Firs of all thanks for your reply. I'll try to be more specific. On Feb 5, 2008 2:58 PM, Alan DeKok <aland@deployingradius.com> wrote:
Jakub Morávek wrote:
I have not many experiences with radius, so my question may be stupid. Has anybody experience with using freeradius (Version 1.1.3 in Debian Sarge) as proxy for RSA RADIUS Server included in RSA Authentication Manager 6.1?
Many people have tried this. It works.
I know, but I did not find anyone who discussed this problem.
When authentication request goest through freeradius proxy, RSA Manager thinks that Agent host is my freeradius proxy instead of original host which sent authenticate request.
I don't know what an "Agent host" is. FreeRADIUS *is* a RADIUS client to the RSA manager.
In RSA terminology "Agent hosts" is host which sends authetication request. For example, if you want to setup "ssh-server" to authenticate ssh login against RSA, you have to add "ssh-server" (name and it's ip address) into RSA database and setup list of users, which are allowed to log into "ssh-server". If "user1" tries to access "ssh-server", "ssh-server" sends authentication request to RSA. RSA looks into database if "user1" is allowed to log into "ssh-server" host. In my case RSA rejects "user1" access, because RSA thikns, that "user1" wants to log into "freeradius" and there is no "freeradius" Agent host defined in RSA database.
Does this mean, that freeradius process all attributes from pre-proxy-detail-20080204 log, but sends only attributes, which are shown in extended debug mode? If so, can anybody give me any advice how can I configure freeradius to send more attributes?
To do... what?
My idea is that freeradius does not send Client-IP-Address attribute and therefore RSA RADIUS determines that original host is freeradius proxy server.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jakub