Hello All - As I can't seem to get freeradius working on my Tru64 box and my box seems to be "broken" I thought I'd try to install freeradius on a RHEL box and use the fr proxy feature to proxy back to my Tru64 box running the Livinginston Radius server. My question, I want to be able to authenticate against the Tru64 passwd user database from a Windows client connected to a wireless AP running WPA. When I had a working fr on the Tru64 box, I was able to use the SecureW2 supplicant on XP with EAP/PAP to authenticate against passwd and it worked great. So, now, if I am running a non-EAP aware radius on the Tru64, and freeradius on a Linux box proxying to the Tru64 box, will I be able to do EAP/PAP authentication? I'm ready the proxy doc, but, I don't see anything about that, or if it's even applicable. --- Tim Winders Associate Dean of Information Technology South Plains College Levelland, TX 79336 Problem replying to my email? Click the "Sign" button in the OE toolbar or, better yet, get your own FREE Personal E-Mail Digital ID: http://www.thawte.com/email/index.html
List: Is there anyway to prohibit (without editing the source or redirecting the output to /dev/null) freeradius from displaying the following message to stdout on startup. root@apollo:/# radiusd Tue Sep 20 15:08:47 2005 : Info: Starting - reading configuration files ... Thanks Duane Cox
"Duane Cox" <duanec@mail.illicom.net> wrote:
Is there anyway to prohibit (without editing the source or redirecting the output to /dev/null) freeradius from displaying the following message to stdout on startup.
No. Edit the source. Alan DeKok.
I haven't heard from anyone, so, I have been doing A LOT of experimentation... So far, I have it working, but, it's a bit goofy. I have freeradius-1.0.5 running on RedHat Linux using a default ./configure and installation. I modified the radiusd.conf/users/proxy.conf files to support eap/pap from a Windows client, and proxying to my Tru64 box running Livingston radius. I am using the SecureW2 3.1 supplicant for Windows XP. I had to monkey around with the outer settings. I discovered that if using the default anonymous outer identity that the realm in the user dialog box is sent with the anonymous outer identity. So, if I setup a NULL realm to proxy in freeradius, then anonymous would try to be proxied to my Tru64 box and would always fail. I setup a southplainscollege.edu realm to proxy and put in twinders@southplainscollege.edu in the user credentials in SecureW2, but then it would send anonymous@southplainscollege.edu as the outer identity and it would be proxied and fail. Finally, I removed the NULL realm from proxying, and in the outer identity I typed in anonymous, rather than using the default anonymous option. In the user credentials, I put in twinders@southplainscollege.edu. With this setup, anonymous would be sent, no NULL realm would be found and it would be authenticated against freeradius properly as an EAP session. It would then strip southplainscollege.edu from my user credentials and proxy that to the Tru64 box and it would be authenticated. So, after MUCH monkeying around, I have this working. Is the sending of the realm with the default anonymous outer identity the expected behavior? Should I ask the SecureW2 group about the behaviour I am seeing? Hope this helps someone else. Thanks! --- Tim Winders Associate Dean of Information Technology South Plains College Levelland, TX 79336 Problem replying to my email? Click the "Sign" button in the OE toolbar or, better yet, get your own FREE Personal E-Mail Digital ID: http://www.thawte.com/email/index.html
-----Original Message----- From: freeradius-users-bounces@lists.freeradius.org [mailto:freeradius-users-bounces@lists.freeradius.org] On Behalf Of Tim Winders Sent: Tuesday, September 20, 2005 2:41 PM To: freeradius-users@lists.freeradius.org Subject: proxy EAP/PAP ?
Hello All -
As I can't seem to get freeradius working on my Tru64 box and my box seems to be "broken" I thought I'd try to install freeradius on a RHEL box and use the fr proxy feature to proxy back to my Tru64 box running the Livinginston Radius server.
My question, I want to be able to authenticate against the Tru64 passwd user database from a Windows client connected to a wireless AP running WPA.
When I had a working fr on the Tru64 box, I was able to use the SecureW2 supplicant on XP with EAP/PAP to authenticate against passwd and it worked great.
So, now, if I am running a non-EAP aware radius on the Tru64, and freeradius on a Linux box proxying to the Tru64 box, will I be able to do EAP/PAP authentication? I'm ready the proxy doc, but, I don't see anything about that, or if it's even applicable.
---
Tim Winders Associate Dean of Information Technology South Plains College Levelland, TX 79336
Problem replying to my email? Click the "Sign" button in the OE toolbar or, better yet, get your own FREE Personal E-Mail Digital ID: http://www.thawte.com/email/index.html
"Tim Winders" <twinders@southplainscollege.edu> wrote:
So, now, if I am running a non-EAP aware radius on the Tru64, and freeradius on a Linux box proxying to the Tru64 box, will I be able to do EAP/PAP authentication? I'm ready the proxy doc, but, I don't see anything about that, or if it's even applicable.
For EAP-TTLS with tunneled PAP, you can do: DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-Realm := "tru64" And the inner session will be proxied. Alan Dekok.
participants (3)
-
Alan DeKok -
Duane Cox -
Tim Winders