802.1x host/machine authentication
Phil Mayers
p.mayers at imperial.ac.uk
Thu Oct 21 10:22:59 CEST 2010
On 10/21/2010 08:55 AM, Chidanand Gangur wrote:
> I have collected logs for full session of host authentication, log is
> pasted below.
>
> As mentioned in my previous mail I just want to proxy the host
> authentication request to the home server, is it possible?
You didn't mention that in your original email.
As I've said - the "host/foo" syntax is NOT an IPASS username. It may
have the same format, but you do not want to process it using that realm.
If you want to proxy these requests, I would recommend doing the following:
1. Define the realm you are proxying to in "proxy.conf"
2. In "authorize", do the following:
authorize {
... # N.B do not have the "IPASS", "suffix" or "ntdomain"
... # modules before this point, they'll confuse things
if (User-Name =~ /^host\//) {
update control {
Proxy-To-Realm := THEREALM
}
}
...
}
...then FreeRadius will do the right thing.
Out of interest, why do you want to proxy them? You are presumably aware
that FreeRadius can, if correctly setup, perform the machine
authentication itself?
More information about the Freeradius-Users
mailing list