguration-OWASP 2013 Sorina Chirilă
 
Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthnFIDO Alliance
 
富士通によるFIDOソリューションの展開について
富士通によるFIDOソリューションの展開について富士通によるFIDOソリューションの展開について
富士通によるFIDOソリューションの展開についてFIDO Alliance
 
Burp suite
Burp suiteBurp suite
Burp suitepenetration Tester
 
Ch 03-30 mpw060
Ch 03-30 mpw060Ch 03-30 mpw060
Ch 03-30 mpw060JoseAlvitrez1
 
F071 – Service Tax for Reverse Charge – Taking Credit
F071 – Service Tax for Reverse Charge – Taking CreditF071 – Service Tax for Reverse Charge – Taking Credit
F071 – Service Tax for Reverse Charge – Taking CreditFIROZ KHAN
 
Bounty bout 0x01 - WebRTC edition
Bounty bout 0x01 - WebRTC editionBounty bout 0x01 - WebRTC edition
Bounty bout 0x01 - WebRTC editionSandro Gauci
 
Rfid based toll tax collection system 3 (repaired)
Rfid based toll tax collection system 3 (repaired)Rfid based toll tax collection system 3 (repaired)
Rfid based toll tax collection system 3 (repaired)KrishNa Patel
 
GEA Tuchenhagen Butterfly Valves T-smart (Catalog 2014)
GEA Tuchenhagen Butterfly Valves T-smart (Catalog 2014)GEA Tuchenhagen Butterfly Valves T-smart (Catalog 2014)
GEA Tuchenhagen Butterfly Valves T-smart (Catalog 2014)Sandro Marques Solidario
 
Dragino Technology LoRaWANデバイス、ゲートウェイ ユースケース
Dragino Technology LoRaWANデバイス、ゲートウェイ ユースケースDragino Technology LoRaWANデバイス、ゲートウェイ ユースケース
Dragino Technology LoRaWANデバイス、ゲートウェイ ユースケースCRI Japan, Inc.
 
CanonEnergySTAR.pdf
CanonEnergySTAR.pdfCanonEnergySTAR.pdf
CanonEnergySTAR.pdfStephen Cheng Wing Cheong
 
Trg138042019_2_annex_MAXNG3.0_GEN-PROCEDURE.ppt
Trg138042019_2_annex_MAXNG3.0_GEN-PROCEDURE.pptTrg138042019_2_annex_MAXNG3.0_GEN-PROCEDURE.ppt
Trg138042019_2_annex_MAXNG3.0_GEN-PROCEDURE.pptSAROORNAGARCMCORE
 
NEN-3140 SAMPLE REPORT
NEN-3140 SAMPLE REPORTNEN-3140 SAMPLE REPORT
NEN-3140 SAMPLE REPORTArkady Mitnik
 
Web Authentication API
Web Authentication APIWeb Authentication API
Web Authentication APIFIDO Alliance
 
Bmt 2098 c-a-line_scan_camera_user_manual
Bmt 2098 c-a-line_scan_camera_user_manualBmt 2098 c-a-line_scan_camera_user_manual
Bmt 2098 c-a-line_scan_camera_user_manualBalajimicrotechnologies
 
Bala ji microtechnologies analog line scan camera korea
Bala ji microtechnologies analog line scan camera koreaBala ji microtechnologies analog line scan camera korea
Bala ji microtechnologies analog line scan camera koreabalajibmt02
 
Incontri Formativi 17 marzo 2016 - P. Molteni - KRIWAN
Incontri Formativi 17 marzo 2016 - P. Molteni - KRIWANIncontri Formativi 17 marzo 2016 - P. Molteni - KRIWAN
Incontri Formativi 17 marzo 2016 - P. Molteni - KRIWANCentro Studi Galileo
 
Yokogawa Model GX10/GX20/GP10/GP20 Paperless Recorder First Step Guide
Yokogawa Model GX10/GX20/GP10/GP20 Paperless Recorder First Step GuideYokogawa Model GX10/GX20/GP10/GP20 Paperless Recorder First Step Guide
Yokogawa Model GX10/GX20/GP10/GP20 Paperless Recorder First Step GuidePower Specialties, Inc.
 
