Freeradius as a proxy to Windows IAS (Peter Nixon)

[Clive Gould]

Hi Peter

Thanks for the prompt reply.

The Windows IAS server is working fine and I have been successfully
authenticating against it using Moodle/PHP on the Linux server for several
years.

I've put the Freeradius server in between Moodle and IAS purely to test
out my proxing configuration and then authentication fails despite the
shared secrets being identical.

This is the response from the IAS server (10.200.0.2) as received by the
Freeradius acting as a proxy:

Waking up in 6 seconds...
rad_recv: Access-Accept packet from host 10.200.0.2:1812, id=0, length=236
Received Access-Accept packet from 10.200.0.2:1812 with invalid signature
(err=2)!  (Shared secret is incorrect.)
Server rejecting request 0.

Are there any characters (e.g. \) which must not be used in a shared
secret with a Freeradius server?

Best wishes

Clive


On Tue 31 Jul 2007, Clive Gould wrote:
> Hi
>
> Thanks for the replies to my posting yesterday.
>
> Perhaps I can explain the situation more clearly. My goal is to
> authenticate login to the digital repository DSpace against a Windows IAS
> server. I do not have physical access to the IAS server and cannot change
> it's shared secret. So far I have been unable to successfully authenticate
> DSpace directly against the remote IAS server.

Well, I would suggest you solve this problem first.

> As a result of this I came up with the idea of setting up a Freeradius
> proxy server running on the same Linux box as DSpace, which would act as a
> proxy to the remote IAS server for authentication purposes in the hope
> that this would work.

FreeRADIUS is not magic... Fix the IAS server and the FreeRADIUS bit should
just work..

--