Terminate EAP-PEAP client connection at FreeRadius Proxyandproxy(forward) request as PAP

Ivan Kalik tnt at kalik.net
Sat Feb 2 13:50:43 CET 2008


Eap-Type != peap. Local ones are using PEAP and remote EAP-TTLS/PAP,
right?

Ivan Kalik
Kalik Informatika ISP


Dana 2/2/2008, "Jayal1972" <joakim.lindgren at gmail.com> piše:

>
>Hi again,
>
>I mean: how to detect a special name in the request. And to NOT proxy local
>calls...
>Is my configuration OK?
>
>// J
>
>
>Jayal1972 wrote:
>> 
>> Hi Ivan, I can´t thank you enough for the help.
>> 
>>>Have different names for a server realm and user domain so you can choose
>>>when to proxy.
>> 
>> Could you please leave me a hont how to do that.
>> 
>> Why doesn´t it do PAP? When the connection reach the home server it´s
>> encrypted?
>> 
>> // J 
>> 
>> 
>> 
>> Ivan Kalik wrote:
>>> 
>>>>All users found with SECURACCESS domain in name i.e.
>"anyname at SECURACCESS".
>>>>Proxy them with PAP authentication to "SECURACCCESS" domain IP address
>>>>mentioned in proxy.conf. 
>>>>
>>>>>Fall-Through := No
>>>>
>>>>If SECURACCESS domain found in User-Name "anyname at SECURACCESS" stop after
>>>>proxying.
>>>>
>>>>So I want to END all EAP tunnels at proxy for ALL domains. Authenticate
>with
>>>>LDAP except for SECURACCESS domain. IF SECURACCESS domain found, proxy
>only
>>>>PAP further (to IP address mentioned in proxy.conf).
>>>>
>>>>>Fri Feb  1 18:49:26 2008 : Debug:   modsingle[authorize]: calling suffix
>>>>(rlm_realm) for request 0
>>>>>Fri Feb  1 18:49:26 2008 : Debug:     rlm_realm: Looking up realm
>>>>"SECURACCESS" for User-Name = >"joakimlindgren at SECURACCESS"
>>>>>Fri Feb  1 18:49:26 2008 : Debug:     rlm_realm: Found realm
>"SECURACCESS"
>>>>
>>>>So here we found SECURACCESS domain name in User-Name:
>>>>
>>>>>Fri Feb  1 18:49:26 2008 : Debug:     rlm_realm: Adding
>Stripped-User-Name
>>>>= "joakimlindgren"
>>>>>Fri Feb  1 18:49:26 2008 : Debug:     rlm_realm: Proxying request from
>user
>>>>joakimlindgren to realm >SECURACCESS
>>>>>Fri Feb  1 18:49:26 2008 : Debug:     rlm_realm: Adding Realm =
>>>>"SECURACCESS"
>>>>>Fri Feb  1 18:49:26 2008 : Debug:     rlm_realm: Preparing to proxy
>>>>authentication request to realm "SECURACCESS"
>>>>
>>>>Where proxying the request to ip address mentioned in proxy.conf (but
>here
>>>>we don�´t end the EAP?)
>>>>
>>> 
>>> Have different names for a server realm and user domain so you can choose
>>> when to proxy. Leave user as user at SECURACCESS; configure SECURACCESS to
>>> be a LOCAL realm; configure home server realm as SECURE and proxy to
>>> that one.
>>> 
>>> Again, you should think about 2.0.1 where you can define one virtual
>>> server to deal with @SECURACCESS requests and another for others.
>>> 
>>> Ivan Kalik
>>> Kalik Informatika ISP
>>> 
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>> 
>>> 
>> 
>> 
>
>-- 
>View this message in context: http://www.nabble.com/Terminate-EAP-PEAP-client-connection-at-FreeRadius-Proxy-and-proxy%28forward%29-request-as-PAP-tp15218593p15242083.html
>Sent from the FreeRadius - User mailing list archive at Nabble.com.
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list