Gv75 mg user manual v1.01
Gv75 mg user manual v1.01Gv75 mg user manual v1.01
Gv75 mg user manual v1.01Rabius Sany
 
Temperature based fan speed control &amp; monitoring using arduino
Temperature based fan speed control &amp; monitoring using arduinoTemperature based fan speed control &amp; monitoring using arduino
Temperature based fan speed control &amp; monitoring using arduinoJagannath Dutta
 
AUTOMATED PETROL PUMP USING RFID TECHNOLOGY
AUTOMATED PETROL PUMP USING RFID TECHNOLOGYAUTOMATED PETROL PUMP USING RFID TECHNOLOGY
AUTOMATED PETROL PUMP USING RFID TECHNOLOGYIRJET Journal
 
Evento patos
Evento patosEvento patos
Evento patosPablo Cortes
 
openroaming-and-capport-2023-01-30.pdf
openroaming-and-capport-2023-01-30.pdfopenroaming-and-capport-2023-01-30.pdf
openroaming-and-capport-2023-01-30.pdfRadiator Software
 
Suomen eduroam-juuripalvelun uudistukset
Suomen eduroam-juuripalvelun uudistuksetSuomen eduroam-juuripalvelun uudistukset
Suomen eduroam-juuripalvelun uudistuksetRadiator Software
 
Adding OpenRoaming to existing IDP and roaming federation service
Adding OpenRoaming to existing IDP and roaming federation serviceAdding OpenRoaming to existing IDP and roaming federation service
Adding OpenRoaming to existing IDP and roaming federation serviceRadiator Software
 
OpenRoaming -- Wi-Fi Roaming for All
OpenRoaming -- Wi-Fi Roaming for AllOpenRoaming -- Wi-Fi Roaming for All
OpenRoaming -- Wi-Fi Roaming for AllRadiator Software
 

More Related Content

Similar to TNC19 Radiator Technical Workshop -- Meet Radiator developers

F071 – Service Tax for Reverse Charge – Taking Credit
F071 – Service Tax for Reverse Charge – Taking CreditF071 – Service Tax for Reverse Charge – Taking Credit
F071 – Service Tax for Reverse Charge – Taking CreditFIROZ KHAN
 
Bounty bout 0x01 - WebRTC edition
Bounty bout 0x01 - WebRTC editionBounty bout 0x01 - WebRTC edition
Bounty bout 0x01 - WebRTC editionSandro Gauci
 
Rfid based toll tax collection system 3 (repaired)
Rfid based toll tax collection system 3 (repaired)Rfid based toll tax collection system 3 (repaired)
Rfid based toll tax collection system 3 (repaired)KrishNa Patel
 
GEA Tuchenhagen Butterfly Valves T-smart (Catalog 2014)
GEA Tuchenhagen Butterfly Valves T-smart (Catalog 2014)GEA Tuchenhagen Butterfly Valves T-smart (Catalog 2014)
GEA Tuchenhagen Butterfly Valves T-smart (Catalog 2014)Sandro Marques Solidario
 
Dragino Technology LoRaWANデバイス、ゲートウェイ ユースケース
Dragino Technology LoRaWANデバイス、ゲートウェイ ユースケースDragino Technology LoRaWANデバイス、ゲートウェイ ユースケース
Dragino Technology LoRaWANデバイス、ゲートウェイ ユースケースCRI Japan, Inc.
 
Trg138042019_2_annex_MAXNG3.0_GEN-PROCEDURE.ppt
Trg138042019_2_annex_MAXNG3.0_GEN-PROCEDURE.pptTrg138042019_2_annex_MAXNG3.0_GEN-PROCEDURE.ppt
Trg138042019_2_annex_MAXNG3.0_GEN-PROCEDURE.pptSAROORNAGARCMCORE
 
NEN-3140 SAMPLE REPORT
NEN-3140 SAMPLE REPORTNEN-3140 SAMPLE REPORT
NEN-3140 SAMPLE REPORTArkady Mitnik
 
Web Authentication API
Web Authentication APIWeb Authentication API
Web Authentication APIFIDO Alliance
 
Bmt 2098 c-a-line_scan_camera_user_manual
Bmt 2098 c-a-line_scan_camera_user_manualBmt 2098 c-a-line_scan_camera_user_manual
Bmt 2098 c-a-line_scan_camera_user_manualBalajimicrotechnologies
 
Bala ji microtechnologies analog line scan camera korea
Bala ji microtechnologies analog line scan camera koreaBala ji microtechnologies analog line scan camera korea
Bala ji microtechnologies analog line scan camera koreabalajibmt02
 
