On Feb 5, 2008 2:58 PM, Alan DeKok <
aland@deployingradius.com> wrote:
Jakub Morávek wrote:
> I have not many experiences with radius, so my question may be
> stupid. Has anybody experience with using freeradius (Version 1.1.3 in
> Debian Sarge) as proxy for RSA RADIUS Server included in RSA
> Authentication Manager 6.1?
Many people have tried this. It works.
I know, but I did not find anyone who discussed this problem.
> When authentication request goest through freeradius proxy, RSA Manager
> thinks that Agent host is my freeradius proxy instead of original host
> which sent authenticate request.
I don't know what an "Agent host" is. FreeRADIUS *is* a RADIUS client
to the RSA manager.
In RSA terminology "Agent hosts" is host which sends authetication request.
For example, if you want to setup "ssh-server" to authenticate ssh login against RSA, you have to add "ssh-server" (name and it's ip address) into RSA database and setup list of users, which are allowed to log into "ssh-server".
If "user1" tries to access "ssh-server", "ssh-server" sends authentication request to RSA.
RSA looks into database if "user1" is allowed to log into "ssh-server" host.
In my case RSA rejects "user1" access, because RSA thikns, that "user1" wants to log into "freeradius" and there is no "freeradius" Agent host defined in RSA database.
> Does this mean, that freeradius process all attributes from
> pre-proxy-detail-20080204 log, but sends only attributes, which are
> shown in extended debug mode? If so, can anybody give me any advice how
> can I configure freeradius to send more attributes?
To do... what?
My idea is that freeradius does not send Client-IP-Address attribute and therefore RSA RADIUS determines that original host is freeradius proxy server.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jakub