FreeRADIUS and RSA RADIUS Server

Jakub Morávek jakub.moravek at gmail.com
Tue Feb 5 15:59:13 CET 2008


Firs of all thanks for your reply. I'll try to be more specific.

On Feb 5, 2008 2:58 PM, Alan DeKok <aland at deployingradius.com> wrote:

> Jakub Morávek wrote:
> >    I have not many experiences with radius, so my question may be
> > stupid. Has anybody experience with using freeradius (Version 1.1.3 in
> > Debian Sarge) as proxy for RSA RADIUS Server included in RSA
> > Authentication Manager 6.1?
>
>  Many people have tried this.  It works.


I know, but I did not find anyone who discussed this problem.


>
>
> > When authentication request goest through freeradius proxy, RSA Manager
> > thinks that Agent host is my freeradius proxy instead of original host
> > which sent authenticate request.
>
>  I don't know what an "Agent host" is.  FreeRADIUS *is* a RADIUS client
>  to the RSA manager.


In RSA terminology "Agent hosts" is host which sends authetication request.

For example, if you want to setup "ssh-server" to authenticate ssh login
against RSA, you have to add "ssh-server" (name and it's ip address) into
RSA  database and setup list of users, which are allowed to log into
"ssh-server".
If "user1" tries to access "ssh-server", "ssh-server" sends authentication
request to RSA.
RSA looks into database if "user1" is allowed to log into "ssh-server" host.

In my case RSA rejects "user1" access, because RSA thikns, that "user1"
wants to log into "freeradius" and there is no "freeradius" Agent host
defined in RSA database.


>
> > Does this mean, that freeradius process all attributes from
> > pre-proxy-detail-20080204 log, but sends only attributes, which are
> > shown in extended debug mode? If so, can anybody give me any advice how
> > can I configure freeradius to send more attributes?
>
>  To do... what?


My idea is that freeradius does not send Client-IP-Address attribute and
therefore RSA RADIUS determines that original host is freeradius proxy
server.


>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


   Jakub
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080205/7cf10444/attachment.html>


More information about the Freeradius-Users mailing list