Incontri Formativi 17 marzo 2016 - P. Molteni - KRIWAN
Incontri Formativi 17 marzo 2016 - P. Molteni - KRIWANIncontri Formativi 17 marzo 2016 - P. Molteni - KRIWAN
Incontri Formativi 17 marzo 2016 - P. Molteni - KRIWANCentro Studi Galileo
 
Yokogawa Model GX10/GX20/GP10/GP20 Paperless Recorder First Step Guide
Yokogawa Model GX10/GX20/GP10/GP20 Paperless Recorder First Step GuideYokogawa Model GX10/GX20/GP10/GP20 Paperless Recorder First Step Guide
Yokogawa Model GX10/GX20/GP10/GP20 Paperless Recorder First Step GuidePower Specialties, Inc.
 
Gv75 mg user manual v1.01
Gv75 mg user manual v1.01Gv75 mg user manual v1.01
Gv75 mg user manual v1.01Rabius Sany
 
Temperature based fan speed control &amp; monitoring using arduino
Temperature based fan speed control &amp; monitoring using arduinoTemperature based fan speed control &amp; monitoring using arduino
Temperature based fan speed control &amp; monitoring using arduinoJagannath Dutta
 
AUTOMATED PETROL PUMP USING RFID TECHNOLOGY
AUTOMATED PETROL PUMP USING RFID TECHNOLOGYAUTOMATED PETROL PUMP USING RFID TECHNOLOGY
AUTOMATED PETROL PUMP USING RFID TECHNOLOGYIRJET Journal
 

Similar to TNC19 Radiator Technical Workshop -- Meet Radiator developers (18)

Ch 03-30 mpw060
Ch 03-30 mpw060Ch 03-30 mpw060
Ch 03-30 mpw060
 
F071 – Service Tax for Reverse Charge – Taking Credit
F071 – Service Tax for Reverse Charge – Taking CreditF071 – Service Tax for Reverse Charge – Taking Credit
F071 – Service Tax for Reverse Charge – Taking Credit
 
Bounty bout 0x01 - WebRTC edition
Bounty bout 0x01 - WebRTC editionBounty bout 0x01 - WebRTC edition
Bounty bout 0x01 - WebRTC edition
 
Rfid based toll tax collection system 3 (repaired)
Rfid based toll tax collection system 3 (repaired)Rfid based toll tax collection system 3 (repaired)
Rfid based toll tax collection system 3 (repaired)
 
GEA Tuchenhagen Butterfly Valves T-smart (Catalog 2014)
GEA Tuchenhagen Butterfly Valves T-smart (Catalog 2014)GEA Tuchenhagen Butterfly Valves T-smart (Catalog 2014)
GEA Tuchenhagen Butterfly Valves T-smart (Catalog 2014)
 
Dragino Technology LoRaWANデバイス、ゲートウェイ ユースケース
Dragino Technology LoRaWANデバイス、ゲートウェイ ユースケースDragino Technology LoRaWANデバイス、ゲートウェイ ユースケース
Dragino Technology LoRaWANデバイス、ゲートウェイ ユースケース
 
CanonEnergySTAR.pdf
CanonEnergySTAR.pdfCanonEnergySTAR.pdf
CanonEnergySTAR.pdf
 
Trg138042019_2_annex_MAXNG3.0_GEN-PROCEDURE.ppt
Trg138042019_2_annex_MAXNG3.0_GEN-PROCEDURE.pptTrg138042019_2_annex_MAXNG3.0_GEN-PROCEDURE.ppt
Trg138042019_2_annex_MAXNG3.0_GEN-PROCEDURE.ppt
 
NEN-3140 SAMPLE REPORT
NEN-3140 SAMPLE REPORTNEN-3140 SAMPLE REPORT
NEN-3140 SAMPLE REPORT
 
Web Authentication API
Web Authentication APIWeb Authentication API
Web Authentication API
 
Bmt 2098 c-a-line_scan_camera_user_manual
Bmt 2098 c-a-line_scan_camera_user_manualBmt 2098 c-a-line_scan_camera_user_manual
Bmt 2098 c-a-line_scan_camera_user_manual
 
Bala ji microtechnologies analog line scan camera korea
Bala ji microtechnologies analog line scan camera koreaBala ji microtechnologies analog line scan camera korea
Bala ji microtechnologies analog line scan camera korea
 
Incontri Formativi 17 marzo 2016 - P. Molteni - KRIWAN
Incontri Formativi 17 marzo 2016 - P. Molteni - KRIWANIncontri Formativi 17 marzo 2016 - P. Molteni - KRIWAN
Incontri Formativi 17 marzo 2016 - P. Molteni - KRIWAN
 
