proxied connection - please example
kupkar at rkcompdesign.info
kupkar at rkcompdesign.info
Mon Jan 7 14:48:46 CET 2008
Hi Alan,
thank you for your quick answer.
Please send me some example about this proxy configuration.
Rgdrs,
Radim
> Hi,
>
> > Everything work OK, Ovislink send request to FreeRadius
> > server, FreeRadius send Access-Request to IAS (mschapv2)
> > IAS send Access-Accept, but Ovislink received
> Access-Challenge from FreeRadius, one two, three ... and
> > on the end authetication failed.
>
> proxied connection - by default you will probably have the
> default proxy attributes set - which will filter out
> required attributes for successful replies to be returned.
> you will need to add a new entry to 'trust' the IAS return
> values - and have more attributes allowed through.
>
> alan
> Hi all,
>
> I found very much usefull information about this
> configuration on the internet. But I have still problem
> with this configuration. I need terminated PEAP locally on
> the Freeradius and redirect only mschapv2 to IAS server
> for authentication.
>
> Authentication server: FreeRadius.net version: 1.1.7
> Supplicant: Win XP SP2 (with PEAP)
> Authenticator: Ovislink WL-5460AP v2
>
> - users.conf
> DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-Realm
> := Safeword
>
> - proxy.conf
> realm Safeword {
> ??????? type = radius
> ??????? authhost??????? = <ip>:1645
> ??????? accthost??????? = <ip>:1646
> ??????? secret????????? = <secret>
> ??????? }
>
> - eap.conf
> peap {
> ? ???????????? default_eap_type = mschapv2
> ?????????????? proxy_tunneled_request_as_eap = no
> }
>
> Everything work OK, Ovislink send request to FreeRadius
> server, FreeRadius send Access-Request to IAS (mschapv2)
> IAS send Access-Accept, but Ovislink received
> Access-Challenge from FreeRadius, one two, three ... and
> on the end authetication failed.
>
> If I use user database on FreeRadius everything work OK.
> (Access-Request, Access-Accept) no problem.
>
> Is it possible configure FreeRadius as only resend reply
> from IAS to Ovislink? Or I have problem with
> configuration.
>
> If you want I send you configuration files and log from
> debug mode.
>
> I want this configuration because I want use one time
> password authetication, but Safeword plugin on Active
> Directory doesn't understand PEAP protocol.
> Only one way is use FreeRadius as proxy.
>
> Thank you for your help.
>
> Rgdrs,
> Radim
More information about the Freeradius-Users
mailing list