FreeRadius working as proxy Radius for RSA ACE Server

infotech at tryoutlinux.com infotech at tryoutlinux.com
Sat Nov 25 19:48:49 CET 2006 

Hi there,

First all, thanks for then answers!!! :D

After that, is there anyone there using FreeRadius servers as proxy for
RSA Radius Server?

I need to deploy a configuration ASAP, I could do a configuration on my
own buy I don´t have physical time to work on it, since I am trying to
finish some tests with RSA ACE Server and it is taking too much time :(

Any help or simple configuration (file or url or something) to start to
work would be appreciated.

Thanks again. 

On Sat, 25 Nov 2006 00:35:49 -0500, "David Mitton" <david at mitton.com>
said:
> On 11/23/2006 11:34 AM, Alan DeKok wrote:
> >Luis wrote:
> > > Hi there,
> > >
> > > Is there anyone with experience with FreeRadius working as proxy for the
> > > RSA ACE Server?
> >
> >   Yes.  RSA ACE is just a re-branded Funk server.
> >
> >   Alan DeKok.
> 
> Careful here.
> 
>          The RSA SecurID Server, (aka the ACE Server or more properly 
> the Authentication Manager) that holds the SecurID user and token 
> database, and authenticates the token codes, proper doesn't speak 
> RADIUS but a proprietary secured protocol.  The API to this 
> protocol's client module is documented.
> 
>          Versions 5.6 and 6.0 of the ACE Server include an optional 
> RADIUS server that accepts PAP requests with a SecurID passcode (PIN 
> + tokencode) and proxies them to the ACE Server.   This server is 
> based on the original Livingston RADIUS server code.  This server did 
> not support EAP protocols.   The Windows version of the server 
> includes a Windows EAP module that supports our SecurID EAP 
> method.  This module works directly with the Windows RAS and VPN 
> servers, or via the Microsoft IAS RADIUS Server.
> 
>          Version 6.1 of the Auth Manager Server includes an custom 
> version of SBR that accepts RADIUS requests and only proxies them to 
> the Auth Manager.   It supports PAP/SecurID, EAP-GTC, EAP-SecurID, 
> and EAP-Protected OTP.  And with TTLS, PEAPv0, and PEAPv1 
> support.  It's supported on Windows and several UNIX platforms.  It 
> does not support any other form of authentication.   The Windows EAP 
> DLL is still provided and now supports EAP-POTP as well.
> 
>          Any of these RADIUS requests could be proxied by any 
> reasonable RADIUS proxy.  There's nothing special about the RADIUS 
> aspects of these requests, just the authentication content.
> 
> Dave.
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-- 
  Luis
  infotech at tryoutlinux.com

More information about the Freeradius-Users mailing list