Yokogawa Model GX10/GX20/GP10/GP20 Paperless Recorder First Step Guide
Yokogawa Model GX10/GX20/GP10/GP20 Paperless Recorder First Step GuideYokogawa Model GX10/GX20/GP10/GP20 Paperless Recorder First Step Guide
Yokogawa Model GX10/GX20/GP10/GP20 Paperless Recorder First Step Guide
 
Gv75 mg user manual v1.01
Gv75 mg user manual v1.01Gv75 mg user manual v1.01
Gv75 mg user manual v1.01
 
Temperature based fan speed control &amp; monitoring using arduino
Temperature based fan speed control &amp; monitoring using arduinoTemperature based fan speed control &amp; monitoring using arduino
Temperature based fan speed control &amp; monitoring using arduino
 
AUTOMATED PETROL PUMP USING RFID TECHNOLOGY
AUTOMATED PETROL PUMP USING RFID TECHNOLOGYAUTOMATED PETROL PUMP USING RFID TECHNOLOGY
AUTOMATED PETROL PUMP USING RFID TECHNOLOGY
 
Evento patos
Evento patosEvento patos
Evento patos
 

More from Radiator Software

openroaming-and-capport-2023-01-30.pdf
openroaming-and-capport-2023-01-30.pdfopenroaming-and-capport-2023-01-30.pdf
openroaming-and-capport-2023-01-30.pdfRadiator Software
 
Suomen eduroam-juuripalvelun uudistukset
Suomen eduroam-juuripalvelun uudistuksetSuomen eduroam-juuripalvelun uudistukset
Suomen eduroam-juuripalvelun uudistuksetRadiator Software
 
Adding OpenRoaming to existing IDP and roaming federation service
Adding OpenRoaming to existing IDP and roaming federation serviceAdding OpenRoaming to existing IDP and roaming federation service
Adding OpenRoaming to existing IDP and roaming federation serviceRadiator Software
 
OpenRoaming -- Wi-Fi Roaming for All
OpenRoaming -- Wi-Fi Roaming for AllOpenRoaming -- Wi-Fi Roaming for All
OpenRoaming -- Wi-Fi Roaming for AllRadiator Software
 
Fault-tolerant distributed AAA architecture supporting connectivity disruption
Fault-tolerant distributed AAA architecture supporting connectivity disruptionFault-tolerant distributed AAA architecture supporting connectivity disruption
Fault-tolerant distributed AAA architecture supporting connectivity disruptionRadiator Software
 
Radiator Portfolio Updates webinar, 8th and 10th of March 2022
Radiator Portfolio Updates webinar, 8th and 10th of March 2022Radiator Portfolio Updates webinar, 8th and 10th of March 2022
Radiator Portfolio Updates webinar, 8th and 10th of March 2022Radiator Software
 
Routing host certificates in eduroam
Routing host certificates in eduroamRouting host certificates in eduroam
Routing host certificates in eduroamRadiator Software
 
TNC19 Radiator Technical Workshop -- Using Radiator to ensure better SP/IdP c...
TNC19 Radiator Technical Workshop -- Using Radiator to ensure better SP/IdP c...TNC19 Radiator Technical Workshop -- Using Radiator to ensure better SP/IdP c...
TNC19 Radiator Technical Workshop -- Using Radiator to ensure better SP/IdP c...Radiator Software
 

More from Radiator Software (8)

openroaming-and-capport-2023-01-30.pdf
openroaming-and-capport-2023-01-30.pdfopenroaming-and-capport-2023-01-30.pdf
openroaming-and-capport-2023-01-30.pdf
 
Suomen eduroam-juuripalvelun uudistukset
Suomen eduroam-juuripalvelun uudistuksetSuomen eduroam-juuripalvelun uudistukset
Suomen eduroam-juuripalvelun uudistukset
 
Adding OpenRoaming to existing IDP and roaming federation service
Adding OpenRoaming to existing IDP and roaming federation serviceAdding OpenRoaming to existing IDP and roaming federation service
Adding OpenRoaming to existing IDP and roaming federation service
 
OpenRoaming -- Wi-Fi Roaming for All
OpenRoaming -- Wi-Fi Roaming for AllOpenRoaming -- Wi-Fi Roaming for All
OpenRoaming -- Wi-Fi Roaming for All
 
