freeradius 2.2 / radsecproxy integration

Alex Sharaz alex.sharaz at york.ac.uk
Fri Jun 12 12:33:35 CEST 2015


On 12 Jun 2015, at 11:16, A.L.M.Buxey at lboro.ac.uk wrote:

> Hi,
> 
>> Can anyone point me at a working config showing  FR 2.2.x / radsecproxy integration.
> 
> freeradius into radsec, radsec into freeradius or both?
> 
> 
Both,  think I've worked it out ANYWAY  but  be good to check.  Have got  FR2.2.7/radsecproxy 1.6.6 at eduroam1.york.ac.uk end and FR 3.0.8 at radius.sharaz.info end. 

Can run on FR2.2.7 end

radtest -t mschap -x alex at sharaz.info <something> localhost 1  testing123 0 localhost


and at the sharaz.info end I get.
........
LS Web Client Authentication'
(0) chain-depth=0,
(0) error=0
(0) --> BUF-Name = radsec.york.ac.uk
(0) --> subject = /OU=Domain Control Validated/CN=radsec.york.ac.uk
(0) --> issuer  = /C=NL/O=TERENA/CN=TERENA SSL CA
(0) --> verify return:1
(0) TLS_accept: SSLv3 read client certificate A
(0) TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase
In SSL Accept mode
SSL Application Data
(0) TLS_accept: Need to read more data: SSLv3 read client key exchange A
(0) SSL_read Error
Error in fragmentation logic: SSL_WANT_READ
(0) Application data status 10

......

so connection getting there and  validating certs o.k. 



> for the first, have radsec listening locally od UDP on a different port and proxy
> requests from freeradius to it - add the FreeRADIUS server as a client of radsecproxy
> 
> for the latter, have radsec listening on TCP 2083 to receive stuff and configure it
> to send packets UDP to freeradius - as a normal RADIUS client..add the radsecproxy
> server as a client
> 
> 
> I can email you offlist with some other bits if you want
> 
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list