Questions about proxying to other servers over TLS
Alan DeKok
aland at deployingradius.com
Wed Mar 5 17:00:48 CET 2014
stefan.paetow at diamond.ac.uk wrote:
> I have a quick question... Am I correct in saying that if I want to do all my proxying over TLS to another server, I have to define the default realm in /etc/raddb/sites-enabled/tls and comment it out in proxy.conf?
No. The files don't matter. The configuration does.
You could just make the default home servers use tls. The realm will
automatically pick that up when you tell it to use the home servers.
But the realm can be defined anywhere.
> And additionally, I have to define the proxy server as a client in the "clients radsec" section and as a server further down in the file?
The configuration on the home server has to list the proxy as a client.
I'm not sure why you'd want to list the same machine as both a client
and a server. If you're proxying, you list the other machine as a home
server. If you're the home server, you list the proxy as a client.
Alan DeKok.
More information about the Freeradius-Users
mailing list