Fault-tolerant distributed AAA architecture supporting connectivity disruption
Fault-tolerant distributed AAA architecture supporting connectivity disruptionFault-tolerant distributed AAA architecture supporting connectivity disruption
Fault-tolerant distributed AAA architecture supporting connectivity disruption
 
Radiator Portfolio Updates webinar, 8th and 10th of March 2022
Radiator Portfolio Updates webinar, 8th and 10th of March 2022Radiator Portfolio Updates webinar, 8th and 10th of March 2022
Radiator Portfolio Updates webinar, 8th and 10th of March 2022
 
Routing host certificates in eduroam
Routing host certificates in eduroamRouting host certificates in eduroam
Routing host certificates in eduroam
 
TNC19 Radiator Technical Workshop -- Using Radiator to ensure better SP/IdP c...
TNC19 Radiator Technical Workshop -- Using Radiator to ensure better SP/IdP c...TNC19 Radiator Technical Workshop -- Using Radiator to ensure better SP/IdP c...
TNC19 Radiator Technical Workshop -- Using Radiator to ensure better SP/IdP c...
 

Recently uploaded

WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfonteinmasabamasaba
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
tonesoftg
tonesoftgtonesoftg
tonesoftglanshi9
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...masabamasaba
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...masabamasaba
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Bert Jan Schrijver
 
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentHarnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentVictorSzoltysek
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 

Recently uploaded (20)

Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentHarnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 

