|
Hi, This is the complete guide for IPASS Netserver 1) Edit the realm section of your radius.conf file (/etc/raddb/radius.conf). Within the radius.conf file (/etc/raddb/radius.conf), there will be a section containing your realm list. This section lists all of the realms known to FreeRADIUS, and defines how they are handled. To enable FreeRADIUS to recognize the IPASS/ prefix, locate the following section, edit the entry and uncomment the section: realm slash { When you are complete, the section should look as follows: realm IPASS { 2) Edit the authorization section of your radius.conf file (/etc/raddb/radius.conf). Within the radius.conf file (/etc/raddb/radius.conf), there will also be an authorization section. This section defines how FreeRADIUS will authorize users. You will want to ensure that the listings in this section are in the order shown below to allow FreeRADIUS to perform authorization properly. The entry below allows FreeRADIUS to preprocess all users against the hints or huntgroups files, then to process all realms, and finally to look in the users file. The order of the realm modules will determine the order in which the FreeRADIUS will try to find a matching realm. You will need to add an entry for the IPASS prefix above the line for the suffix to allow these users to be processed first. When complete, this section should look similar to the example below: authorize { 3) Edit the pre-accounting section of your radius.conf file (/etc/raddb/radius.conf). Another section you will need to edit in the radius.conf file (/etc/raddb/radius.conf) is the pre-accounting section. The following entry allows FreeRADIUS to look for a proxy realm in the order that each realm is listed, then to look at the acct_users file, and finally to preprocess users using the hints file. You will need to add an entry for the IPASS prefix above the line for the suffix to allow these users to be processed first. When complete, this section should look similar to the example below: preacct { When you have finished editing radius.conf, save and exit the file. 4) Edit the users file (/etc/raddb/users). The users file (/etc/raddb/users) dictates how FreeRADIUS authenticates users. You will need to ensure that there is a Default entry in the users file similar to the one shown below. Please note that this is only an example of the type of entry needed. If you already have a default entry, please let your iPass technician know what it is before modification: **Please do not add this if you already have a DEFAULT configuration declared in your users file** DEFAULT Auth-Type =Local When you have finished editing the users file, save and exit the file. 5) Add the IPASS/ realm entry to your proxy.conf file (/etc/raddb/proxy.conf). To complete this configuration and allow FreeRADIUS to proxy iPass traffic to your NetServer, you must add an entry for the IPASS/ prefix realm to your proxy.conf file (/etc/raddb/proxy.conf). The following entry can be to this file anywhere within the list of realm entries, provided it is placed above the DEFAULT realm entry. realm IPASS { type = radius authhost = IP.Address.of.NetServer:11812 accthost = IP.Address.of.NetServer:11813 secret =mysecret NOTE: The shared secret listed in the entry above must be the same value as the secret of the NetServer found in the /usr/ipass/raddb/clients file of your NetServer software. When you have finished editing proxy.conf, save and exit the file. 6) When complete, restart your FreeRADIUS to allow these changes to take
effect. Regards, Senoir Network Enginner
Curanet N.V.
|
Outgoing mail is certified Virus Free. Checked by AVG Anti-Virus (http://www.grisoft.com). Version: 7.0.206 / Virus Database: 261.3.3 - Release Date: 12/2/2003
