Terminate EAP-PEAP client connection at FreeRadius Proxy andproxy(forward) request as PAP

Jayal1972 joakim.lindgren at gmail.com
Sat Feb 2 12:45:06 CET 2008 

Hi Ivan, I can´t thank you enough for the help.

>Have different names for a server realm and user domain so you can choose
>when to proxy.

Could you please leave me a hont how to do that.

Why doesn´t it do PAP? When the connection reach the home server it´s
encrypted?

// J 



Ivan Kalik wrote:
> 
>>All users found with SECURACCESS domain in name i.e.
"anyname at SECURACCESS".
>>Proxy them with PAP authentication to "SECURACCCESS" domain IP address
>>mentioned in proxy.conf. 
>>
>>>Fall-Through := No
>>
>>If SECURACCESS domain found in User-Name "anyname at SECURACCESS" stop after
>>proxying.
>>
>>So I want to END all EAP tunnels at proxy for ALL domains. Authenticate
with
>>LDAP except for SECURACCESS domain. IF SECURACCESS domain found, proxy
only
>>PAP further (to IP address mentioned in proxy.conf).
>>
>>>Fri Feb  1 18:49:26 2008 : Debug:   modsingle[authorize]: calling suffix
>>(rlm_realm) for request 0
>>>Fri Feb  1 18:49:26 2008 : Debug:     rlm_realm: Looking up realm
>>"SECURACCESS" for User-Name = >"joakimlindgren at SECURACCESS"
>>>Fri Feb  1 18:49:26 2008 : Debug:     rlm_realm: Found realm
"SECURACCESS"
>>
>>So here we found SECURACCESS domain name in User-Name:
>>
>>>Fri Feb  1 18:49:26 2008 : Debug:     rlm_realm: Adding
Stripped-User-Name
>>= "joakimlindgren"
>>>Fri Feb  1 18:49:26 2008 : Debug:     rlm_realm: Proxying request from
user
>>joakimlindgren to realm >SECURACCESS
>>>Fri Feb  1 18:49:26 2008 : Debug:     rlm_realm: Adding Realm =
>>"SECURACCESS"
>>>Fri Feb  1 18:49:26 2008 : Debug:     rlm_realm: Preparing to proxy
>>authentication request to realm "SECURACCESS"
>>
>>Where proxying the request to ip address mentioned in proxy.conf (but here
>>we don´t end the EAP?)
>>
> 
> Have different names for a server realm and user domain so you can choose
> when to proxy. Leave user as user at SECURACCESS; configure SECURACCESS to
> be a LOCAL realm; configure home server realm as SECURE and proxy to
> that one.
> 
> Again, you should think about 2.0.1 where you can define one virtual
> server to deal with @SECURACCESS requests and another for others.
> 
> Ivan Kalik
> Kalik Informatika ISP
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 

-- 
View this message in context: http://www.nabble.com/Terminate-EAP-PEAP-client-connection-at-FreeRadius-Proxy-and-proxy%28forward%29-request-as-PAP-tp15218593p15242067.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.

More information about the Freeradius-Users mailing list