TNC19 Radiator Technical Workshop -- Meet Radiator developers

  • 1. Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software TNC19 Radiator Technical Workshop Meet Radiator developers
  • 2. Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Radiator Software ● Former (Australian) Open System Consultants and (Finnish) Arch Red ● Maker of Radiator AAA server ○ Formerly Radiator RADIUS server
  • 3. Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Hi! ● Senior Software Engineer at Radiator Software 1. Radiator fine tuning and configuration hints Radiator reference manual: https://www.open.com.au/radiator/ref 2. Use cases 3. Open discussion, questions, feature requests, etc.
  • 4. Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Radiator fine tuning: Config and logging ● Use Identifiers in configuration stanzas, e.g. <Client 10.20.30.40> Identifier SomeClient ... </Client> <AuthBy LDAP2> Identifier MyLDAPauthN ... </AuthBy> <Handler Client-Identifier=SomeClient> Identifier MyFirstHandler ... # Refer to AuthBy "MyLDAPauthN" AuthBy MyLDAPauthN </Handler> DEBUG: Handling request with Handler 'Client-Identifier=SomeClient', Identifier 'MyFirstHandler' ... DEBUG: Handling with Radius::AuthLDAP2: MyLDAPauthN
  • 5. Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Radiator fine tuning: Config and logging ● Include microsecond timestamp in log messages with LogMicroseconds ● Include per request identifier in log messages with LogTraceId ● Include FarmSize process number (not PID) in log messages with LogFarmInstance
  • 6. Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Radiator fine tuning: Config and logging 0 00000000 Wed Jun 19 12:02:22 2019 848353: NOTICE: Server started: Radiator 4.23 on MacBook.local 0 00000000 Wed Jun 19 12:02:22 2019 848723: DEBUG: Forking server farm instance 1 0 00000000 Wed Jun 19 12:02:22 2019 850548: DEBUG: Forking server farm instance 2 ... 1 d6ee82e0 Wed Jun 19 12:02:25 2019 326192: DEBUG: Handling request with Handler 'Client-Identifier=DefaultClient', Identifier 'MyFirstHandler' 1 d6ee82e0 Wed Jun 19 12:02:25 2019 329508: DEBUG: Handling with Radius::AuthLDAP2: MyLDAPauthN ... 1 d6ee82e0 Wed Jun 19 12:02:25 2019 336772: DEBUG: Access accepted for mikem ... 2 429ddd20 Wed Jun 19 12:02:46 2019 291892: DEBUG: Handling request with Handler 'Client-Identifier=DefaultClient', Identifier 'MyFirstHandler' 2 429ddd20 Wed Jun 19 12:02:46 2019 297315: DEBUG: Handling with Radius::AuthLDAP2: MyLDAPauthN ... 2 429ddd20 Wed Jun 19 12:02:46 2019 308468: DEBUG: Access accepted for mikem
  • 7. Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Radiator fine tuning: Config and logging ● Logging to a file is faster than logging to Syslog or SQL ○ Output format can also be JSON, but make sure to use XS for speed # This auth logger logs both success and failure to a file in # JSON format. The JSON Perl module must be installed. <AuthLog FILE> Identifier myauthlogger-json Filename %L/authlog.json LogFormatHook sub { Radius::LogFormat::format_authlog_json(@_); } LogSuccess 1 LogFailure 1 LogIgnore 1 </AuthLog> {"username":"mikem","type":"authentication","source_host":"MacBook.local", "timestamp":"Wed Jun 19 12:13:13 2019", "Trace_id":"75b0de60","result":"accept","nas_port":"1234", "Called_station_id":"123456789","time":1560935593.70994, "Nas_ip_address":"203.63.154.1","nas_identifier":"203.63.154.1", "calling_station_id":"987654321"}
  • 8. Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Radiator fine tuning: Config and logging ● Logging to a file is faster than logging to Syslog or SQL ○ Output format can also be JSON, but make sure to use XS for speed # This acct logger logs accounting to a file in # JSON format. The JSON Perl module must be installed. <AcctLog FILE> Identifier myacctlogger-json OutputFormat JSON Filename %L/acctlog.json # Use RADIUS attribute as JSON field name #AcctLogOutputDef Connect-Info # Map attribute to JSON field #AcctLogOutputDef Custom-Event-Timestamp, Event-Timestamp # Use special variables #AcctLogOutputDef Custom-Original-Username, %u #AcctLogOutputDef Custom-User-Name, %n </AcctLog> {"Acct-Delay-Time":"0","Acct-Input-Octets":"20000","NAS-Port":"1234", "type":"accounting","timestamp":"Wed Jun 19 14:15:22 2019", "NAS-Port-Type":"Async","User-Name":"mikem", "Calling-Station-Id":"987654321","time":1560942922.2841, "Service-Type":"Framed-User","trace_id":"405e1d10", "NAS-IP-Address":"203.63.154.1","Acct-Status-Type":"Stop", "Acct-Output-Octets":"30000","Event-Timestamp":"1560942921", "Called-Station-Id":"123456789","source_host":"MacBook.local", "Timestamp":"1560942921","NAS-Identifier":"203.63.154.1", "result":"accept","Acct-Session-Time":"1000", "Acct-Session-Id":"00001234"}
