freeradius 2.2 / radsecproxy integration
Alex Sharaz
alex.sharaz at york.ac.uk
Fri Jun 12 12:33:35 CEST 2015
On 12 Jun 2015, at 11:16, A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
>
>> Can anyone point me at a working config showing FR 2.2.x / radsecproxy integration.
>
> freeradius into radsec, radsec into freeradius or both?
>
>
Both, think I've worked it out ANYWAY but be good to check. Have got FR2.2.7/radsecproxy 1.6.6 at eduroam1.york.ac.uk end and FR 3.0.8 at radius.sharaz.info end.
Can run on FR2.2.7 end
radtest -t mschap -x alex at sharaz.info <something> localhost 1 testing123 0 localhost
and at the sharaz.info end I get.
........
LS Web Client Authentication'
(0) chain-depth=0,
(0) error=0
(0) --> BUF-Name = radsec.york.ac.uk
(0) --> subject = /OU=Domain Control Validated/CN=radsec.york.ac.uk
(0) --> issuer = /C=NL/O=TERENA/CN=TERENA SSL CA
(0) --> verify return:1
(0) TLS_accept: SSLv3 read client certificate A
(0) TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase
In SSL Accept mode
SSL Application Data
(0) TLS_accept: Need to read more data: SSLv3 read client key exchange A
(0) SSL_read Error
Error in fragmentation logic: SSL_WANT_READ
(0) Application data status 10
......
so connection getting there and validating certs o.k.
> for the first, have radsec listening locally od UDP on a different port and proxy
> requests from freeradius to it - add the FreeRADIUS server as a client of radsecproxy
>
> for the latter, have radsec listening on TCP 2083 to receive stuff and configure it
> to send packets UDP to freeradius - as a normal RADIUS client..add the radsecproxy
> server as a client
>
>
> I can email you offlist with some other bits if you want
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list