Freeradius as a proxy converting EAP to non EAP radius Request
Jacques FOUCHER
jacques.foucher at gmail.com
Sat Oct 3 21:37:19 CEST 2009
Alan, Ivan, and others could help me
I reinstalled Debian system and installed new version 2.1.7. Allway the same
problem.
I think i miss something very basic for you but not for the freeradius
beginner I am.
That is all what I did :
* install last stable debapt-get update
apt-get upgrade
apt-get install openssh-server
apt-get install libcurl4-openssl-dev
apt-get install tcpdump
apt-get gcc
apt-get make*
*wget -c
ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.1.7.tar.gz
tar xvzf freeradius-server-2.1.7.tar.gz
cd freeradius-server-2.1.7
./configure;make;make install*
add AP1 in clients.conf :
*client 192.168.0.250 {
secret = lrnp2tlm
shortname = AP1
}*
add home_server in proxy.conf :
*home_server IAS {
ipaddr = 192.168.0.252
port = 1812
type = "auth"
secret = "lrnp2tlm"
response_window = 20
max_outstanding = 65536
require_message_authenticator = no
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
home_server_pool jack_pool {
type = fail-over
home_server = IAS
}
realm jack {
auth_pool = jack_pool
}
*
modify eap.conf :
*default_eap_type = mschapv2*
and in peap function :
*peap {
default_eap_type = mschapv2
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = no
virtual_server = "proxy-inner-tunnel"
}
mschapv2 {
}*
I remove inner-tunnel link in raddb/sites-enabled
Create one for proxy-sites-enabled
*debian:/usr/local/etc/raddb/sites-enabled# ls -l
total 0
lrwxrwxrwx 1 root staff 33 oct 3 20:51 control-socket ->
../sites-available/control-socket
lrwxrwxrwx 1 root staff 26 oct 3 20:51 default ->
../sites-available/default
lrwxrwxrwx 1 root staff 37 oct 3 21:00 proxy-inner-tunnel ->
../sites-available/proxy-inner-tunnel*
comment suffix twice in default file
add jack in proxy-inner-tunnel:
*server proxy-inner-tunnel {
authorize {
update control {
Proxy-To-Realm := "jack"
}
}
authenticate {
eap
}
post-proxy {
eap
}
}
*
That's all. Is something wrong or missing ?
Thanks
2009/10/3 Ivan Kalik <tnt at kalik.net>
> > Alan,
> >
> > I installed first with apt-get an older version, then remove
> > /etc/freeradius
> > and /etc/raddb and then install the new version 2.1.7 from
> freeradius.org.
> >
> > Jacques
> >
> > 2009/10/3 Alan DeKok <aland at deployingradius.com>
> >
> >> Jacques FOUCHER wrote:
> >> > but Alan told me too proxying is not made
> >> > PEAP: Remembering to do EAP-MS-CHAP-V2 post-proxy.
> >> > [eap] Tunneled session will be proxied. Not doing EAP.
> >> > ++[eap] returns handled
> >> > WARNING: Empty section. Using default return values.
> >> > ERROR: Failed to create a new socket for proxying requests.
> >> > ERROR: Failed inserting request into proxy hash.
> >> > ERROR: Failed to proxy request 8
> >> >
> >> > Sorry Alan , i don't have any idea.
> >>
> >> Are you sure you're using 2.1.7, and not some other version?
> >>
> >> It's a little hard to believe that proxying doesn't work in 2.1.7. It
> >> seems to be fine for everyone else...
>
> Something is badly broken in your installation. You should remove both
> versions completely and then do fresh 2.1.7 install.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
Jacques FOUCHER
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091003/854bd027/attachment.html>
More information about the Freeradius-Users
mailing list