  • 9. Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Radiator fine tuning: Config and logging ● Include a reject reason in <AuthLog> <AuthLog FILE> Identifier authlog-file Filename %L/authentication.log ... SuccessFormat %l trace_id='%2' user='%u' client='%c/%{Client:Identifier}' nas='%N/%{NAS-Identifier}' handler='%{Handler:Identifier}' calling-station='%{Request:Calling-Station-Id}' called-station='%{Called-Station-Id}' result='OK' FailureFormat %l trace_id='%2' user='%u' client='%c/%{Client:Identifier}' nas='%N/%{NAS-Identifier}' handler='%{Handler:Identifier}' calling-station='%{Request:Calling-Station-Id}' called-station='%{Called-Station-Id}' reason='%1' result='FAIL' IgnoreFormat %l trace_id='%2' user='%u' client='%c/%{Client:Identifier}' nas='%N/%{NAS-Identifier}' handler='%{Handler:Identifier}' calling-station='%{Request:Calling-Station-Id}' called-station='%{Called-Station-Id}' reason='%1' result='IGNORE' </AuthLog>
  • 10. Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Radiator fine tuning: Config and logging % tail -n 2 authentication.log Wed Jun 19 12:22:37 2019 trace_id='70077480' user='mikem' client='127.0.0.1/loopback-client' nas='203.63.154.1/203.63.154.1' handler='default-handler' calling-station='987654321' called-station='123456789' reason='Bad Password' result='FAIL' Wed Jun 19 12:28:40 2019 trace_id='2c9218b0' user='mikem' client='127.0.0.1/loopback-client' nas='203.63.154.1/203.63.154.1' handler='default-handler' calling-station='987654321' called-station='123456789' reason='User database access error' result='IGNORE' %
  • 11. Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Radiator fine tuning: Config and logging ● Use ResponseTimeThreshold to define a response time threshold # Log if request handling takes more than 0.1 seconds ResponseTimeThreshold 100 0 0c886b10 Wed Jun 19 13:57:32 2019 174079: WARNING: Response time 1012.875 ms for Access-Request id 105 exceeded 100 ms. (User: 'mikem', Client: 'DEFAULT' (DefaultClient), Handler: 'Client-Identifier=DefaultClient' (MyFirstHandler), Last AuthBy: 'LDAP2' (MyLDAPauthN))
  • 12. Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Configuration hints: SessionDatabase ● Configure <SessionDatabase NULL> to disable SessionDatabase # Disable SessionDatabase <SessionDatabase NULL> Identifier SessDBNull </SessionDatabase> ● By default in-memory <SessionDatabase INTERNAL> is used ... 2c9218b0 Wed Jun 19 12:28:40 2019 194849: DEBUG: Handling request with Handler '', Identifier 'MyFirstHandler' 2c9218b0 Wed Jun 19 12:28:40 2019 195350: DEBUG: SessINTERNAL: Deleting session for mikem, 203.63.154.1, 1234 2c9218b0 Wed Jun 19 12:28:40 2019 195712: DEBUG: Handling with Radius::AuthLDAP2: MyLDAPauthN ...
  • 13. Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Configuration hints: AuthN protocols ● Use AuthenProto in <AuthBy> to allow only certain authN protocols, e.g. only PAP or only EAP. <AuthBy LDAP2> Identifier MyLDAPauthN … # Allow only EAP and MSCHAPv2 AuthenProto EAP, MSCHAPv2 </AuthBy> … 1 c70b33d0 Wed Jun 19 12:48:08 2019 858532: DEBUG: Handling request with Handler 'Client-Identifier=DefaultClient', Identifier 'MyFirstHandler' 1 c70b33d0 Wed Jun 19 12:48:08 2019 862880: DEBUG: Handling with Radius::AuthLDAP2: MyLDAPauthN 1 c70b33d0 Wed Jun 19 12:48:08 2019 864139: DEBUG: AuthBy FILE result: REJECT, Authentication protocol PAP not allowed by AuthenProto configuration parameter 1 c70b33d0 Wed Jun 19 12:48:08 2019 865404: INFO: Access rejected for mikem: Authentication protocol PAP not allowed by AuthenProto configuration parameter ...
  • 14. Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Configuration hints: Usernames and realms ● Use UsernameCharset to refuse username with garbage bytes # Permit only alphanumeric, period, underscore, the @-sign, and dash UsernameCharset a-zA-Z0-9._@- ● Use RewriteUsername and RewriteFunction hook to rewrite username realms before authenticating against the backend # Rewrite user realms with “domain.local” before authentication RewriteUsername s/^([^@]+)@.*/$1@domain.local/ ● <AuthBy LSA> has LSARewriteHook to rewrite NTLM username realm with “domain.local” before AD LSA authentication
  • 15. Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Configuration hints: Proxy health check ● Instead of Status-Server keepalives, Access-Request can be used to check proxy server health with RADIUS PAP authentication <AuthBy RADIUS> Identifier SomeProxyServer Host 20.30.40.50 ... # Send Access-Request as keepalive probe UseStatusServerForFailureDetect KeepaliveTimeout 15 KeepaliveRequestType Access-Request AddToKeepaliveRequest User-Name=mikem,User-Password=fred KeepaliveNoreplyTimeout 3 Retries 2 RetryTimeout 5 FailureBackoffTime 900 MaxFailedRequests 3 MaxFailedGraceTime 60 </AuthBy>
  • 16. Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Configuration hints: Combining AuthBys ● Add Asynchronous to <AuthBy RADIUS> and <AuthBy RADSEC> when combined with other AuthBys <Handler ...> Identifier ProxyAndAuthorize <AuthBy RADSEC> Identifier UpstreamProxy Asynchronous </AuthBy> # Local SQL for authZ and/or reply attributes (VLAN ID etc.) <AuthBy SQL> Identifier AuthorizeLocally NoCheckPassword NoDefault … </AuthBy> </Handler>
