Terminate EAP-PEAP client connection at FreeRadius Proxy andproxy(forward) request as PAP

Jayal1972 joakim.lindgren at gmail.com
Sat Feb 2 12:47:11 CET 2008 

Hi again,

I mean: how to detect a special name in the request. And to NOT proxy local
calls...
Is my configuration OK?

// J


Jayal1972 wrote:
> 
> Hi Ivan, I can´t thank you enough for the help.
> 
>>Have different names for a server realm and user domain so you can choose
>>when to proxy.
> 
> Could you please leave me a hont how to do that.
> 
> Why doesn´t it do PAP? When the connection reach the home server it´s
> encrypted?
> 
> // J 
> 
> 
> 
> Ivan Kalik wrote:
>> 
>>>All users found with SECURACCESS domain in name i.e.
"anyname at SECURACCESS".
>>>Proxy them with PAP authentication to "SECURACCCESS" domain IP address
>>>mentioned in proxy.conf. 
>>>
>>>>Fall-Through := No
>>>
>>>If SECURACCESS domain found in User-Name "anyname at SECURACCESS" stop after
>>>proxying.
>>>
>>>So I want to END all EAP tunnels at proxy for ALL domains. Authenticate
with
>>>LDAP except for SECURACCESS domain. IF SECURACCESS domain found, proxy
only
>>>PAP further (to IP address mentioned in proxy.conf).
>>>
>>>>Fri Feb  1 18:49:26 2008 : Debug:   modsingle[authorize]: calling suffix
>>>(rlm_realm) for request 0
>>>>Fri Feb  1 18:49:26 2008 : Debug:     rlm_realm: Looking up realm
>>>"SECURACCESS" for User-Name = >"joakimlindgren at SECURACCESS"
>>>>Fri Feb  1 18:49:26 2008 : Debug:     rlm_realm: Found realm
"SECURACCESS"
>>>
>>>So here we found SECURACCESS domain name in User-Name:
>>>
>>>>Fri Feb  1 18:49:26 2008 : Debug:     rlm_realm: Adding
Stripped-User-Name
>>>= "joakimlindgren"
>>>>Fri Feb  1 18:49:26 2008 : Debug:     rlm_realm: Proxying request from
user
>>>joakimlindgren to realm >SECURACCESS
>>>>Fri Feb  1 18:49:26 2008 : Debug:     rlm_realm: Adding Realm =
>>>"SECURACCESS"
>>>>Fri Feb  1 18:49:26 2008 : Debug:     rlm_realm: Preparing to proxy
>>>authentication request to realm "SECURACCESS"
>>>
>>>Where proxying the request to ip address mentioned in proxy.conf (but
here
>>>we don´t end the EAP?)
>>>
>> 
>> Have different names for a server realm and user domain so you can choose
>> when to proxy. Leave user as user at SECURACCESS; configure SECURACCESS to
>> be a LOCAL realm; configure home server realm as SECURE and proxy to
>> that one.
>> 
>> Again, you should think about 2.0.1 where you can define one virtual
>> server to deal with @SECURACCESS requests and another for others.
>> 
>> Ivan Kalik
>> Kalik Informatika ISP
>> 
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>> 
>> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Terminate-EAP-PEAP-client-connection-at-FreeRadius-Proxy-and-proxy%28forward%29-request-as-PAP-tp15218593p15242083.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.

More information about the Freeradius-Users mailing list