Firs of all thanks for your reply. I'll try to be more specific.
On Feb 5, 2008 2:58 PM, Alan DeKok <aland@deployingradius.com
<mailto:aland@deployingradius.com>> wrote:
Jakub Morávek wrote:
> I have not many experiences with radius, so my question may be
> stupid. Has anybody experience with using freeradius (Version
1.1.3 in
> Debian Sarge) as proxy for RSA RADIUS Server included in RSA
> Authentication Manager 6.1?
Many people have tried this. It works.
I know, but I did not find anyone who discussed this problem.
> When authentication request goest through freeradius proxy, RSA
Manager
> thinks that Agent host is my freeradius proxy instead of
original host
> which sent authenticate request.
I don't know what an "Agent host" is. FreeRADIUS *is* a RADIUS
client
to the RSA manager.
In RSA terminology "Agent hosts" is host which sends authetication
request.
For example, if you want to setup "ssh-server" to authenticate ssh
login against RSA, you have to add "ssh-server" (name and it's ip
address) into RSA database and setup list of users, which are allowed
to log into "ssh-server".
If "user1" tries to access "ssh-server", "ssh-server" sends
authentication request to RSA.
RSA looks into database if "user1" is allowed to log into "ssh-server"
host.
In my case RSA rejects "user1" access, because RSA thikns, that
"user1" wants to log into "freeradius" and there is no "freeradius"
Agent host defined in RSA database.
> Does this mean, that freeradius process all attributes from
> pre-proxy-detail-20080204 log, but sends only attributes, which are
> shown in extended debug mode? If so, can anybody give me any
advice how
> can I configure freeradius to send more attributes?
To do... what?
My idea is that freeradius does not send Client-IP-Address attribute
and therefore RSA RADIUS determines that original host is freeradius
proxy server.