On Dec 9, 2018, at 2:17 PM, CALMELS, Thierry (SOGETI REGIONS SAS) <thierry.calmels.external@airbus.com> wrote:
We have an infrastucture using freeRadius 3 (freeradius-3.0.13-8) on RHEL7.5.
The infrastructure implements in front a layer “PROXY RADIUS” (not based on proxy.conf usage – thus we are using a custom proxy logic). The infrastructure works as expected.
The architecture is as follow:
Client NAS --> LB BigIP F5 --> Proxy FreeRADIUS --> LB BigIP F5 --> BackEnd FreeRADIUS
I'm not sure why you need two F5s, but OK.
However we want to improve monitoring made by F5 in front of the layer proxy Radius. For that, we have configured a Radius profile on the F5, based on username/password declared in the /etc/raddb/users files.
healthcheckVIP Auth-Type:=Accept, User-Password=="my_password "
Unfortunately, this configuration works only if the healthcheckVIP account is declared on the BackEnd FreeRADIUS!
Only if you configure the proxy to send *all* traffic to the backend. If you configure the proxy to reply to the F5 for local users, it should work.
The account declared on Proxy is not taken in account. I didn’t find any solution/setting to block the radius request at layer proxy when the account is found and credentials confirmed.
You didn't say how *else* you configured the server. i.e. how did you configure it to proxy requests? You're not using proxy.conf, so what *are* you using? Alan DeKok.