Firs of all thanks for your reply. I'll try to be more specific.<br><br><div class="gmail_quote">On Feb 5, 2008 2:58 PM, Alan DeKok <<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d">Jakub Morávek wrote:<br>> I have not many experiences with radius, so my question may be<br>
> stupid. Has anybody experience with using freeradius (Version 1.1.3 in<br>> Debian Sarge) as proxy for RSA RADIUS Server included in RSA<br>> Authentication Manager 6.1?<br><br></div> Many people have tried this. It works.</blockquote>
<div><br>I know, but I did not find anyone who discussed this problem.<br></div><div> </div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br><div class="Ih2E3d"><br>> When authentication request goest through freeradius proxy, RSA Manager<br>> thinks that Agent host is my freeradius proxy instead of original host<br>> which sent authenticate request.<br>
<br></div> I don't know what an "Agent host" is. FreeRADIUS *is* a RADIUS client<br> to the RSA manager.</blockquote><div><br>In RSA terminology "Agent hosts" is host which sends authetication request.<br>
<br>For example, if you want to setup "ssh-server" to authenticate ssh login against RSA, you have to add "ssh-server" (name and it's ip address) into RSA database and setup list of users, which are allowed to log into "ssh-server".<br>
If "user1" tries to access "ssh-server", "ssh-server" sends authentication request to RSA.<br>RSA looks into database if "user1" is allowed to log into "ssh-server" host.<br>
<br>In my case RSA rejects "user1" access, because RSA thikns, that "user1" wants to log into "freeradius" and there is no "freeradius" Agent host defined in RSA database.<br> <br></div>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d"><br>> Does this mean, that freeradius process all attributes from<br>
> pre-proxy-detail-20080204 log, but sends only attributes, which are<br>> shown in extended debug mode? If so, can anybody give me any advice how<br>> can I configure freeradius to send more attributes?<br><br></div>
To do... what?</blockquote><div><br>My idea is that freeradius does not send Client-IP-Address attribute and therefore RSA RADIUS determines that original host is freeradius proxy server.<br><br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br><font color="#888888"><br> Alan DeKok.<br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a></font></blockquote>
<div><br> Jakub<br> </div></div>