Hi there, First all, thanks for then answers!!! :D After that, is there anyone there using FreeRadius servers as proxy for RSA Radius Server? I need to deploy a configuration ASAP, I could do a configuration on my own buy I don´t have physical time to work on it, since I am trying to finish some tests with RSA ACE Server and it is taking too much time :( Any help or simple configuration (file or url or something) to start to work would be appreciated. Thanks again. On Sat, 25 Nov 2006 00:35:49 -0500, "David Mitton" <david@mitton.com> said:
On 11/23/2006 11:34 AM, Alan DeKok wrote:
Luis wrote:
Hi there,
Is there anyone with experience with FreeRadius working as proxy for the RSA ACE Server?
Yes. RSA ACE is just a re-branded Funk server.
Alan DeKok.
Careful here.
The RSA SecurID Server, (aka the ACE Server or more properly the Authentication Manager) that holds the SecurID user and token database, and authenticates the token codes, proper doesn't speak RADIUS but a proprietary secured protocol. The API to this protocol's client module is documented.
Versions 5.6 and 6.0 of the ACE Server include an optional RADIUS server that accepts PAP requests with a SecurID passcode (PIN + tokencode) and proxies them to the ACE Server. This server is based on the original Livingston RADIUS server code. This server did not support EAP protocols. The Windows version of the server includes a Windows EAP module that supports our SecurID EAP method. This module works directly with the Windows RAS and VPN servers, or via the Microsoft IAS RADIUS Server.
Version 6.1 of the Auth Manager Server includes an custom version of SBR that accepts RADIUS requests and only proxies them to the Auth Manager. It supports PAP/SecurID, EAP-GTC, EAP-SecurID, and EAP-Protected OTP. And with TTLS, PEAPv0, and PEAPv1 support. It's supported on Windows and several UNIX platforms. It does not support any other form of authentication. The Windows EAP DLL is still provided and now supports EAP-POTP as well.
Any of these RADIUS requests could be proxied by any reasonable RADIUS proxy. There's nothing special about the RADIUS aspects of these requests, just the authentication content.
Dave.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Luis infotech@tryoutlinux.com