FreeRadius going through ISA to reach federation

Rui Ribeiro ruyrybeyro at gmail.com
Fri Dec 16 22:20:07 CET 2011


> 
> Date: Fri, 16 Dec 2011 16:39:07 +0000
> From: Phil Mayers <p.mayers at imperial.ac.uk>
> Subject: Re: FreeRadius going through ISA to reach federation
> To: freeradius-users at lists.freeradius.org
> Message-ID: <4EEB742B.50302 at imperial.ac.uk>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> 
> On 16/12/11 14:29, Rui Ribeiro wrote:
>> Hi all,
>> 
>> I have configuring a FreeRadius, and I need to go through a IAS to reach the
> 
> Ugh. Nasty. IAS as an eduroam proxy!

Actually is just for testing, will talk with the responsible entity next week, but with the festivities at the door, roaming through IAS would probably allow me to switch to freeradius sooner.

> 
>> eduroam federation. I created a realm for our local domain, created a
>> DEFAULT proxy for users with other domains pointing to the IAS server, both
>> are as clients of each other, share the same secret, and also defined a
>> Remote access policy in IAS.
>> 
>> Tried already some alternatives, and inserted Reply-Message = "Yes", as
>> suggested on another post in the list.
> 
> Eh? Who suggested that?
Another freeradius<->IAS thread in this list.

> 
>> 
>> Despite all the efforts, when talking with the IAS, I receive back the error
>> Proxy-State = 0x3137.
> 
> That's not an error; it's just a radius attribute.
> 
In the debug logs, I have: 
ad_recv: Access-Reject packet from host 10.10.66.18 port 1812, id=251,
length=24
       Proxy-State = 0x3137


>> 
>> Any advice?
> 
> You will need to debug this on the IAS server, since it is sending (or 
> proxying) the reject. My guess is the policies in IAS are wrong.
> 
> 
Tried to see the IAS logs, they didn't much sense. Will have a look at system events.

> ------------------------------
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111216/fe53d4b4/attachment.html>


More information about the Freeradius-Users mailing list