proxied connection - please example

kupkar at rkcompdesign.info kupkar at rkcompdesign.info
Mon Jan 7 14:48:46 CET 2008 

Hi Alan,

thank you for your quick answer.
Please send me some example about this proxy configuration.

Rgdrs,
Radim

> Hi,
> 
> > Everything work OK, Ovislink send request to FreeRadius
> > server, FreeRadius send Access-Request to IAS (mschapv2)
> > IAS send Access-Accept, but Ovislink received
> Access-Challenge from FreeRadius, one two, three ... and
> > on the end authetication failed.
> 
> proxied connection - by default you will probably have the
> default proxy attributes set - which will filter out
> required attributes for successful replies to be returned.
> you will need to add a new entry to 'trust' the IAS return
> values - and have more attributes allowed through. 
> 
> alan


> Hi all,
> 
> I found very much usefull information about this
> configuration on the internet. But I have still problem
> with this configuration. I need terminated PEAP locally on
> the Freeradius and redirect only mschapv2 to IAS server
> for authentication.
> 
> Authentication server: FreeRadius.net version: 1.1.7
> Supplicant: Win XP SP2 (with PEAP)
> Authenticator: Ovislink WL-5460AP v2
> 
> - users.conf
> DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-Realm
> := Safeword
> 
> - proxy.conf
> realm Safeword {
> ??????? type = radius
> ??????? authhost??????? = <ip>:1645
> ??????? accthost??????? = <ip>:1646
> ??????? secret????????? = <secret>
> ??????? }
> 
> - eap.conf
> peap {
> ? ???????????? default_eap_type = mschapv2
> ?????????????? proxy_tunneled_request_as_eap = no
>  }
> 
> Everything work OK, Ovislink send request to FreeRadius
> server, FreeRadius send Access-Request to IAS (mschapv2)
> IAS send Access-Accept, but Ovislink received
> Access-Challenge from FreeRadius, one two, three ... and
> on the end authetication failed.
> 
> If I use user database on FreeRadius everything work OK.
> (Access-Request, Access-Accept) no problem.
> 
> Is it possible configure FreeRadius as only resend reply
> from IAS to Ovislink? Or I have problem with
> configuration.
> 
> If you want I send you configuration files and log from
> debug mode.
> 
> I want this configuration because I want use one time
> password authetication, but Safeword plugin on Active
> Directory doesn't understand PEAP protocol.
> Only one way is use FreeRadius as proxy.
> 
> Thank you for your help.
> 
> Rgdrs,
> Radim

More information about the Freeradius-Users mailing list