  • 17. Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Configuration hints: EAP ● Use separate <Handler ...> for outer and inner EAP ○ <AuthLog> in inner <Handler> can log the real EAP identity! # Inner EAP <Handler TunnelledByPEAP=1> Identifier Inner-EAP <AuthBy LDAP2> ... EAPType MSCHAP-V2 </AuthBy> AuthLog MyAuthLog </Handler> # Outer EAP (will match just PEAP) <Handler EAPTypeName=PEAP> Identifier Outer-EAP <AuthBy FILE> Identifier Terminate-PEAP EAPType PEAP ... </AuthBy> AuthLog MyAuthLog </Handler> # Handle everything by a single handler <Handler> <AuthBy ...> EAPType PEAP, MSCHAP-V2 </AuthBy> </Handler> NOT LIKE THIS
  • 18. Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Configuration hints: EAP contexts ● Use EAPContextTimeout to configure max time for EAP authentications ● Unfinished PEAP, EAP-TLS, EAP-TTLS authentications often caused by EAP client failing to verify AAA server’s certificate. % tail -n 1 authentication.log Wed Jun 19 13:51:12 2019 trace_id='786c3290' user='anonuser' client='127.0.0.1/' nas='127.0.0.1/' handler='' calling-station='02-00-00-00-00-01' called-station='' reason='Cleared expired unfinished EAP-PEAP context, elapsed time 10.10998. Client never finished authentication.' result='FAIL' %
  • 19. Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Configuration hints: EAP contexts ● Use EAP_UseState to use RADIUS State attr. for identifying EAP contexts Wed Jun 19 13:40:49 2019: DEBUG: Access challenged for anonuser: EAP PEAP Challenge Wed Jun 19 13:40:49 2019: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 55851 .... Code: Access-Challenge Identifier: 0 Authentic: <0>(<13>u<194><185>9b<30><152><7><231><8><0><10>_ Attributes: EAP-Message = <1><1><0><6><25> State = 01:d41d8cd98f00b204e9800998ecf8427e:23b104f0:6d524d61854712704f5b88abe726dd1d: Message-Authenticator = yQFMjhK<229><31><179><250><219>YeA<160> Wed Jun 19 13:40:49 2019: DEBUG: Packet dump: *** Received from 127.0.0.1 port 55851 .... Code: Access-Request Identifier: 1 Authentic: <191><26>&<191>)<173><145><212><190><248><174><225><247>[L<230> Attributes: User-Name = "anonuser" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-IEEE-802-11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = <2><1><1>F<25><128><0><0><1>...*redacted* State = 01:d41d8cd98f00b204e9800998ecf8427e:23b104f0:6d524d61854712704f5b88abe726dd1d: Message-Authenticator = Z<157>$k<239><160><9><181><233>@<144><200><128>6O<240>
  • 20. Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Configuration hints: Statistics ● Use <StatsLog …> for monitoring Radiator usage <StatsLog FILE> Identifier MyStatsLogFILE Interval 600 Filename %L/radiator.statistics-%Y-%m-%d # Don't print headers #Header # Output format either text or json OutputFormat text # Counters type can be either # cumulative, derivative, or packet_rate StatsType derivative </StatsLog> #*StatsLog FILE header redacted from here* 1012954338:ServerConfig:server1:46:0:0:46:90:90:0:0:0:0:0:0:0:0:0:0:0:0:0:136:0.0634664733232673 1012954338:Client:DEFAULT:46:0:0:46:90:90:0:0:0:0:0:0:0:0:0:0:0:0:0:136:0.0634664733232673 1012954338:Client:10.20.30.40:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 1012954338:Handler:Realm=DEFAULT:46:0:0:46:90:90:0:0:0:0:0:0:0:0:0:0:0:0:0:136:0.0634664733232673 1012954338:AuthBy:id1:46:0:0:46:90:90:0:0:0:0:0:0:0:0:0:0:0:0:0:136:0.0634664733232673 1012954338:Handler:Realm=my.realm:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 1012954338:AuthBy:id2:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 ...
  • 21. Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Use case examples: Group based VLAN ID ● User group based VLAN ID assignment ○ goodies/authorize-group1.cfg ○ goodies/authorize-group2.cfg
  • 22. Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Use case examples: TACACS+ server ● <ServerTACACSPLUS> stanza enables Radiator to work as TACACS+ server for network device authN/authZ/acct ○ goodies/tacacsplusserver.cfg
  • 23. Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Use case examples: Standard TOTP 2FA ● Combining different <AuthBy>(s) for authN and authZ ● E.g. Using standard TOTP/HOTP 2FA with LDAP or SQL ○ goodies/radmin_totp.cfg (password format used: <password><totp_code>, E.g. “my#Secret!Password654321”) Time based TOTP code
  • 24. Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Use case examples: Chef and Ansible ● Radiator Chef cookbook https://supermarket.chef.io/cookbooks/radiator ● Radiator Ansible role to be published https://galaxy.ansible.com/
  • 25. Radiator Technical Workshop at TNC19 (20th of June 2019) - Tuure Vartiainen Radiator Software Questions, comments, stories? ● Your experience and feedback? ● Missing features big and small? ● Radiator container images?