Firs of all thanks for your reply. I'll try to be more specific. On Feb 5, 2008 2:58 PM, Alan DeKok <[EMAIL PROTECTED]> wrote:
> Jakub Morávek wrote: > > I have not many experiences with radius, so my question may be > > stupid. Has anybody experience with using freeradius (Version 1.1.3 in > > Debian Sarge) as proxy for RSA RADIUS Server included in RSA > > Authentication Manager 6.1? > > Many people have tried this. It works. I know, but I did not find anyone who discussed this problem. > > > > When authentication request goest through freeradius proxy, RSA Manager > > thinks that Agent host is my freeradius proxy instead of original host > > which sent authenticate request. > > I don't know what an "Agent host" is. FreeRADIUS *is* a RADIUS client > to the RSA manager. In RSA terminology "Agent hosts" is host which sends authetication request. For example, if you want to setup "ssh-server" to authenticate ssh login against RSA, you have to add "ssh-server" (name and it's ip address) into RSA database and setup list of users, which are allowed to log into "ssh-server". If "user1" tries to access "ssh-server", "ssh-server" sends authentication request to RSA. RSA looks into database if "user1" is allowed to log into "ssh-server" host. In my case RSA rejects "user1" access, because RSA thikns, that "user1" wants to log into "freeradius" and there is no "freeradius" Agent host defined in RSA database. > > > Does this mean, that freeradius process all attributes from > > pre-proxy-detail-20080204 log, but sends only attributes, which are > > shown in extended debug mode? If so, can anybody give me any advice how > > can I configure freeradius to send more attributes? > > To do... what? My idea is that freeradius does not send Client-IP-Address attribute and therefore RSA RADIUS determines that original host is freeradius proxy server. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html Jakub
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html